Illumio recently achieved a designation for Common Criteria, paving the way for a host of opportunities with global public sector customers.
To learn more about the key designation and the nuances behind the process of achieving Common Criteria, we sat down with Natalio Pincever, Senior Director of Product Management at Illumio.
What is Common Criteria in a nutshell?
Common Criteria is a certification for on-premises products that governments require of software and hardware vendors. The word “common” refers to the fact that it’s recognized by Common Criteria signatories which includes 32 countries.
These 32 countries came together and decided on a minimum acceptable standard for security that they’re willing to recognize. You can complete the certification in one of the 18 Authorizing member countries, and the other 31 will recognize it.
What does the process actually look like?
Common Criteria specifies a set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation.
To kickstart the process, you hire a Common-Criteria-licensed laboratory to run tests to ensure that security functionality is being implemented correctly. Once you have results, those are presented to the National Information Assurance Partnership (NIAP) who is responsible for U.S. implementation of the Common Criteria.
They review the package you present, which includes test results and documentation of the product, and they see if it actually meets the requirements for Common Criteria. They can either grant you the certification or come back with questions. It’s an iterative process of going back and forth until they are happy with the results, at which point they grant a certificate that applies for that product and that version.
What was your role in this process?
This was a team effort. There have been people involved from all across the Illumio organization. Product management, engineering, and the security team have all had a hand in making this happen.
My job as Senior Director of Product Management for Global Public Sector helps ensure that Illumio’s products are consumable by government customers. Having the right certifications is key for this. This process was already well underway when I got here, and I’m happy to have come in and helped get this over the finish line.
What does this mean for the future of Illumio?
Illumio is now able to support new global public sector markets. Moving forward, we intend to do more Common Criteria reviews. The certification does not carry over for the next version of the product – should we want the next version of the product to be certified, we have to go through the whole process all over again. In the future, we intend to create a regular cadence of going through Common Criteria for our on-premises products.
Only a few laboratories are licensed to run the tests necessary for Common Criteria which makes the designation especially exciting for Illumio because it’s validation from a government-certified third party. It also represents our ongoing commitment and further investment in the global public sector market, just like our work to achieve FedRAMP in-process status earlier this year.
Learn more about how Illumio supports global public sector organizations at illumio.com/solutions/government.