/
Zero Trust Segmentation

Illumio Achieves Common Criteria Designation

Illumio recently achieved a designation for Common Criteria, paving the way for a host of opportunities with global public sector customers.

To learn more about the key designation and the nuances behind the process of achieving Common Criteria, we sat down with Natalio Pincever, Senior Director of Product Management at Illumio.

What is Common Criteria in a nutshell?

Common Criteria is a certification for on-premises products that governments require of software and hardware vendors. The word “common” refers to the fact that it’s recognized by Common Criteria signatories which includes 32 countries.

These 32 countries came together and decided on a minimum acceptable standard for security that they’re willing to recognize. You can complete the certification in one of the 18 Authorizing member countries, and the other 31 will recognize it.

What does the process actually look like?

Common Criteria specifies a set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation.

To kickstart the process, you hire a Common-Criteria-licensed laboratory to run tests to ensure that security functionality is being implemented correctly. Once you have results, those are presented to the National Information Assurance Partnership (NIAP) who is responsible for U.S. implementation of the Common Criteria.

They review the package you present, which includes test results and documentation of the product, and they see if it actually meets the requirements for Common Criteria. They can either grant you the certification or come back with questions. It’s an iterative process of going back and forth until they are happy with the results, at which point they grant a certificate that applies for that product and that version.

What was your role in this process?

This was a team effort. There have been people involved from all across the Illumio organization. Product management, engineering, and the security team have all had a hand in making this happen.

My job as Senior Director of Product Management for Global Public Sector helps ensure that Illumio’s products are consumable by government customers. Having the right certifications is key for this. This process was already well underway when I got here, and I’m happy to have come in and helped get this over the finish line.

What does this mean for the future of Illumio?

Illumio is now able to support new global public sector markets. Moving forward, we intend to do more Common Criteria reviews. The certification does not carry over for the next version of the product – should we want the next version of the product to be certified, we have to go through the whole process all over again. In the future, we intend to create a regular cadence of going through Common Criteria for our on-premises products.

Only a few laboratories are licensed to run the tests necessary for Common Criteria which makes the designation especially exciting for Illumio because it’s validation from a government-certified third party. It also represents our ongoing commitment and further investment in the global public sector market, just like our work to achieve FedRAMP in-process status earlier this year.

Learn more about how Illumio supports global public sector organizations at illumio.com/solutions/government.

Related topics

Related articles

How Federal Agencies Can Create a Zero Trust Pilot Project
Zero Trust Segmentation

How Federal Agencies Can Create a Zero Trust Pilot Project

If you want to implement Zero Trust in your organization, start by figuring out the critical security priorities and current Zero Trust capabilities.

How a Four-Person IT Team Enforced Zero Trust Segmentation In 3 Weeks
Zero Trust Segmentation

How a Four-Person IT Team Enforced Zero Trust Segmentation In 3 Weeks

How Illumio’s Virtual Enforcement Node (VEN) agent and Enforced Zero Trust Segmentation provides full enforcement across an entire server infrastructure.

Illumio Recognized in Two Gartner® Hype Cycle™ Reports
Zero Trust Segmentation

Illumio Recognized in Two Gartner® Hype Cycle™ Reports

Get insight into Gartner's research on why microsegmentation is a high-benefit technology.

Illumio is "In Process" on the FedRAMP Marketplace
Zero Trust Segmentation

Illumio is "In Process" on the FedRAMP Marketplace

What Illumio's new FedRAMP in-process designation means for the FedRAMP marketplace.

3 Challenges Federal Agencies Face When Implementing Modern Cybersecurity
Cyber Resilience

3 Challenges Federal Agencies Face When Implementing Modern Cybersecurity

The U.S. federal government collects the personal information of almost every citizen. And federal agencies hold valuable data, some of which could put the country in danger if it was released.

Why Cyber Disasters Are Still Happening — And How to Fix It
Cyber Resilience

Why Cyber Disasters Are Still Happening — And How to Fix It

Get insight from Gary Barlet, Illumio Federal CTO, on why decades of trying to prevent and detect direct attacks by adversaries – and failing – means it's time to shift the focus to containment.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?