/
Zero Trust Segmentation

Illumio Achieves Common Criteria Designation

Illumio recently achieved a designation for Common Criteria, paving the way for a host of opportunities with global public sector customers.

To learn more about the key designation and the nuances behind the process of achieving Common Criteria, we sat down with Natalio Pincever, Senior Director of Product Management at Illumio.

What is Common Criteria in a nutshell?

Common Criteria is a certification for on-premises products that governments require of software and hardware vendors. The word “common” refers to the fact that it’s recognized by Common Criteria signatories which includes 32 countries.

These 32 countries came together and decided on a minimum acceptable standard for security that they’re willing to recognize. You can complete the certification in one of the 18 Authorizing member countries, and the other 31 will recognize it.

What does the process actually look like?

Common Criteria specifies a set of requirements for the security functionality of IT products and for assurance measures applied to these IT products during a security evaluation.

To kickstart the process, you hire a Common-Criteria-licensed laboratory to run tests to ensure that security functionality is being implemented correctly. Once you have results, those are presented to the National Information Assurance Partnership (NIAP) who is responsible for U.S. implementation of the Common Criteria.

They review the package you present, which includes test results and documentation of the product, and they see if it actually meets the requirements for Common Criteria. They can either grant you the certification or come back with questions. It’s an iterative process of going back and forth until they are happy with the results, at which point they grant a certificate that applies for that product and that version.

What was your role in this process?

This was a team effort. There have been people involved from all across the Illumio organization. Product management, engineering, and the security team have all had a hand in making this happen.

My job as Senior Director of Product Management for Global Public Sector helps ensure that Illumio’s products are consumable by government customers. Having the right certifications is key for this. This process was already well underway when I got here, and I’m happy to have come in and helped get this over the finish line.

What does this mean for the future of Illumio?

Illumio is now able to support new global public sector markets. Moving forward, we intend to do more Common Criteria reviews. The certification does not carry over for the next version of the product – should we want the next version of the product to be certified, we have to go through the whole process all over again. In the future, we intend to create a regular cadence of going through Common Criteria for our on-premises products.

Only a few laboratories are licensed to run the tests necessary for Common Criteria which makes the designation especially exciting for Illumio because it’s validation from a government-certified third party. It also represents our ongoing commitment and further investment in the global public sector market, just like our work to achieve FedRAMP in-process status earlier this year.

Learn more about how Illumio supports global public sector organizations at illumio.com/solutions/government.

Related topics

Related articles

Meet Illumio at Black Hat USA 2023
Zero Trust Segmentation

Meet Illumio at Black Hat USA 2023

Join Illumio Zero Trust Segmentation experts at this year’s Black Hat USA in Last Vegas on August 9-10.

Is Your School Prepared For Ransomware? Why You Need Microsegmentation
Zero Trust Segmentation

Is Your School Prepared For Ransomware? Why You Need Microsegmentation

Get insight into the magnitude of cybersecurity threats against schools and learn how Zero Trust Segmentation can help.

10 Biggest Moments From Illumio’s Biggest Year
Zero Trust Segmentation

10 Biggest Moments From Illumio’s Biggest Year

Read the highlights from Illumio's most successful year as the 10th year in the company's history begins.

Illumio is "In Process" on the FedRAMP Marketplace
Zero Trust Segmentation

Illumio is "In Process" on the FedRAMP Marketplace

What Illumio's new FedRAMP in-process designation means for the FedRAMP marketplace.

3 Challenges Federal Agencies Face When Implementing Modern Cybersecurity
Cyber Resilience

3 Challenges Federal Agencies Face When Implementing Modern Cybersecurity

The U.S. federal government collects the personal information of almost every citizen. And federal agencies hold valuable data, some of which could put the country in danger if it was released.

Why Cyber Disasters Are Still Happening — And How to Fix It
Cyber Resilience

Why Cyber Disasters Are Still Happening — And How to Fix It

Get insight from Gary Barlet, Illumio Federal CTO, on why decades of trying to prevent and detect direct attacks by adversaries – and failing – means it's time to shift the focus to containment.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?