Illumio certifications demonstrate our commitment to meeting stringent product security requirements and to supporting regulatory compliance, risk management, and accessibility standards.
Common Criteria is an internationally recognized set of security standards used to evaluate the Information Assurance (IA) of IT products offered to the government by commercial vendors. For Illumio ASP, the Target of Evaluation, which was evaluated and certified by authorized third party labs included the Policy Compute Engine (PCE) and the Virtual Enforcement Node (VEN).
SOC2 is an attestation standard developed by the AICPA and is specifically designed for service providers storing customer data in the cloud. The Illumio ASP Platform was tested by an authorized independent third-party auditor to provide assurance on the controls in-place to meet the trust services principles (TSP) criteria (SOC2). SOC 2 Type 2 Report is available to customers under NDA.
The Federal Information Processing Standard Publication (FIPS PUB) 140-2 is a U.S. government computer security standard used to approve cryptographic modules. An authorized cryptographic equipment assessment laboratory has tested and verified that the Policy Compute Engine (PCE) and Virtual Enforcement Node (VEN) faithfully incorporate the use of cryptographic functions provided by the FIPS 140-2 validated modules as it applies to data in transit.
The Department of Homeland Security Continuous Diagnostics and Mitigation (CDM) program includes cybersecurity tools and sensors that are reviewed by the program for conformance with Section 508, federal license users, and CDM technical requirements. Illumio ASP is on the Approved List and conforms with the Phase 3 BOUND technical requirements addressing “How is the network protected?
Section 508 of the Rehabilitation Act (29 U.S.C. § 794d) requires federal agencies to develop, procure, maintain, and use information and communications technology (ICT) that is accessible to people with disabilities. An authorized third party has validated Illumio ASP’s conformance with Section 508 accessibility.