Important Information – Please Read THE DIRECTORY OF INFOSEC ASSURED PRODUCTS Users of this Directory must be aware that the most up-to-date version of Infosec Assured Products are available at www.cesg.gov.uk For current information on IA products and their usage please see the individual product entries using the product search facilities at www.cesg.gov.uk THIS DOCUMENT WAS CORRECT AT TIME OF PRODUCTION OCTOBER 2010 SECTION 1 SECTION 10 Introduction Operating Systems SECTION 2 SECTION 11 Access Control Protection Profiles SECTION 3 SECTION 12 Airwave Miscellaneous SECTION 4 SECTION 13 Communications TEMPEST SECTION 5 SECTION 14 Database Mobile Solutions SECTION 6 SECTION 15 Data Encryption IACS Scheme SECTION 16 SECTION 7 External Common Data-Erasure Criteria Scheme SECTION 17 SECTION 8 Index Firewalls Related Abbreviations SECTION 9 Networking Directory of Infosec Assured Products 2010 Page 1.2 For End Users… Products which have been certified by us, or by our partners This ‘Directory of Infosec Assured Products’ is a top-level around the world, offer end users ready-made assurance. guide listing all IT security products approved by CESG. The This allows the customer to determine whether the product Directory lists products by type, and in addition gives brief is appropriate for his needs. If assurance is required in a details of the means by which products are approved or system, then a range of packages, including IT Security certified, an overview of the products’ features, and the Health Check, is available. context in which they should be used. There is also a contact list of product vendors. A brief description of these schemes can be found in the Schemes Annex from page 14.2 more comprehensive details A downloadable version of the current Directory is available on each scheme are available on the CESG website, from the CESG website – www.cesg.gov.uk. www.cesg.gov.uk. As information on assured products is available via the product search facilities at www.cesg.gov.uk, which includes both the Certified Product Search and CESG Assisted Products Formal Evaluation and Certification Service (CAPS) Product Search. In the Directory, products will be identified as certified against either CC or ITSEC or in accordance with UK IT products and systems evolve rapidly and are increasingly Cryptographic Standards. Certificates are award following diverse and complicated. Similarly, customer requirements extensive testing of the product’s IT security features to change and expand to counter new threats and to adapt to ensure that those features meet an agreed Security Target. new ways of working. CESG has brought together its Results of a successful evaluation are published in a assurance services under Information Assurance and Certification Report. This contains additional information and Consultancy Service (IACS) to offer bespoke solutions to advice on how the certified product should be used and any these new security challenges. restrictions that may apply in its configuration or use on specific platforms. In order to be listed in the Directory, a product must have undergone one of the various methods of evaluation and/or Prospective purchase’s of approved products are reminded certification offered by IACS. IACS provides a seamless that the product descriptions in this Directory are only a service for customers and the IACS management office can guide, and that they should consult the supplementary provide more in-depth advice and guidance to developers, documentation before purchasing, to check the product’s vendors and end users on the most appropriate solution to suitability. Prospective purchasers of ITSEC/CC products meet their assurance requirements. should read both the Security Target and Certification Report of the product. These are available from the vender and can THE IACS approach also be downloaded from the CESG website, www.cesg.gov.uk. Prospective purchasers of CAPS products For Developers… should read both the Security Target and Handling Technical assessors from IACS will work with developers Instructions and are also advised to ensure that the intended or end users to define the best solution to their assurance usage, implementation and deployment of a cryptographic requirements. By understanding the developer’s goals, IACS product is in compliance with National Baseline Policy can define the most effective assessment package to detailed in HMG Infosec Standard 4. achieve them. An assessment package could include: • Internationally recognised Common Criteria (CC) or Security Targets for CAPS products are available from the IT Security Evaluation Criteria (ITSEC) Certification vendor and the Handling Instructions are available from • Cryptographic approval for HMG either the vendor or CESG www.cesg.gov.uk. Please note • Tailored Assurance-a toolbox approach to that these documents are often Protectively Marked and systems assurance therefore, available only to recipients with a valid need to know and appropriate storage and handling facilities. © Crown Copyright 2010. This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information Legislation. Introduction Page 1.3 What is a Security Target? CONTACT DETAILS This is a document specifying the security functionality of a product and the assurance level against which it is evaluated Customer Support Office as well as a description relating the product to the A2j environment in which it will operate. CESG Hubble Road Vulnerabilities Cheltenham Certification is not a guarantee of freedom from security Gloucestershire vulnerabilities; there remains a possibility that exploitable GL51 0EX vulnerabilities may be discovered after a Certificate has been awarded. Users and prospective purchasers should check Telephone: +44 (0)1242 709 141 regularly whether any security vulnerabilities have been Fax: +44 (0)1242 709 193 discovered since certification and, if appropriate, should check with the vendor to see if any patches exist for the Email: [email protected] product. If so they should test and install the Patch. URL: www.cesg.gov.uK CESG Sales Approvals The sale of any CESG-approved cryptographic product is subject to approval by CESG. This is an important process to ensure that cryptographic products are going to appropriate recipients and to ensure that the implementation of cryptography requested is appropriate to the requirement. It is also an important element of the Key production process, ensuring that users receive appropriate Key material for their requirements. Obtaining Approved Cryptographic Products Contact details for advice on products and for sales enquires are given in the product listing. Communication on CESG telecommunications systems may be monitored or record to secure the effective operation of the system and for other lawful purpose. © Crown Copyright 2010. This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information Legislation. Introduction Page 1.4 END USERS ARE STRONGLY URGED TO CHECK WITH CESG THAT BOTH THE PRODUCT AND ITS CRYPTOGRAPHY ARE SUITABLE FOR HMG USE PRIOR TO PURCHASING. ITSEC/CC Prospective purchasers of ITSEC/CC certified products should read both the Security Target and the Certification Report to ensure the product is suitable. These are available from the vendor and in addition can usually be downloaded from CESG website. Prospective purchasers of CAPS approved products are reminded that the product descriptions in the Directory are a guide only, and that they should consult the product’s Security Target and Handling Instructions before purchasing to check the product’s suitability. Security Targets for CAPS products are available from the vendor Prospective purchasers of CCT Mark approved products and the Handling Instructions are available from either or services should read both the ICD and Test Report the vendor or CESG. Please note that these documents documents available from the CCT Mark website, to are often Protectively Marked and therefore available ensure the product or service is appropriate for their only to recipients with a valid need to know and needs. appropriate storage and handling facilities. For further information about other aspects of CESG’s work, please contact: Customer Support Office, CESG, A2j, Hubble Road, Cheltenham, Gloucestershire, GL510EX. Telephone: +44 (0)1242 709141 Fax: +44 (0)1242 709193 .Email: [email protected] © Crown Copyright 2010. Communication on CESG telecommunications systems may be monitored or record to secure the effective operation of the system and for other lawful purpose. This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information Legislation. Refer disclosure requests to originating Agency Access Control Page 2.1 BeCrypt™ Advanced Port BeCrypt™ Connect Protection Control (APC) Version 3.0 Cryptographic Grade: See Notes CCTM Certificate: 2009/08/0049 Awarded: 4th August 2009 Valid until: 3rd August 2011 BeCrypt™ Advanced Port Control (APC) is a port control solution BeCrypt™ Connect Protect is an access control solution for designed to prevent the connection and use of unauthorised Plug and Play devices designed to protect an enterprise from devices for IBM compatible personal computers running accidental or malicious leakage of private or classified data at Microsoft Windows XP, Windows 2000 Server and Windows
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages231 Page
-
File Size-