iIllumio announced its Adaptive Security Platform® (ASP) is now compliant with the Federal Information Processing Standard (FIPS) 140-2 Level 1 security certification and is in the evaluation stage for Common Criteria certification. The new certifications validate Illumio's ability to secure public sector agencies and support federal organizations as they undergo a digital transformation, combat sophisticated cyberattacks, and address the vulnerability of high value assets in their data centers and cloud environments.
The recent IT Modernization Report identified lateral movement and a lack of understanding and control of unauthorized connections between systems as an immediate priority for federal agencies. With Illumio ASP, organizations can gain visibility into their data centers and cloud environments to understand what should and should not be communicating, allowing them to eliminate the attack vector and limit an intruder's lateral movement.
"Advanced adversaries like Russia have the time, personnel, and cyberattack capabilities to break past perimeter defenses and into federal networks," said Jonathan Reiber, Head of Cybersecurity Strategy and former Chief Strategy Officer for Cyber Policy in the Office of the Secretary of Defense. "The IT Modernization Act will overhaul aging government digital infrastructures and, as the recent report indicates, bring the federal government up-to-date with cybersecurity best practices. Now federal agencies need to invest in new security tools such as micro-segmentation to prevent breaches from spreading. That means focusing on securing cloud environments and data centers from the inside."
Illumio already enables organizations in highly-regulated industries to comply with standards such as SWIFT, PCI, GDPR, and HITRUST. By achieving FIPS 140-2 compliance and the Common Criteria "in evaluation" milestone, Illumio is now positioned to enable federal agencies to create 'watertight' compartments that prevent intruders from accessing sensitive data in data center and cloud environments.
Created by the National Institute of Standards and Technology (NIST), FIPS 140-2 dictates requirements and standards for both hardware and software-based cryptography modules used in U.S. government agency networks. Illumio's FIPS 140-2 compliance was reviewed by a third-party lab accredited by the NIST National Voluntary Laboratory Accreditation Program (NVLAP) and states that Illumio's Policy Compute Engine and Virtual Enforcement Nodes for Linux and Windows faithfully incorporate the use of the cryptographic functions provided by FIPS 140-2.
The Common Criteria standard, developed by the United States, Canada, France, Germany, the Netherlands, and the United Kingdom, is a set of 60 security functional requirements for computer security certification. The international standard ensures that a security solution's capabilities have been independently verified according to a rigorous and repeatable set of criteria and is followed by governments worldwide, including the U.S. Department of Defense. Illumio's Policy Compute Engine is currently undergoing Common Criteria evaluation to conform to the National Information Assurance Partnership (NIAP) Protection Profile for Enterprise Security Management, Policy Management version 2.1.