TRIAL TODAY GET IN TOUCH
close

Certifications

ISO/IEC 27001:2013 | Common Criteria | FIPS 140-2 | Trustwave PCI DSS Certification
NATO IACD | EU | Cyber Security Supplier to Government Scheme

ISO/IEC 27001:2013

ISO IEC logo

Certification number: IS 611606

Issue date: July 14, 2014 through July 13, 2020

Details: ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

References: Egress' International BSI Listing


Common Criteria

Common Criteria logo

Certification number: CRP302

Issue date: August 8, 2017

Details: The Common Criteria for Information Technology Security Evaluation (CC) and the companion Common Methodology for Information Technology Security Evaluation (CEM) are the technical basis for an international agreement, the Common Criteria Recognition Arrangement (CCRA), backing an international driving force for the widest available mutual recognition of secure IT products.

References: Certificate and Security Target (see under Network and Network-Related Devices and Systems); Scheme details


FIPS 140-2

FIPS logo

Certification numbers:

Additional certificates are listed on the FIPS 140 Validation page

Details: Egress Secure Email and File Protection client and server software utilizes FIPS validated libraries, permitting FIPS mode operation. The product utilizes FIPS standard AES-256 (FIPS 197) for message encryption and attachment encryption.

Specifically, the current shipping product only utilizes validated cryptography for message and attachment encryption via Microsoft software libraries which have approved FIPS validations. These are Microsoft Cryptographic Modules with FIPS Certificates1 #2937, #2936, #2606, #2605, and #1894 for libraries bcryptprimitives.dll, ncryptsslp.dll, cng.sys and RSAENH.dll on supported windows platforms. These libraries provide AES-256 in software, and per Microsoft and Intel, on supported Intel cpu’s with AES-NI hardware instructions2, AES acceleration and execution in on-chip hardware.

References: Egress Switch use the following cryptographic libraries:

  1. Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
  2. Kernel Mode Cryptographic Primitives Library (cng.sys)
  3. Enhanced Cryptographic Provider (RSAENH.DLL)

Links to additional security policies are available on the FIPS 140 Validation page.

OpenSSL FIPS Runtime Module for use with the high-level API of the OpenSSL v0.9.8 product.


Trustwave PCI DSS Certification

Trustwave PCI DSS logo

Certification number: F14D-E51E-344E-2CA6

Issue date: October 17, 2018

Details: Egress does not directly handle any customer credit cards (all online sales are managed by Paypal). Trustwave partners Paypal to assure that Egress’s payment portal is always secure using their PCI Manager, with monthly security scans (together with their SMB Security Toolkit).

References: Scheme details


NATO IACD

Nato logo

NATO Classification: NATO Restricted

Issue date: 16 July, 2014

Details: The NATO Information Assurance Product Catalogue (NIAPC) provides NATO nations, and NATO civil and military bodies with a catalogue of Information Assurance (IA) products, Protection Profiles and Packages that are in use or available for procurement to meet operational requirements.

References: NIAPC Listing, NIAPC Scheme


EU

EU logo

EU Classification: EU-approved cryptographic product to EU RESTRICTED classification

Issue date: 13 November. 2015

Details: Underpinned by Egress’ CPA certification, where the national evaluator was NCSC, a second party EU evaluator (Germany’s Bundesamt für Sicherheit in der Informationstechnik) rigorously tested our Egress Switch Secure Email product to validate its security for the EU Market.

References: EU RESTRICTED Listing, EUCI Scheme


Cyber Security Supplier to Government Scheme

HM Government logo

Issue date: July 14, 2014

Details: Egress software is listed under the formal Cyber Security Supplier to Government Scheme. The scheme is administered by the Department for Business, Innovation and Skills (BIS) and is designed to clearly identify and recognize key suppliers to UK Government.

References: Participating Companies, Participating Government Departments


1https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Validated-Modules/Search

2https://www.intel.com/content/www/us/en/architecture-and-technology/advanced-encryption-standard--aes-/data-protection-aes-general-technology.html

accreditations accreditations accreditations accreditations accreditations