Probeer het vandaag nog uit Neem contact met ons op
close

Certifications

Common Criteria | FIPS 140-2 | Commercial Product Assurance | ISO/IEC 27001:2013
Cyber Security Supplier to Government Scheme | EU | NATO IACD | Pan Government Accreditation (PGA)
Trustwave PCI DSS Certification | Cyber Essentials and Cyber Essentials Plus Certification | Skyhigh CloudTrust

Common Criteria

Common Criteria logo

Certificate No: P302

Issue date: 08/08/2017

Many businesses and government institutions require formal assurance that the data security solutions they deploy meet their information assurance requirements. Common Criteria is an internationally recognized scheme for technology products, providing formal proof that security functionality within the solutions has been independently tested and verified to meet levels of assurance against government-backed security standards.

Many businesses and government institutions require formal assurance that the data security solutions they deploy meet their information assurance requirements. Common Criteria is an internationally recognized scheme for technology products, providing formal proof that security functionality within the solutions has been independently tested and verified to meet levels of assurance against government-backed security standards.

By benchmarking our technology against this independent, internationally recognized certification, our customers and partners can be assured that they are investing in highly resilient data security technology that has been designed to deliver protection to their organization, their staff, and the information they share.


FIPS 140-2

FIPS logo

Certification numbers:

Additional certificates are listed on the FIPS 140 Validation page

Details: Egress Secure Email and File Protection client and server software utilizes FIPS validated libraries, permitting FIPS mode operation. The product utilizes FIPS standard AES-256 (FIPS 197) for message encryption and attachment encryption.

Specifically, the current shipping product only utilizes validated cryptography for message and attachment encryption via Microsoft software libraries which have approved FIPS validations. These are Microsoft Cryptographic Modules with FIPS Certificates1 #2937, #2936, #2606, #2605, and #1894 for libraries bcryptprimitives.dll, ncryptsslp.dll, cng.sys and RSAENH.dll on supported windows platforms. These libraries provide AES-256 in software, and per Microsoft and Intel, on supported Intel cpu’s with AES-NI hardware instructions2, AES acceleration and execution in on-chip hardware.

References: Egress Switch use the following cryptographic libraries:

  1. Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
  2. Kernel Mode Cryptographic Primitives Library (cng.sys)
  3. Enhanced Cryptographic Provider (RSAENH.DLL)

Links to additional security policies are available on the FIPS 140 Validation page.


Commercial Product Assurance

CPA Foundation Grade logo

Certificate No: DGEE378428688-1104

Issue date: 21/12/2017

Egress is currently the only UK Government CPA Foundation Grade certified email encryption product. This makes Egress suitable for sharing OFFICIAL and OFFICIAL-SENSITIVE under the current government classification policy. As a result Egress helps fill the gap between existing accredited government networks and external delivery partners, citizens and third sector businesses.

At the time of the award a NCSC spokesperson commented: "Egress’ innovative technology and commitment to demonstrating that it meets NCSC’s standards means that the end-user has confidence that they are selecting an email encryption product that has been approved by UK Government and is capable of protecting their organisation and the data they share from external threats.”

https://www.ncsc.gov.uk/products/egress-email-and-file-protection


ISO/IEC 27001:2013

ISO IEC logo

Certificate No: IS 611606

Issue date: 14/07/2017

ISO27001 is the international best practice standard for information security management systems: http://www.itgovernance.co.uk/iso27001.aspx. Egress Software data centres are all certified to ISO27001 and all Egress offices are in ISO27001 scope (London, Sheffield, Barnsley and Toronto). The initial ISO27001:2013 certification was completed in July 2014 and continues to undergo regular independent audits by BSI Group.


Cyber Security Supplier to Government Scheme

HM Government logo

Egress Software is currently listed under the formal Cyber Security Supplier to Government Scheme. The scheme is administered by the Department for Business, Innovation and Skills (BIS) and is designed to clearly identify and recognise key suppliers to UK Government. 

To view the full list please visit: https://www.gov.uk/government/publications/cyber-security-supplier-to-government-scheme/cyber-security-supplier-to-government-scheme-list-of-participating-companies  

The Ministerial Government Departments participating in the scheme are listed at: https://www.gov.uk/government/organisations


EU

EU logo

EU Classification: EU-approved cryptographic product to EU RESTRICTED classification

Issue date: 13 November. 2015

Details: Underpinned by Egress’ CPA certification, where the national evaluator was NCSC, a second party EU evaluator (Germany’s Bundesamt für Sicherheit in der Informationstechnik) rigorously tested our Egress Switch Secure Email product to validate its security for the EU Market.

References: EU RESTRICTED Listing, EUCI Scheme


NATO IACD

Nato logo

NATO Classification: NATO Restricted

Issue date: 16 July, 2014

Details: The NATO Information Assurance Product Catalogue (NIAPC) provides NATO nations, and NATO civil and military bodies with a catalogue of Information Assurance (IA) products, Protection Profiles and Packages that are in use or available for procurement to meet operational requirements.

References: NIAPC Listing, NIAPC Scheme


Pan Government Accreditation (PGA)

Certificate No: G230.001 IL2

Issue date: 15/08/2014

Infrastructure and services are increasingly shared by multiple Government Departments as a way of reducing costs. The accreditation of these systems can be complex, since different departments will have different threat profiles and risk appetites. The Pan Government Accreditation (PGA) service is provided by CESG to manage the combined risks efficiently on behalf of all public sector organisations involved. Egress Switch Software as a Service (SaaS) achieved full PGA accreditation in August 2014, making it suitable as a fully managed service for OFFICIAL electronic data sharing across UK Government and the wider supply chain. Note: Whilst the Certificate states that the Switch "service only supports HMG customers" this is in the context of Switch being authorised for sales on the CloudStore (G-Cloud).


Trustwave PCI DSS Certification

Trustwave PCI DSS logo

Certificate No: 4004-D03F-3B96-71D8

Consumers are becoming increasingly aware of the dangers of identity theft. PCI compliance shows you have secure procedures in place that keeps customer information safe and secure. Payment Card Industry Data Security Standard (PCI DSS) is a set of 12 requirements that all businesses who handle payments must comply with. It provides business best practice guidelines to establish a 'minimum security standard'.


Cyber Essentials and Cyber Essentials Plus Certification

Cyber Essentials Plus logo

Cyber Essentials Plus

Certificate No: 6628248325931967

Issue date: 23/02/2017

Cyber Essentials

Certificate No: 5538896970844964

Issue date: 14/12/2015

The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security. And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.

Under the Cyber Assurance Framework, Egress Software Technologies has been assessed against the Cyber Essentials Scheme Test Specification and formally certified to the Cyber Essentials PLUS level. For more information regarding the scheme visit: https://www.cyberstreetwise.com/cyberessentials/


Skyhigh CloudTrust

Skyhigh Cloudtrust logo

Egress Switch has been awarded the highest level Skyhigh CloudTrust™ rating of Enterprise-Ready. Skyhigh Enterprise-Ready cloud services fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.

The Skyhigh CloudTrust™ Rating provides an objective and comprehensive evaluation of a service's security controls and enterprise readiness based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA). Because Skyhigh produces the most extensive, current, and credible trust ratings for cloud services, enterprises rely on the Skyhigh CloudTrust Rating to inform both decisions and policy pertaining to the use of cloud services in their environment. For more information, visit www.skyhighnetworks.com/cloud-trust-program  

footer_cesg_2018_258x100 footer_skyhigh_89x100 NATO Common Criteria footer_bsi_iso_178x100