ISO/IEC 27001:2013 | Common Criteria | FIPS 140-2 | Trustwave PCI DSS Certification
NATO IACD | EU | Cyber Security Supplier to Government Scheme
Certification number: IS 611606
Issue date: July 14, 2014 through July 13, 2020
Details: ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
References: Egress' International BSI Listing
Certification number: CRP302
Issue date: August 8, 2017
Details: The Common Criteria for Information Technology Security Evaluation (CC) and the companion Common Methodology for Information Technology Security Evaluation (CEM) are the technical basis for an international agreement, the Common Criteria Recognition Arrangement (CCRA), backing an international driving force for the widest available mutual recognition of secure IT products.
- #2937 (January 26, 2017)
- #2936 (January 26, 2017)
- #2606 (August 26, 2016)
- #2605 (August 26, 2016)
- #1894 (August 27, 2013)
- #1111 (March 4, 2009)
Additional certificates are listed on the FIPS 140 Validation page
Details: Egress Secure Email and File Protection client and server software utilizes FIPS validated libraries, permitting FIPS mode operation. The product utilizes FIPS standard AES-256 (FIPS 197) for message encryption and attachment encryption.
Specifically, the current shipping product only utilizes validated cryptography for message and attachment encryption via Microsoft software libraries which have approved FIPS validations. These are Microsoft Cryptographic Modules with FIPS Certificates1 #2937, #2936, #2606, #2605, and #1894 for libraries bcryptprimitives.dll, ncryptsslp.dll, cng.sys and RSAENH.dll on supported windows platforms. These libraries provide AES-256 in software, and per Microsoft and Intel, on supported Intel cpu’s with AES-NI hardware instructions2, AES acceleration and execution in on-chip hardware.
References: Egress use the following cryptographic libraries:
- Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)
- Kernel Mode Cryptographic Primitives Library (cng.sys)
- Enhanced Cryptographic Provider (RSAENH.DLL)
Links to additional security policies are available on the FIPS 140 Validation page.
Trustwave PCI DSS Certification
Certification number: DD3F-208C-5FAF-43F9
Issue date: October 10, 2019
Details: Egress does not directly handle any customer credit cards (all online sales are managed by Paypal). Trustwave partners Paypal to assure that Egress’s payment portal is always secure using their PCI Manager, with monthly security scans (together with their SMB Security Toolkit).
References: Scheme details
NATO Classification: NATO Restricted
Issue date: 16 July, 2014
Details: The NATO Information Assurance Product Catalogue (NIAPC) provides NATO nations, and NATO civil and military bodies with a catalogue of Information Assurance (IA) products, Protection Profiles and Packages that are in use or available for procurement to meet operational requirements.
EU Classification: EU-approved cryptographic product to EU RESTRICTED classification
Issue date: 13 November. 2015
Details: Underpinned by Egress’ CPA certification, where the national evaluator was NCSC, a second party EU evaluator (Germany’s Bundesamt für Sicherheit in der Informationstechnik) rigorously tested our Egress Secure Email product to validate its security for the EU Market.
Cyber Security Supplier to Government Scheme
Issue date: July 14, 2014
Details: Egress software is listed under the formal Cyber Security Supplier to Government Scheme. The scheme is administered by the Department for Business, Innovation and Skills (BIS) and is designed to clearly identify and recognize key suppliers to UK Government.