Actu
AEP Networks delivers IL3 certifiable application access solution to secure the growing demand for access to cloud-based systems in the public sector
September 2011 by Marc Jacob
AEP Networks, the provider of trusted security, has responded to the increasing need for government departments to provide secure access to sensitive cloud-based public sector systems by delivering an IL3 certifiable access solution. The IL3 (impact level) accreditation is awarded by CESG which is attached to GCHQ and serves as the UK Government’s National Technical Authority for Information Assurance. The accreditation provides assurance that enhanced data security levels is in place to protect data at a restricted level.
AEP Networks has attained the IL3 accreditation through a combination of its LanProtect™ Assurance platform, and best practice guidelines which enables public sector project teams to deploy remote access solutions that meet the recognised security assurance requirements.
LanProtect™ Assurance has been developed by integrating AEP Networks’ Secure Application Access Gateway and Key Security and Management HSM solution. The end result enables organisations to provide users with secure web-browser based access to applications regardless of the backend infrastructure. A high level of security is achieved through a combination of:
· enhanced tamper-reactive hardware used to safeguard the integrity of the cryptographic keys protecting application access
· endpoint security management ensuring acceptable security standards of access devices
· a broad range of standard user authentication options for integration with existing user identity schemes such as Windows Active Directory or 2-factor authentication
To further assist project teams with the security assurance assessments of their Public Sector systems used for restricted marked documents, AEP Networks has published a set of best practice guidelines which provide the documentation and templates necessary for CESG Manual T assurance of LanProtect™ Assurance. These best practice guidelines are intended for use by assessment teams until CESG prepares the relevant Security Characteristics documentation for the final CPA scheme.
AEP Networks has a long history of assuring products in CESG schemes with the Secure Application Access Gateway SSL/TLS remote access products being CCTM certified since 2007 and the Enhanced Grade Network Encryption IPSEC encryptors being certified at CAPS Enhanced Grade for over 10 years. Certification at this level means that the public sector has been able to trust AEP Networks to provide secure remote access to their internal systems.
The CESG is currently in the process of replacing the existing CCTM scheme with the more robust and defined Commercial Product Assurance (CPA) scheme. As a result, no new versions or upgrades to existing products will be tested under the CCTM scheme. So during the overlap, any organisations relying on the CCTM scheme now need to carry out their own assessments to ensure that new releases and upgrades meet security standards.
