The trusted alternative to mass market instant messaging solutions
Boost communication by inviting thousands of members in dedicated chat rooms!
Comment pouvons-nous vous aider ? Vous trouverez l'aide qu'il vous faut.
Register or Connect directly to Citadel Team
Cryptobox provides businesses and organizations with a sharing and collaboration solution to secure internal and external exchanges, using end-to-end encryption.
Cryptobox is the first secure sharing and collaboration solution to provide end-to-end data encryption, whether your device is a smartphone or a computer.
The digital transformation affects all businesses and organizations, from the smallest to the largest. This transformation brought about by technological developments offers many benefits:
To meet the new challenges of mobility and remote work, Ercom has developed Cryptosmart PC, a sovereign VPN solution to secure the connections of your remote Windows computers.
Cryptosmart is the only “Restricted” French & NATO certified solution, jointly developed with Samsung, to secure end-to-end mobile communications on consumer devices.
Cybels Hub DR, the first "Restricted" level accredited cloud solution to help inter-entity collaboration in a secure environment with partners! Collaborate in voice or videoconferencing, exchange data with your partners, all at the "Restricted Distribution" level, on a cloud operated and secured by Thales.
Posted 15 juin 2016
The ANSSI defines multiple levels of security for hardware involved in information and mobile networks security*: elementary qualification, based on a CSPN (Level-1 security certification); standard qualification, based on a Common Criteria evaluation EAL3+; enhanced qualification, based on a Common Criteria evaluation EAL4+.
Common Criteria are a set of standards (ISO 15408), created by a collaboration between Canada, the USA and Europe, but world recognized, which goal is to provide an unbiased assessment of information systems and software security. Thanks to this work environment, IT users can implement security profiles to specify functional security requirements and assessors can verify if products meet the required levels of security**. Theoretically then, a product test in any of these 26 countries that recognized the agreement on common criteria should follow the same process and the same requirements.
The common criteria certification is issued by a CESTI (IT security evaluation center) certified by the ANSSI, such as Oppida or Serma Technologies in France for instance. By contacting the ANSSI, in France, an editor can define the possible level of certification for its product, and then contact a CESTI for the assessment. The assessment process is expansive (around 100,000€ for an EAL3+), long (around 12 months), requires a complex and heavy documentation writing for the security target, and forces the editor to make a highly qualified scientist or mathematician associate available for CESTI experts. This evaluation process is only valid for a given version of the product, which is a handicap for small businesses and start-ups. A CESTI has to be independent such that it guarantees objectivity and confidentiality of its work. National organizations such as the ANSSI are in charge of verifying CESTI’s ethics.
Each country is free to define its own rules for information transmission in governmental levels. In France, there is a concept of “restricted transmission” or “Secret défense” (SD). The restricted transmission qualification was, until now, dedicated to government members but, since the last military programming law (LPM), OIV*** are going to be more and more pushed to use mobiles meeting this level of security, which have common criteria based security (EAL5+ for smart cards and EL4+ for applets). To have a European restricted diffusion agreement, an editor has to get its product validated by at least two European countries.
The website commoncriteriaportal.org keeps an updated list of ISO15408 certified products. The ANSSI website keeps an updated list of qualified products.
* http://www.ssi.gouv.fr/entreprise/qualifications/qualification-de-produit
** https://fr.wikipedia.org/wiki/Crit%C3%A8res_communs
***OIV: Opérateur d’Importance Vitale – is a French qualification issued for organisms of high importance (such as nuclear plants, Network backbones, etc.)
Cet article vous a plu ? N'hésitez pas à le partager