openNAC Enterprise obtains Common Criteria certification

Blog

26
- June
2019
Posted by: Javier Tallón
[Cybersecurity & hacking tools and techniques]
openNAC Enterprise obtains Common Criteria certification

jtsec is proud to announce the publication in the BOE of the Common Criteria certification awarded to opencloud factory for its openNAC enterprise product.

It has been a year of intense work since we began to participate in this project until its completion, during the month of May of this year.

OpenNAC Enterprise is a next-generation NAC (Network Access Control) with the ability to securely manage access to corporate networks and gain full control over the network. Available as a Virtual Appliance, it can be implemented in large corporate networks with various data centers and remote offices. OpenNAC Enterprise uses multiple device discovery methods (802.1x, Traps, Agent...); the Sensor (probe) supports asset visibility without 802.1X and achieves deep out-of-band packet inspection.

The solution provides multi-vendor support for network infrastructure, based on multiple methods of authentication and enforcement through segmentation (VLAN), microsegmentation, etc. It can be integrated with multiple LDAPs and Active Directories. It is a completely modular solution according to the needs of organizations.

The OpenNAC solution in version 1.2 has surpassed the EAL2 evaluation level, with the following functionality having been declared and evaluated by Epoche & Espri, a laboratory accredited by the CCN to perform Common Criteria evaluations up to EAL4+:

  • Generation of audit data
  • Management functions via the web interface
  • Network Access Control for users and devices to networks
  • Role-based access control to management functions
  • Protection of communications to the web interface (REST API) using https

Thanks to the participation in this security assessment, the OpenNAC Enterprise product has been included in the CPSTIC catalogue for HIGH ENS level at the same time as the evaluation process.

jtsec participation in this project began when the manufacturer had already begun the evaluation process and was in a situation of total deadlock due to the difficulty of the Common Criteria standard for manufacturers without previous certification experience.

The project was structured in several phases: gap analysis, preparation of the evaluation, evaluation process and request for inclusion in the catalogue.

The performance of an initial gap analysis of the product by the jtsec experts, allowed for drawing up an adapted certification plan thus limiting the delays and uncertainties that are so undesirable during the Common Criteria evaluations.

The preparation stage was completed in record time, performing the adaptation of the documentation of the design, operation, tests and life cycle of the product to the requirements of the Common Criteria norm.

The jtsec experts on Common Criteria took care of this preparation stage counting on every moment with the support of OpenCloud Factory technical experts.

This way of working has allowed for the manufacturer to focus their effort on the implementation of new security measures for their product, thus achieving a global improvement of the product and its documentation.

The evaluation stage was performed by Epoche which was in charge of the technical analysis of the product.

It is a critical factor for the success of any certification process, the communication between all the stakeholders. jtsec has been in charge of being the interface so as to speed up the time of response and optimize the evaluation process.

The follow up of the state of the product’s evaluation by each part has been exceptional, granting a greatly agile and resolutive communication interface, which has allowed for detecting and solving each problem in a highly efficient way.

It has been a pleasure for us to have the chance of working with a company of reference within the security market at a national and international level as is penCloud Factory. Without their eager disposition for the introduction of improvements in the product, it wouldn’t have been possible to carry out the evaluation in such a satisfactory way.

We will not be able to forget in a long time when the OpenCloud Factory team confessed to us that “We are finally understanding what this Common Criteria is all about.”

tags
Javier Tallón/Technical Director

Expert consultant on the Common Criteria standard, and other security assurance standards in the field of the information technology (FIPS 140-2, ITSEC, ISO 27K1, SOC 2, ENS...). Javier has served as an evaluator in the Spanish CB for the country major evaluation labs. As a consultant, he has successfully accompanied national and international companies in several certification processes (to EAL5+). His experience has led him to participate as a speaker at several conferences on computer security and certification (SuperSec, Cybercamp, Navaja Negra, International Common Criteria Conference, International Cryptographic Module Conference, EUCyberact Conference). He is also Cyber Security lecturer, giving classes of Secure Software Engineering at the University of Granada and is CISSP (Certified Information Systems Security Professional) and OSCP/OSCE (Offensive Security Certified Professional & Certified Expert) certified .

In 2015 he begins to lay the foundations of what will be jtsec. He currently works as Technical Director of the evaluation lab and Chief Operations Officer (COO) of the Granada site from where the company develops most of the work. Recognized expert in various disciplines of cybersecurity (reversing, exploiting, web, ...), assumes the technical direction of most of the projects, directing and organizing the work of the team. He also leads the Research and Development area, encouraging the participation of the jtsec team in multiple Congresses.


Contact

Send us your questions or suggestions!

By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.
RECENT POSTS
jtsec achieves pioneering accreditation for MEMeC cryptologic evaluation
Jan 17, 2025
jtsec achieves pioneering accreditation for MEMeC cryptologic evaluation
jtsec & Applus+ Laboratories at ICCC24
Nov 14, 2024
jtsec & Applus+ Laboratories at ICCC24
How to use the CCN product catalog to improve your company's security
Oct 14, 2024
How to use the CCN product catalog to improve your company's security
Common Criteria Statistics 2023
June 17, 2024
Common Criteria Statistics 2023
How to enter ENS category high, stay in the catalog and add new versions of my product
April 23, 2024
How to enter ENS category high, stay in the catalog and add new versions of my product
jtsec - Our LINCE 2023
Febr 6, 2024
jtsec - Our LINCE 2023
We wish you a happy and cybersecure 2024
Dec 19, 2023
We wish you a happy and cybersecure 2024
How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
Dec 14, 2023
How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
How to include your product or service in ENS ALTA.
Oct 31, 2023
How to include your product or service in ENS ALTA.
Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
Sept 19, 2023
Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
CATEGORIES