Today, We bring good news from the Cisco U.K. team, and author Mark Jackson.

Cisco achieves first Foundation Grade certified IPsec VPN gateway which supports CESG PRIME encryption

Cisco is pleased to announce that the Cisco ASA 5500 and 5500-X series security appliances have successfully completed evaluation against the IPsec security gateway security characteristic and are now certified at Foundation Grade. This award represents the first Foundation Grade IPsec VPN product capable of supporting both the CESG interim and PRIME cipher suites, enabling public sector customers to take full advantage of the very latest cryptographic algorithms.


In April 2014, the UK Government reformed the way in which information assets are classified, moving from a six tier protective marking scheme to a new three tier classification scheme: OFFICIAL, SECRET and TOP SECRET.  The motivation for the change was driven by an overall civil service reform agenda; supporting a greater level of personal accountability over information, enabling a modern workspace and ensuring that security is applied in a proportionate manner.


At an ICT level, the reform is designed to allow Government departments to exploit a wider range of commercial-off-the-shelf (COTS) technologies at the OFFICIAL tier where the vast majority of Government business operates.


As part of this transition and the wider adoption of COTS technologies, there remains a need for risk owners to have a degree of assurance that the technologies they choose are fit for purpose. CESG, the National Technical Authority for Information Assurance, have updated and improved the product assurance model to meet Government needs. This model includes two grades of assurance; Foundation Grade and High Grade. Foundation Grade products are COTS products designed to provide protection against threats to information classified as OFFICIAL and certification is achieved through the completion of either a Common Criteria or Commercial Product Assurance (CPA) evaluation.


The certification covers both site-to-site and remote-access VPN deployment options and coupled with the Cisco AnyConnect client (currently in CPA evaluation), will enable Government customers to deploy a scalable, assured secure mobility solution for a range of operating systems.


Rod Halstead, Managing Director of Cisco’s UK Public Sector organisation said “Cisco has a long history of working with the UK public sector and over the past few years has contributed extensively to the G-Cloud and PSN programmes, especially in the area of security and information assurance. Achieving Foundation Grade certification on the ASA platform further demonstrates Cisco’s commitment and provides the foundation for enabling public sector employees to adopt commercial grade technology to support their remote and mobile.”


A spokesman for CESG said: ‘We congratulate Cisco on their latest achievement and are pleased to add their latest products to CESG’s expanding range of certified Foundation Grade products. By choosing a VPN which has been evaluated against CESG’s standards, customers can have confidence that the product will perform correctly and will protect their data and information from compromise.”



Clint Winebrenner

Product Certification Engineer

Global Certification Team (GCT)