5 Jun 2020

Pulse Secure, a renowned provider of software defined Secure Access solutions, announced achieving Common Criteria certification for both its virtual private network (VPN) and network access control (NAC) solutions under NIAP’s most current collaborative Protection Profile for Network Devices (NDcPP).

Pulse Secure’s certified solutions increases cyber security assurance for remote, cloud and on-premises access productivity, visibility and compliance for government agencies, government contractors, as well as private-sector enterprises. Common Criteria certification is governed by ISO/IEC standards bodies and maintained by the National Information Assurance Partnership (NIAP) according to internationally recognised security testing standards.

Encompassing security requirements

The solutions were awarded certification against the most current NIAP approved protection profile

Common Criteria certification listing for Pulse Connect Secure v9.1 (VPN) and Pulse Policy Secure vv9.1 (NAC) can be found respectively on the NIAP website. The solutions were awarded certification against the most current NIAP approved protection profile encompassing security requirements, an evaluation and validation scheme, and rigorous test activities carried out by UL Verification Services Inc. Prior versions of both solutions had achieved Common Criteria certification.

Pulse Secure has been extensively deployed in federal, military and supporting contractor applications to support: Comply to Connect standards, Command Cyber Readiness Inspections (CCRI), 802.1X port-control and DISA STIGs, NIST’s Risk Management Framework (RMF), Host-based Security System (HBSS) and DFAR 252.204-7012 assurance, and Internet of Things (IoT) security initiatives.

Assure increased requirements

In addition, the solutions have also attained FIPS 140-2 Level 1 certification, and are certified on the U.S. DoD Unified Capabilities (UC) Approved Products List (APL) and for JTIC joint warfighting IT interoperability.

“Government IT organisations are always on the defensive, but like commercial entities, they must also assure increased requirements for availability, responsiveness and compliance. This is especially true for users and devices requesting access to and operating on federal and military networks,” said Alex Thurber, Chief Revenue Officer at Pulse Secure.

Secure access challenges

For over a dozen years, Pulse Secure has helped government agencies address secure access challenges for hybrid IT

“Pulse Secure is uniquely positioned to give Federal CIOs the means to advance network and cloud access, situational intelligence, and endpoint protection in a timely and cost-effective way that supports compliance mandates. Our recent Common Criteria certifications serves to further validate the design and effectiveness of our Secure Access platform.”

For over a dozen years, Pulse Secure has helped government agencies address secure access challenges for hybrid IT – efficiently, seamlessly and cost-effectively.

Unified access control

By implementing Pulse Secure, Federal defense, intelligence and civilian agencies can:

  • Assure user experience and protected connectivity with always-on and on-demand VPN, as well as simultaneous and split tunneling
  • Satisfy NIST 800-53 controls and specifications regarding 802.1x, Layer 2 Switch STIG, WLAN Authentication Server Security STIG, and Comply-to-Connect requisites
  • Centrally manage an easy-to-use VPN and NAC/802.1x solution for wired, wireless and remote connections with flexibility for physical, virtual and cloud deployment
  • Gain extensive user insight and unified access control for remote and internal endpoints, whether managed, uncatalogued, unsanctioned or unknown
  • Automate endpoint and access situational awareness and security response through end-to-end visibility, policy-based controls, and infrastructure interoperability
  • Validate device compliance with continuous remote, pre-network connection and post-connection host checking to efficiently find, assess and mitigate exposures
  • Preserve remote and onsite user experience with context-aware identity authentication supporting a range of smartcards, certificate handling and single sign-on (SSO)
  • Leverage build-in User Entity Behavior and Analytics (UEBA) anomaly detection and response
  • Integrate Pulse Secure via open standards that negates single vendor lock

Security access tools

Organisations can centrally orchestrate Zero Trust policy to ensure compliant access to applications

Pulse Secure’s VPN and NAC solutions can be procured separately or as part of its Pulse Access Suite Plus solution set that provides adaptive identity and device authentication, protected connectivity, extensive visibility and analytics, and threat response across mobile, network and multi-cloud environments.

By consolidating disparate security access tools into an integrated platform, government agencies gain easy access for users and a single-pane-of-glass to streamline provisioning, management and scalability. Organisations can centrally orchestrate Zero Trust policy to ensure compliant access to applications, resources and services across distributed network, private cloud and public cloud environments.

On-premise access control

“The federal government continues progress cyber security and data protection capabilities with mandates to be more proactive, vigilant and agile. Beyond broader mobility, IoT and cloud initiatives, recent work from home and increased remote access capacity have expanded threat vectors and attack surfaces – placing greater requirements to modernise disjointed, legacy VPN and NAC solutions,” said Jerahd Hollis, Chief Technology Officer at immixGroup.

“Pulse Secure’s integrated, interoperable and scalable approach to remote and on-premise access control address these challenges and allows agencies to deliver easier accessibility with necessary operational insight, controls and efficiency to satisfy NIST guidelines and achieve Zero Trust readiness.”