jtsec evaluates the first Videoconferencing tool included in CPSTIC/CCN-STIC 105 catalog

Blog

2
- Sept
2022
Posted by: José Ruiz
[Certification]
jtsec evaluates the first Videoconferencing tool included in CPSTIC/CCN-STIC 105 catalog

Evaluating a pioneering product in a CPSTIC/CCN-STIC 105 taxonomy is both a great motivation and a challenge. Therefore, we are pleased to be the first laboratory that has successfully evaluated a product in the category of "Videoconferencing tools", being included in the Qualified Products section of the Spanish Catalogue of Information and Communication Technology Security Products (CPSTIC), published by the CCN. From here we would like to congratulate PEXIP for this reason and for the great work done.

What does it involve to evaluate a product that cannot be included in an already defined taxonomy?

Evaluating a product that is identified in a taxonomy means that the requirements have already been tested. When evaluating a product in a new category the evaluation requirements have to be adapted and improved.

As a pioneer laboratory, we at jtsec have had to face this improvement process as there was no product evaluated as a reference.

What exactly is a videoconferencing product?

According to Annex D.9C-M - M: Videoconferencing Tools of the ICT Security Guide CCN-STIC 140: "The products associated with the family of "Videoconferencing Tools" arise in response to the need of organizations to have services that allow two or more people to connect in real time from different locations, through the network, by using a mobile device, computer or tablet".

Specifically, PEXIP Infinity, developed by the manufacturer PEXIP, is the first product to obtain LINCE certification and is included as a "Videoconferencing tool" in the CPSTIC/CCN-STIC 105 catalogue. It is a virtualized and distributed videoconferencing infrastructure platform for managing H.323/SIP room videoconferencing equipment and PC, Mac and Linux desktop clients, with WebRTC client.

It acts as Call Control, and incorporates transversal firewall technology to talk to other networks, and multi-conference unit (MCU), allows management of room terminals and desktop and mobile users, allowing self-provisioning of users and equipment, as well as monitoring and analysis of activity in a secure way. It provides a connector to interoperate with Microsoft Teams, Google Meet, Skype for Business, Webex, Zoom and WebRTC users, and allows streaming and recording. It integrates with Outlook and Google Calendar for session scheduling, and with SSO, certificate and LDAP tools. It also has an extensive library of APIs for integration into the customer´s technological and security environment: MFA, SIEM, NTA, etc.

Evaluation requirements applied to videoconferencing tools

CCN establishes a series of fundamental security requirements for the evaluation of each product family. The requirements shown below are those that apply to the family of videoconferencing tools, highlighting the more specific requirements for this type of products, contained in the security functionality "Videoconferencing Requirements". In this case we can find the specific requirements in Annex D.9C-M: Videoconferencing Tools of the ICT Security Guide CCN-STIC 140.

These specific requirements ensure end-to-end confidentiality of communications, that sessions and data of participants of different calls are isolated, and that the product performs proper storage and processing of files shared via conferences.

Evaluation of videoconferencing tools, we can help you!

As the first laboratory in the evaluation of this taxonomy of products under the LINCE methodology, we have the necessary experience in case you wish to evaluate your product and include it in this category.

As the leading lab in LINCE evaluations, our experience will help you to make the certification process as agile as possible, thus reducing the time and resources needed by our clients.

If you want to obtain a valid cybersecurity certification for your videoconferencing tool, we will be happy to help you.

Being the first to certify a videoconferencing solution under the LINCE methodology was a challenge, thanks to the jtsec team it has been a success, throughout the process they have supported us and have managed the project with absolute professionalism.

Valentín Martín, EMEA Channel Head Public Sector at PEXIP

tags
José Ruiz/CTO

Jose is an expert consultant on the Common Criteria standard with more than 10 years of experience. Jose has a wide background in other security assurance standards in the field of the information technology as Common Criteria, FIPS 140-2, FIPS 140-3, GP TEE, PCI-PTS, LINCE. Jose has served as an evaluator, Technical Leader and CC Consultant for Epoche&Espri and as CC lab manager and Cyber Security Service Manager for Applus+. His experience has led him to participate as a speaker in various editions of the ICCC (International Common Criteria Conference) and ICMC (International Cryptographic Module Conference). He has been the “Chairman” of a subgroup within the ISCI WG1 Eurosmart Initiative to develop the CC Methodology. He is also member of different working groups as ISO SC27 or Global Platform TEE and an active member of the group ERNCIP “IACS Cybersecurity certification“.

In 2017 he founded with Javier what is now known as jtsec. He is currently in charge of promoting the commercial expansion of the company from its headquarters in Madrid as CTO. In addition, he represents jtsec in various national and international forums and is responsible for quality.


Contact

Send us your questions or suggestions!

By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.
RECENT POSTS
jtsec - Our LINCE 2023
Febr 6, 2024
jtsec - Our LINCE 2023
We wish you a happy and cybersecure 2024
Dec 19, 2023
We wish you a happy and cybersecure 2024
How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
Dec 14, 2023
How to Prepare Your Products and Services for the Quantum Era and Ensure Their Certification?
How to include your product or service in ENS ALTA.
Oct 31, 2023
How to include your product or service in ENS ALTA.
Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
Sept 19, 2023
Certifications and cybersecurity methodologies are generating interest among companies and organizations at both the national and international levels.
Legal framework in which the CPSTIC CCN - STIC 105 catalogue is included in the sphere of Public Administration
Augst 23, 2023
Legal framework in which the CPSTIC CCN - STIC 105 catalogue is included in the sphere of Public Administration
New cryptographic evaluation methodology created by CCN, how does it apply and what does it consist of?
May 9, 2023
New cryptographic evaluation methodology created by CCN, how does it apply and what does it consist of?
jtsec achieves ENS High Certification.
May 1, 2023
jtsec achieves ENS High Certification.
Common Criteria Statistics Report for 2022
March 20, 2023
Common Criteria Statistics Report for 2022
How to assess the cybersecurity of a consumer IoT device under the ETSI EN 303 645 scheme?
March 9, 2023
How to assess the cybersecurity of a consumer IoT device under the ETSI EN 303 645 scheme?
CATEGORIES