atsec AB performing first EAL4 evaluation to Swedish Common Criteria Scheme (CSEC)

Evaluation of Färist VPN and Firewall marks pioneering effort for Tutus AB, atsec AB, and CSEC

Stockholm, Danderyd, Sweden - atsec information security AB is performing an EAL4+ evaluation of Tutus Data AB Färist VPN and Firewall for certification by the Swedish Certification Body for IT Security (CSEC). atsec is one of only two Common Criteria evaluation labs provisionally certified to perform evaluations under the newly-established Swedish Common Criteria scheme. The current project marks the first evaluation effort to CSEC at evaluation assurance level 4 (EAL4) or higher.

Tutus is an established provider of trusted network security solutions, and supplies IT security solutions for the Swedish Defense. Färist VPN and Firewall is a VPN-gateway based on IPSEC standards and a pure proxy firewall that filters and logs traffic on the application protocol layer. The VPN-gateway is nationally approved to protect information at the EU-Restricted level. The firewall model is very secure since the networks are completely separated at the IP-level; that is, all IP packets are handled by a proxy and completely new packets are sent out on the other side of the firewall.

Tutus was the first Swedish company to earn a Common Criteria certification, achieving certification of the Färist Firewall 2.0.2-CRELEASE at EAL3 in October 2002. The evaluation lab for that successful certification effort was atsec information security GmbH, the German company in the atsec family of IT security consulting and evaluation companies. The certification was done by BSI, the Germany certification body. In addition, atsec has performed several non-scheme assessments of Tutus Färist products.

atsec information security is in the unique position to offer Common Criteria Lab services in three national schemes: the U.S. scheme under NIAP (National Information Assurance Partnership), the German scheme under BSI (Bundesamt für Sicherheit in der Informationstechnik), and the Swedish scheme under CSEC.

Staffan Persson, Lab Manager for atsec information security AB, says: “We are very pleased to be working with Tutus AB and CSEC on this groundbreaking certification effort. We anticipate a successful and timely evaluation and certification of the Färist VPN and Firewall, an accomplishment that is certain to enhance the reputation of all the parties involved in the effort.”

About atsec information security
atsec information security is an independent, standards-based IT (information technology) security consulting and evaluation services company that combines a business-oriented approach to information security with in-depth technical knowledge and global experience. atsec was founded in Munich (Germany) in January 2000 and has extensive international operations with offices in the U.S., Sweden and China. atsec leverages its security, process, and standards expertise to consult on a wide range of IT security needs, enabling clients to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. atsec works with leading global companies such as IBM, HP, Oracle, Cray, BMW, SGI, Vodafone, Swisscom, RWE, and Wincor-Nixdorf.

About Tutus Data AB
Tutus is an established provider of advanced IT security solutions. Tutus designs, develops and implements trusted IT-security solutions. The focus is on high assurance network security devices, both application gateways and encryption devices. Tutus was founded in 1992. Today Tutus is the main supplier of Common Criteria certified software security solutions to the Swedish Defense.