NIA - NATO Information Assurance

Attention: the NIAPC web site may not include all approved products.The list of approved products is always changing; there is a backlog of approved products still to be added to this information portal, and there are delays in responding to queries and inclusion of new products. NATO is reviewing options to improve collaboration and provide more timely information sharing of approved security products.

Egress Mail and File Protection

Egress Software Technologies is a provider of cloud-based encryption software and services, offering on-demand data security to enable organisations and individuals in the Public and Private Sectors to share confidential information with third parties.

As a CESG CPA Foundation Grade certified email encryption product, Egress Mail and File Protection enables public and private sector customers to share highly sensitive information over the internet, without the need to manage external third party credentials.

Combining on-premise and hosted Cloud infrastructure with patented key management, Egress Mail and File Protection provides a community-based licensing model called the Egress Trust Network. The Network is made up of paying and free Egress Mail and File Protection subscribers, who are able to share information securely with one another using a single global identity.

Additional Notes

Intended deployment

Fully Hosted

Designed for organisations looking to leverage the cloud infrastructure without the need to manage on-premise Servers in order to share confidential information securely with 3rd parties. Key management, user identity, and on-demand encryption takes place in our hosted environment using a public cloud offering (where both the data & the encryption keys are external to the customer).

Hybrid Hosted

Where organisations wish to leverage the benefit of cloud computing while at the same time offer integration with existing security infrastructure. To achieve this ‘hybrid’ model Egress Mail and File Protection provides Egress Gateway (EG), enabling encryption to be delivered at the network boundary using seamless SMTP routing. This approach offers support for bespoke desktop email clients, but also offers organisations the ability to configure a Egress SMTP gateway to allow messages to be secured as they leave the mail server

Fully On-Premise

When an organisation hosts all of their email infrastructure internally, incorporating Egress Server Infrastructure (ESI) & Egress Gateway (EG), usually on dedicated servers, together with all their Egress Clients (EC) On-Premise. This provides seamless integration into their existing email topology.

Interoperability details

Egress binary package format is proprietary and not compatible with S/MIME or OpenPGP formats, but documentation, libraries and tools are available to interested parties willing to process Egress encrypted messages.

Dependency details

ESI and ESG run on Windows Server 2008R2 or later, and rely on Microsoft SQL server for data storage. Microsoft SQL Server Express is sufficient for small size installations.

Communications / transport supported protocols

Egress encrypted email messages are normal MIME messages, with .switch attachment, sent via SMTP or other protocols.
Communication between ESG/ESC and ESI, as well as between ESIs, occurs over XML-SOAP web-services, with TLS protection. TLS 1.2 is supported and may be enforced.

Certification, evaluations and accreditations held

a) CESG’s Commercial Product Assurance (CPA) - Foundation Grade (i.e. suitable for Business Impact Level (IL) of IL3 and below)
b) Currently pursuing ISO27001:2013 – Stage 2 Audit
c) FIPS 140-2 (not Egress Mail and File Protection directly, rather an OpenSSL FIPS Runtime Module by Open Source Software Institute)
d) Currently pursuing Pan Government Accreditation (PGA IL2)

Product Images