RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Avanpost PKI

Product
Developers: Avanpost (Outpost)
Last Release Date: 2022/11/08
Technology: Information Security - Authentication,  Information Security - Encryption Tools,  MCDS - Access Control and Control Systems

Content

The main articles are:

Avanpost PKI is a system for managing all elements of the public key infrastructure from a single center.

2022

Release of intermediate version with interoperability with VipNet PKI Service

Outpost announced on November 8, 2022, the release of an intermediate version of Avanpost PKI, a product designed to centrally manage all elements of the Open Key Infrastructure (PKI) from a single center.

Among the main changes: the ability to interact cryptographic cloudy signatures with the VipNet PKI Service, authentication through an external provider one using OpenId Connect and group distribution. certificates

In this version, PKI can interact with the VipNet PKI Service Avanpost PKI cryptographic signature service. Cryptomissile defense DSS Another update is full management of certificates and user keys hosted in the VipNet PKI Service. The service connects Avanpost PKI to as a cloud key medium, so it can be used along with other types of cloud and physical key media, it is seamlessly embedded in, business processes preserving the existing logic of operation.

Avanpost PKI also extends authentication using external providers using the OpenId Connect protocol. The product is now easily connected to a centralized corporate authentication system - this provides a single mechanism for accessing it, and also allows you to manage the complexity of the authentication process. Moreover, Avanpost PKI can thus be connected to Avanpost FAM. As a result, customers can use these products at the same time, which significantly increases their efficiency.

In this version, it became possible to group distribute certificates to employees.

File:Aquote1.png
For example, a group of employees has access to a common mailbox one and needs to be organized. enciphering email Now, to provide all these employees with a certificate and a key, in Avanpost PKI it is enough to create an appropriate group of employees and configure them to distribute certificates, the system will perform the rest of the tasks automatically. In general, the functionality not only increases the transparency of connections within the product, it makes working with mass operations much easier and reduces time execution, but, accordingly, the labor costs of specialists working in the system,
noted Evgeny Galkin, system architect of Avanpost.
File:Aquote2.png

Avanpost PKI also now fully supports working with key media JaCarta PKI/GOST. This allows customers to perform a variety of management and accounting operations on these key media, which enhances Avanpost PKI out of the box.

The Integration Gateway module also received significant development. With it, you can now manage the allowed extensions for employees. In addition, after a complete redesign of the security model, the module allows you to send data about calls to it from outside using the syslog protocol. Messages are generated according to the CEF format, which is supported by most SIEM systems.

File:Aquote1.png
This functionality of Avanpost PKI not only expands the possibilities of creating intersystem integration solutions, but also makes it possible to fully control external appeals, which significantly increases the level of information security,
noted Evgeny Galkin.
File:Aquote2.png

Avanpost PKI v.6 compatibility with USB tokens and JaCarta smart cards

On May 31, 2022, Aladdin RD reported that, together with Outpost, they completed test tests for the compatibility of their products.

The test results confirm the operability and correctness of the joint functioning USB of the -tockens smart cards JaCarta from Aladdin RD and the Avanpost v.6 public key infrastructure element management system PKI from Outpost.

Compatibility and correctness of sharing has been proven for USB tokens and smart cards JaCarta PKI, JaCarta PRO, GOST JaCarta-2, PKI/GOST JaCarta-2, PRO/GOST JaCarta-2 and USB tokens for storing digital certificates and containers of software CIPF JaCarta LT. For products to work together correctly, you must use the optional ON "" JaCarta Single Client version 2.13 or later. Compatibility is confirmed for the following :/ operating systems/ Microsoft Windows 78 8.1/(10 32/64-bit) and (Windows 11 64-bit).

The Avanpost PKI system is designed to record and manage the lifecycle of digital certificates and licenses for CIPF, automate the process of issuing certificates for media, instance-by-instance accounting of cryptographic means in accordance with all requirements of legislation and regulators. When working with Avanpost PKI v.6, JaCarta USB tokens and smart cards allow you to organize two-factor user authentication in information systems, electronic signature operation, integrity and confidentiality of transmitted data, as well as secure storage of key CIPF software containers, profiles and passwords.

File:Aquote1.png
Avanpost and Aladdin R.D. have been technology partners for many years, and Avanpost PKI compatibility with JaCarta smart cards and USB tokens has been supported and confirmed since version 4 of Avanpost PKI. Together, we contribute not only to the technological development of our products, but also to the introduction of institutes for the use of cryptographic methods of information protection in Russia as a whole, "said Evgeny Galkin, system architect of Avanpost.
File:Aquote2.png

File:Aquote1.png
We are pleased to announce the completion of JaCarta electronic key compatibility tests with the latest version of Avanpost PKI v.6. The ability to centrally manage all elements, including electronic key and smart card management, is an important part of building a secure and convenient public key infrastructure. Our common customers can now be sure that Avanpost PKI v.6 supports all current models of the JaCarta line, which makes their accounting process and life cycle management simple and as automated as possible, - said Sergey Chelyshev, head of the Aladdin R.D. integration group.
File:Aquote2.png

Integration with certification centers of the Federal Tax Service of Russia and the Federal Treasury

On March 1, 2022, the company Avanpost"," Russian the developer systems for identification and control of access to information resources of the enterprise () IDM announced that it had updated the corporate infrastructure public key management system Avanpost PKI and implemented the opportunity in it integration with certification centers and. Federal Tax Service Federal Treasury of Russia The presented function will allow organizations that have assumed the role of trusted centers of these departments to independently deploy and configure the workplaces of the CA operator and. FTS FC

How the system works

Thanks to the Avanpost PKI system, authorized trusted centers will be able to deploy the workplaces of the FTS and FC operator, which will allow access to the regulators API and carry out a full cycle of operations related to the issuance of electronic signatures to end users.

Avanpost PKI will provide the entire process of interaction with the TC of the Federal Tax Service and FC from the technological side, from collecting a package of documents and submitting applications for certificates to checking them from the regulator and receiving an EP by the applicant. All the data necessary at the same time will independently "pull up" from various external sources: automated banking systems, CRM and databases. All together will allow you to organize a transparent business process and speed up the issuance of certificates.

File:Aquote1.png
"Avanpost PKI takes over the entire technological part of interaction with certification centers. With its help, you can organize uninterrupted and secure data exchange between the trustee and the CA. This will allow the organization to quickly gain access to the API and all process components on the regulator's side, promptly provide it with packages of documents for verification and automate the process of issuing certificates. An important feature of the solution is that the system can be adapted for itself. Thus, the operator will be able to submit an electronic application for the issuance of a certificate both manually and automatically, for example, using integration with external information systems, "-

comments Evgeny Galkin, system architect of Avanpost.
File:Aquote2.png

Development prerequisites

In 2019, amendments to the Federal Law of 06.04.2011 No. 63-FZ "On Electronic Signature" were adopted, which have already partially entered into force. The process of final transition to approved rules will be completed in January 2023.

According to these changes, the Federal Tax Service and the Federal Treasury are entrusted with the functions of accredited certification centers (CAs) for issuing electronic signatures. The Federal Tax Service becomes a TC that issues EP to legal entities, individual entrepreneurs and notaries. The Federal Treasury assumes similar functions in relation to civil servants, participants in the budget process, legal entities that are not participants in the budget process, as well as farms and individual entrepreneurs with treasury support of their targeted funds.

As a result of these amendments, the volume of signatures and all related procedures increased multiply. To reduce the burden on certification centers, both regulators have created their own systems of proxies - these are accredited organizations that have the right to connect to the infrastructure of the Federal Tax Service or FC and issue such electronic certificates. However, for this kind of interaction, proxies need either their own technological re-equipment, or ready-made software that allows integration.

File:Aquote1.png
"We closely monitor the market and changes in legislation, and understand that the independent integration of an accredited organization with the regulator's CT is often associated with a significant increase in the cost of retrofitting its systems. Therefore, we are ready to support Russian organizations with a ready-made integration solution, "-

comments Evgeny Galkin, system architect of Avanpost.
File:Aquote2.png

2021

Support for ESMART solutions

On December 16, 2021, the Outpost company announced the continuation of the development of the Avanpost PKI system.

The updated version of the system offers users more options for setting up a personal account and working with electronic applications. Now it supports working with even more ESMART group solutions ISBC and the latest types. key media In addition, the product has an Information System Agent for OS the family. Linux

The corporate public key infrastructure management system developed by Avanpost has become even more convenient for users. Its updated version has great capabilities for configuring and editing personal account interfaces and electronic applications. Now Avanpost PKI has the ability to fully customize the system interface, for example, create its own electronic application form, configure the list of required fields and their location in it, and add actions - actions for applications and determine the style of their display.

In addition to the wizards for creating and displaying applications, the solution has the ability to change the forms of the user's personal account itself. You can, in particular, determine which information to show to the user and on which objects: for example, prevent him from viewing license data or, conversely, provide access to additional information about certificates.

For such a configuration, a specialized graphic editor has been integrated into the system, which allows it to be implemented in the web interface. Avanpost PKI also added mechanisms for importing and exporting settings to files. They make it possible to effectively manage configurations: for example, create a configuration on a test bench, check it, debug it, and then easily transfer it to an industrial system. As a result, a convenient configurator has appeared in the solution, thanks to which clients can independently perform the customizations they need.

Support for the ESMART web plugin also greatly expanded the capabilities of Avanpost PKI. Now it can be used for authentications signing documents electronically signed along with other tools with which the system already interacts: we are talking, in particular, about the web plugin Cryptomissile defense EDS and the service. CryptoPro DSS At the same time, the updated functions are available to users as well Windows. Linux The possibilities of using the product in various environments business processes and in general are greatly expanded.

In order to develop the functionality of managing certificates of information systems and services, Avanpost PKI created an IC Agent for Linux operating systems. It is an analogue of the regular Product Agent, but operates on the information system server and does not depend on the user's session. The IS agent allows you to automate the procedures for remotely creating key pairs and generating requests for certificates directly on the information system server. It also becomes possible to install already issued certificates or certificates and private keys directly on the server. An additional plugin system implemented in the IS Agent makes it possible to configure the installed certificate: for example, set it as a site certificate in Nginx or some other service.

The IS agent for Linux allows Avanpost PKI to support operating systems such as RHEL, CentOS, Debian, Ubuntu, Oracle Linux, Fedora, Astra Linux. The product now has much greater capabilities for managing service certificates and much greater automation potential.

File:Aquote1.png
The relatively recently created module, the Integration Gateway, was also developed in Avanpost PKI. As a result of its improvement, the product is able to perform all the functions of managing information systems and their certificates - this allows Avanpost PKI to further adhere to the ACME-like approach in this area. In addition, the Integration Gateway has functions for managing electronic applications. They give the product the opportunity to create intersystem integration solutions and seamlessly introduce the Avanpost PKI product into the company's IT infrastructure, "said Evgeny Galkin, system architect of Avanpost.
File:Aquote2.png

Also, Avanpost PKI can now work with key media "Foros" of the company "SmartPark": for example, with the R301 of FOROS USB and a smart card FOROS. All management and accounting operations of these key media supported by the product are available to users. Thanks to the support of new types of key media, the system has significantly expanded its application capabilities out of the box.

Avanpost PKI v 6.0 compatibility with Foros key media

In December 2021, specialists from Avanpost and SmartPark, a developer of information security tools, completed compatibility tests for key FOROS media and a system for managing all elements of the public key infrastructure from the single Avanpost PKI v 6.0 center.

Interacting with Avanpost PKI, USB keys and FOROS smart cards provide the development of a qualified electronic signature and storage of certificates of certification centers, two-factor authentication of users in information systems, and also provide the ability to administer and perform the full range of functions crypto provider "CryptoPro CSP."

Avanpost PKI v. 6.0 successfully works with POROS media that have passed the qualification procedure for compliance with the requirements FSTEC of Russia information security for the 4th level of trust: R301 POROS USB; PHOROS smart card; R301 FOROS USB for " CIPF CryptoPro CSP"; FOROS smart card for CIPT "CryptoPro CSP." The system also works with media implemented on the basis of the certified CIPF Foros 2: R301 FOROS USB for CIPF "CryptoPro CSP" (certificate); FSB FOROS smart card for CIPT "CryptoPro CSP" (FSB certificate).

According to the results of tests conducted by the specialists of the Avanpost and SmartPark companies, the partners signed a compatibility certificate. The document indicates that POROS devices are recommended key media for Avanpost PKI v 6.0 and later versions of the system.

File:Aquote1.png
All POROS key media management and accounting operations supported by Avanpost PKI v 6.0 are now available to users. Thanks to the support of new types of key media, the system has significantly expanded its application capabilities out of the box, "said Alexander Sanin, commercial director of Avanpost.
File:Aquote2.png

File:Aquote1.png
Confirmed by tests, the compatibility of SmartPark products with Avanpost PKI expands the capabilities of customers to select key and identification information carriers, the ability to optimize their use and ensure the effective protection of their confidential data, - commented Dmitry Sergeyev, head of smart technology at SmartPark.
File:Aquote2.png

Module "IE Agent"

On August 10, 2021, Avanpost announced the expansion of the Avanpost PKI corporate public key infrastructure management system. In the updated version, the "Agent IS" module began to function, automating the remote creation of key pairs and the generation of requests for certificates. Also, the product has the opportunity to integrate with the Unified Digital Platform of the Certification Center of the Federal Tax Service of Russia (TC FTS RF). Changes have also occurred in the personal account: its interface has become more ergonomic.

Avanpost PKI

According to the company, the functions and tools that appear in Avanpost PKI increase the integration capabilities of the system and provide deeper and more comprehensive automation of PKI infrastructure management.

The developers have expanded the functionality of managing certificates of information systems (IS) and services. Thus, administrators have the opportunity to set and configure additional IE attributes through an editable reference book. Support for working with arrays of IP addresses and DNS names was also expanded, including their automatic substitution immediately into a certificate request (as an array). In the personal account of the administrator and owner of the IC, the "My IS" section is available, in which he can view the list of certificates and key media, download the certificate and key in the PFX container, as well as the PIN code from the key media.

The "IS Agent" module, which appeared in the updated version of Avanpost PKI, is analogous to the previous "Agent," but operates on the system server and does not depend on the user's session. It allows you to automate procedures for remotely creating key pairs and generating certificate requests directly on the server. The module also automatically installs those certificates that have already been issued and private keys on it. An additional plugin system allows you to configure the installed certificate, for example, set it as a site certificate in IIS or put it in a directory. Using the business process engine built into Avanpost PKI earlier and the updated capabilities implemented for IP, users can easily build fully automatic certificate reissue processes.

Also, Avanpost PKI can now be integrated with the Unified Digital Platform of the Certification Center of the Federal Tax Service of Russia when issuing certificates and preliminary verification of electronic applications in the services of the interdepartmental electronic interaction system (SMEV). The product supports two scenarios: split and full. When the first check in SMEV is carried out regardless of the issue of the certificate and can be built and processed in any order and according to a variety of rules. In the full validation scenario, the checks are fully delegated to the Unified Digital Platform - Avanpost PKI only controls the status of the operation.

The updated functionality allows you to create on the basis of the product a full-fledged workplace of the TC Operator of the Federal Tax Service of the Russian Federation. You can submit an electronic application for the issuance of a certificate in it either manually or automatically, for example, using integration with external information systems.

Avanpost PKI also completely redesigned the user's personal account design. There were several reasons for the changes: an increase in the scale of implementation of the product, the peculiarities of its use by customers and their wishes. As a result of the joint work of designers and developers, the personal account interface has become much more convenient and ergonomic.

File:Aquote1.png
Avanpost PKI is gradually gaining more and more different functions that allow it to be used to build modern processes for managing all elements of the public key infrastructure. The functions that appeared in the updated version give a significant synergistic effect. The product now has mechanisms to automatically update certificates.

noted Evgeny Galkin, system architect of Avanpost
File:Aquote2.png

Functionality for automated management of public key infrastructure

On March 30, 2021, Avanpost, a Russian developer of enterprise identification and access control systems (IDM), announced the expansion of the functionality of the Avanpost PKI corporate public key infrastructure management system .

Avanpost PKI

According to the company, the updated capabilities of the product are associated both with the further development of its integration capabilities and expanded support for key industry standards, and with the provision of deeper and more comprehensive automation of various business processes for managing the PKI infrastructure.

So, in the latest version of Avanpost PKI, support was implemented out of the box for all accounting and management operations of key media types - flash drives and USB tokens Sberbank"" (Token++; Token++ Light и VPN-key TLS). The updated product expanded support for the token line and, smart cards JaCarta including the combined JaCarta containing PKI, GOST and GOST2 applets.

In the updated Avanpost PKI, certification centers services GlobalSign CheckPoint and ICA were added to the list on the software complexes of which you can organize the issuance of certificates. Although CheckPoint ICA support has already been implemented earlier, however, with the change in the product itself and the advent of updated functions in it, this integration solution has been completely redesigned and now supports the updated functionality of distributing certificates and keys. In turn, GlobalSign support allows you to integrate interaction with this certification service into corporate processes for managing public key infrastructure, along with common corporate certification authorities such as CA Microsoft or. CryptoPro CT 2.0 Thus, a uniform process was created for end administrators and users to interact with both local CAs and cloud services. According to available, information support for these CAs is also not announced by any competitor of the company Avanpost. In addition, Avanpost specialists tested and confirmed the full compatibility of Avanpost PKI with 5.0, cryptographic provider CryptoPro CSP which gives users confidence that updating a product in their infrastructure will not lead to undesirable consequences.

Starting with version 6 of Avanpost, PKI has the ability to manage information system certificates (SSL certificates, technology certificates, etc.). However, if earlier this functionality was used mainly for the release and accounting of certificates and information systems, now the product supports the possibility of organizing full-fledged business processes for managing certificates of information systems with the involvement of IP owners and administrators in them. This functionality, on the one hand, provides a convenient self-service service for IP owners and administrators, and on the other hand, reduces the unnecessary burden on CA employees by involving more participants in the process. The "engine" built into the product allows you to automate a number of business processes. So, with the help of Avanpost PKI, the IP Administrator in the "Personal Account" can request a certificate or revoke it, as well as unload the finished certificate from Avanpost PKI (including in PFX format) for each of his IP. For example, Avanpost PKI independently initiates the process of reissuing a certificate after its expiration and sequentially conducts it through all its stages, including agreeing the certificate with the responsible persons and notifying the IS Administrator of readiness. The administrator will only have to go to his "Personal Account," download the finished certificate and update it directly on the server of the corresponding information system.

The outpost continues to develop key media interaction functions. Now Avanpost PKI supports viewing, monitoring and importing (if allowed by regulations and technically supported by the manufacturer of key media) certificates and private keys directly from the connected key media using the agent subsystem - including remotely. This feature will be useful in a number of product use cases: for inventory of the public key infrastructure when implementing Avanpost PKI; updating information on certificates appearing in the circuit; when creating basic functionality for auditing and controlling the appearance of unregistered certificates, as well as in order to check the presence of legitimate certificates on key media. These functions, according to the available open information, are also implemented only in Avanpost PKI.

Now Avanpost PKI has full support for authentications administrators and users in the system by certificate, including support for authentication according to GOST certificates. This ensures compliance with the requirements for authentication by the regulators, and also optimizes the organization legal of the applicability of actions in the system based on the fact of authentication. Along with support for end-to-end authentication, this function will be in demand by organizations that have completely abandoned login authentication to passwords and switched to certificate authentication (primarily credit and financial institutions). Note that in addition to user authentication, Avanpost PKI agent certificate authentication has been implemented, which provides additional protection for the agent-to-agent interaction process, and server also allows agents to be used in heterogeneous and non-infrastructures domain.

Avanpost PKI now has the ability to flexibly configure "dynamic" certificate templates. The presence in Avanpost PKI of full-fledged information about employees, information systems, companies, etc., as well as dynamic certificate templates, allows you to calculate their parameters (as well as track the very fact that certain parameters fell into the certificate or request). For example, allowing access to a system that is authenticated by a certificate will automatically add an extension (for example, EKU) to the certificate request that is responsible for accessing the system. In addition, when generating a certificate request, according to the template settings, the administrator can directly add or remove any extensions (for which this is allowed in the certificate template settings). This is the basis for further flexible customization of complex business processes, which, in turn, makes the product more adaptive and takes into account the individual needs of certain customers.

A module, the Integration Gateway, was added to Avanpost PKI. Its task is to meet the needs of integration with Avanpost PKI external information systems. At the first stage, all the functions of subject management were implemented, as well as the main methods for creating requests for certificates (submitting requests with the launch of the review and approval procedure) and obtaining issued certificates. The integration gateway allows you to create a full-featured infrastructure service based on Avanpost PKI, build and fully automate the processes of issuing and updating certificates, as well as connect Avanpost PKI to a corporate IDM system or other source of data about entities. An example of such a solution is the organization of certificate issuing processes for class systems, RBS where the request is created directly by the client on the RBS side, and then imported, reviewed and issued to Avanpost PKI. Thus, Avanpost PKI abstracts all external systems from the peculiarities and difficulties of implementing integrations with all types of TC software systems, unifies the integration process and at the same time remains a system for monitoring and accounting for entities and infrastructure objects of open keys. In the future, it is planned to develop the capabilities of the Integration Gateway both for managing information systems and their certificates (as well as creating ACME, Automated Certificate Management Environment), and for managing accounting objects - key media and. CIPF

2020

Ability to work with the Windows registry as a virtual key media

The company Avanpost - Russian the developer of systems identifications and access control to information resources of the enterprise () - IDM officially announced the release of the updated version of the Avanpost software product, PKI which took place as part of the development of the 6th stage release of this. ON This became known on August 18, 2020. Complementary, diverse enhancements simplify the application of Avanpost PKI in large organizations, reducing the cost of product research and administration. At the same time, combining the functionality and well-known functions of Avanpost PKI gives a synergistic effect, expressed in increasing the level of automation of complex processes (for example, depositing keys and restoring them from duplicates, issuing various template certificates - for authentications ,, etc.). domain enciphering email All this simultaneously increases both the user level information security and the convenience and efficiency of providing access to. to data

Avanpost PKI

According to the company, users have at their disposal a fully functional system that allows transferring certificates and keys to any key media connected to the system, as well as to the registry. OS Windows At the same time, attention is paid to ergonomics and simplification of work. So, to load a certificate and a key into a registry computer located in another city, one click of a button is enough. It is also easy to delete certificates and keys from key media, and to cancel erroneous actions, there is an automatic recovery function, which allows, for example, to forcibly restore a certificate removed from the user's computer. In addition, the system allows you to automatically maintain an identical set of keys on all computers on which the user is running. This is true in remote work systems and in environments VDI where the number of jobs assigned to users is usually small. Operations can be performed by the system both immediately and in deferred mode, for example, when the desired key medium has appeared in the perimeter of the system.

Another important innovation is the fully implemented work with the Windows OS registry as a virtual key media. Avanpost PKI can now perform all management functions applicable to the registry, for example, create keys in the registry of a remote computer, install or update a certificate or key, etc. This simplifies administration and distribution and timely updating of certificates and keys in information systems of large organizations.

It is even easier to solve such problems with an improved mechanism for synchronizing the Avanpost PKI user directory with employee data sources. So, now automatic synchronization is supported with address books - an updated source of data about employees of the organization. In addition, support for the so-called "distant" translations has appeared, when information about the employee can move not only between the nodes of the organizational and staff structure, but also between the data sources themselves. Automatic synchronization management (for example, its forced blocking for certain workers) allows you to integrate PKI automation into the processes of complex personnel changes, while taking into account the peculiarities of data sources and preventing related problems. Synchronization, controlled by a full set of parameters, can be performed both immediately and on a schedule.

There are a number of other improvements that further improve the consumer characteristics of the updated version of Avanpost PKI. Among them:

  • expansion of accounting and control functionality, including categorization according to various business logic-based criteria, as well as improvement of standard reports (for example, logs of issued key media), delimitation of access to log content and other improvements)
  • the ability to create certificate requests and key pairs only on the system server (without the use of locally installed software agents). This is useful in many cases, for example, for users who work with corporate information using mobile devices, or when creating certificates for information systems (for example, SSL certificates), when the use of physical key media is absent at all. In Avasnpost PKI, all functions for working with ordinary certificates are available for such certificates, including writing to a PFX file, installing on key media, downloading, etc.
  • broader functions of monitoring the validity of certificates, including monitoring the validity of a private key. This function for August 2020 is in demand due to the widespread practice, when certification centers, issuing certificates, additionally limit the validity of the private key. It is often much more difficult to monitor the validity of the latter than the validity of the certificates themselves, since for a private key, the relevant information can only be contained in a dedicated extension for this purpose. Avanpost PKI automatically solves this problem and performs all the necessary control.
  • strengthening control over the operation of the agent subsystem, thanks to which Avanpost PKI has a remote suspension and disconnection of the software agent, as well as control over the details of the event log and remote reading of the Agent's logs.

Obtaining FSTEC certificate for level 4 control

Outpost, a Russian developer of enterprise identification and access control systems (IDM), announced the completion of certification of the latest version of the Avanpost PKI software product for information security requirements with the Federal Service for Technical and Export Control (FSTEC of Russia). This became known on June 30, 2020. Certification tests were carried out by the laboratory of NPO Echelon JSC. The certificate of conformity No. 4254 is included in the state register of the certification system for information protection means . The previous version of the product was also certified by the FSTEC of Russia as part of the Avanpost software complex.

The certificate certifies that Avanpost PKI software complies with the functionality stated in the Technical Specifications, and also meets the requirements for the absence of undeclared capabilities (EID) in level 4 control. This is the highest level for software that processes information that is not a state secret.

Since the main users of the Avanpost PKI product are accredited CAs, timely obtaining the FSTEC certificate is a necessary step to allow Outpost to develop projects with existing ones and start working with new customers.

The source noted that certification is part of the company's system of measures aimed at not only achieving compliance of Avanpost PKI software with formal requirements, but making it quite functional and really convenient for all promising categories of CA. Among such works is the assessment of the correctness of embedding GOST cryptography in Avanpost PKI, which is taking place in June 2020. This is another important criterion for compatibility of the software product with accredited CAs. Changes in its functional characteristics will appear in minor versions of Avanpost PKI and undergo appropriate control in the testing laboratory. As a result, this software should be the optimal system-forming IT solution for this category of customers.

2019: Avanpost PKI 6.0

On August 20, 2019, Outpost officially announced the release of a milestone release of its public key infrastructure management software product, Avanpost PKI 6.0. This version significantly expands the capabilities of this system: it meets the needs of customers, fully supports the work of corporate CA, brings to the next level work with virtual (cloud) media, supports workstations on OCLinux, allows you to combine the release of media with several certificates and other information into one operation, and also contains a number of other improvements.

Avanpost PKI

According to the company, as of August 2019, PKI 6.0 is a PKI infrastructure management system that meets the current and future needs of customers - federal government agencies, corporations and geographically distributed companies. Their requirements have become much more complicated and moved from the plane of accounting and automation of media preparation to the level of control over the complex of PKI infrastructure service processes. Version PKI 6.0 was developed taking into account the increased requirements and with an eye to the further need to develop cryptographic services as part of the informatization process.

==