We are happy to announce that VMware Horizon 8 is now certified for Common Criteria compliance by the National Information Assurance Partnership (NIAP). This achievement is in addition to Horizon Cloud Service recently being authorized to operate in FedRAMP® and StateRAMP® High environments. This NIAP certification means Horizon 8, recognized as a leader in VDI and apps, can be used in U.S. national security systems. Horizon is also Product Compliant List certified, which means it can be leveraged by other nations that follow the Common Criteria Recognition Arrangement (CCRA).
What is NIAP Common Criteria compliance?
The NIAP manages a national program to evaluate and certify the Commercial-Off-The-Shelf (COTS) technology products against the internationally agreed Common Criteria (CC). This program includes the NIAP-managed Common Criteria Evaluation and Validation Scheme (CCEVS), developed through a partnership between the private and public sectors. The CCEVS focuses on validating security requirements under CCRA for the United States and 31 nations. It helps to develop protection policies, evaluation methodologies, and policies that ensure achievable, repeatable, and testable security requirements. To receive this certification for Horizon and its components, VMware worked with Leidos as an NIAP-approved commercial testing lab.
The NIAP certified Horizon per its Product Compliant List (PCL), including various Horizon components such as:
- VMware Horizon Client under NIAP VID 11357, and on the international CCRA Certified Products List under the “Other Devices and Systems” category.
- VMware Horizon Agent under NIAP VID 11358, and on the international CCRA Certified Products List under the “Other Devices and Systems” category.
- VMware Horizon Connection Server under NIAP VID 11359, and on the international CCRA Certified Products List under the “Other Devices and Systems” category.
- VMware Unified Access Gateway under NIAP VID 11360, and on the international CCRA Certified Products List under the “Other Devices and Systems” category.
Overview of Horizon components
Let’s examine these Horizon components in detail.
- Horizon Client is an app that users leverage to connect to the virtual desktop from a device of their choice, such as a device based on Windows, macOS, or Linux.
- Horizon Agent allows the virtual desktop to be managed by connection servers and to form a protocol session to a virtual desktop.
- Horizon Connection Server helps to authenticate end users for a session using Active Directory and to connect to the Horizon agent.
- Unified Access Gateway provides secure connections to Horizon without a VPN for users who are outside their corporate network.
Benefits of the NIAP certification for federal customers
After understanding the components above, let’s explore the benefits this NIAP certification will provide to our federal Horizon 8 customers.
Deliver a great user experience with secure desktops and applications
This NIAP certification allows Horizon federal customers to use secure, reliable, and compliant virtual desktops and applications. End users will enjoy a great user experience on the device of their choice wherever they are, without sacrificing security. Additionally, VMware’s Blast Protocol provides Real-Time Audio-Video (RTAV) optimization for virtual meetings and conferencing tools such as Skype, Teams, and Zoom. Plus, with support for Personal Identity Verification (PIV) cards, federal customers have better control over who is using their VDI environment.
Leverage a hybrid solution for VDI
Although most federal agencies use data centers for VDI and app services, they might want to leverage a hybrid solution for specific use cases, such as when there is a need for extra capacity or for their disaster recovery solution. All VDI management can be done from a single pane of glass through the Horizon Console, which can be used by federal customers in either on-premises or authorized cloud environments.
Support for classified domains
Horizon now meets requirements for any non-classified and classified data and operations. Federal customers can leverage this solution in Controlled Unclassified Information environments and the National Security Agency’s Commercial Solutions for Classified program.
For more detailed information on the Horizon 8 NIAP certification, read this Tech Zone blog.