Test Criteria

What Does a Secure SD-WAN Need to Provide in Order to Pass?

A summary of the requirements that ICSA Labs tests in its Secure SD-WAN testing service are listed below:
  • Support for multiple WAN paths;
  • Dynamic path selection;
  • Auto-provisioning of SD-WAN edge devices;
  • Support for advanced security functions (inherent or via service chaining);
  • Identification and authentication for administrative users;
  • Secure remote administration;
  • Can configure, disseminate & enforce policies @ SD-WAN edge devices;
  • Confidentiality of in-transit administrator communications;
  • Confidentiality of any sensitive data in-transit;
  • Capability to perform secure remote upgrades of SD-WAN edge devices;
  • Real-time metrics + reporting of data items & relevant status information;
  • Logs with relevant data for a selection of security, operational & admin events;
  • Industry-accepted crypto for protecting remote administration sessions;
  • Industry-accepted crypto for protecting in-transit administrative data;
  • Industry-accepted crypto for protecting in-transit sensitive data;
  • Invulnerable to known attacks;
  • Introduce no vulnerabilities to any systems.
Please review the full draft set of criteria.   Because it is a "draft" set of criteria requirements (and will remain so until tested products begin to attain certification), ICSA Labs welcomes any feedback from enterprises and SD-WAN vendors alike.
DRAFT_Secure_SD-WAN_Criteria_v0.93.pdf189.54 KB