SSL-TLS VPN Criteria 5.0

The ICSA Labs SSL-TLS VPN Certification Criteria was developed for testing SSL-TLS VPN products that provide secure remote access to enterprise resources.  It is an industry-accepted standard that all products claiming to have SSL-TLS capabilities should aim to attain.

The security testing criteria requirements permit product developers to be tested as either a Layer 3 VPN (L3VPN) or as a Reverse Web Proxy (RWP). Proper implementation of TLS, management/validation of certificates, enforcement of auth policies, and session control and cleanup are also covered in the the criteria requirements and examined during testing.