Crestron’s line of DM NVX® AV-over-IP solutions has picked up accolades from trade publications and customers alike, and the products have been on the U.S. DoD Approved Product List (APL) since 2019. Meeting the needs of the security conscious — in both the government and enterprise sectors — has long been a point of pride for the company.
But there’s been a call — from both the U.S. government and the international community — to certify that line of products according to what’s called the “Common Criteria” (technically, the Common Criteria Evaluation and Validation Scheme). Now the DM NVX family of products have received that certification, granted by NIAP, the National Information Assurance Partnership, that oversees the implementation of the Common Criteria in the United States. (Officially, the products were found to conform to the collaborative Protection Profile for Network Devices, or cPPND.)
For the uninitiated, that alphabet soup means simply this: NIAP certification opens up new avenues for the DM NVX including both non-DoD government agencies and government entities around the world. “NIAP certification and the Common Criteria for Information Technology Security Evaluation (CC) is recognized worldwide by 31 countries, so multinational corporations can be reassured they are choosing a solution that can be deployed as a global standard,” notes Crestron’s Senior Director of Product Management (AV Solutions) Andrew Ludke.
Michael DiBella, Crestron’s director of commercial product marketing, says, “For my money, what makes NIAP and our other certifications notable is that they show how we are uniquely qualified to help organizations support the most aggressive security, compliance, and risk mitigation policies and standards. As systems become ever more complex, data breaches and general security vulnerabilities arguably pose the greatest threat to any organization — and while Crestron commits significant resources to output and performance (including video and audio integrity), we apply the same effort to security.”
Testing — and More Testing
“NIAP CCEVS oversees evaluations of commercial IT products for use in National Security Systems,” Ludke explains. “The stringent testing required to achieve this certification not only enables DM NVX to be a preferred solution for some of the most secure deployments in the DoD, the NSA, and other high security and mission-critical government environments, it also provides peace-of-mind to IT and Infosec professionals everywhere who will recognize this pedigree.”
Another aspect of all of this is FIPS (Federal Information Processing Standards) certification. Both the DoD APL and NIAP certifications require the validation of certain encryption algorithms according to the FIPS and Common Criteria standards. Besides the DM NVX family of products, the 4-Series® Control Systems and 70 Series Touchscreens use FIPS certified cryptography. Crestron’s looking to expand that list. Ultimately, it’s a partnership: Crestron’s Engineering Team works closely with the Sales Team to ensure that the right certifications are sought in order to best meet customer requirements.
The job doesn’t stop once a product’s certified, of course: Because of advances in technology, the shelf-life of certifications are short-lived, and constant recertification is required — in fact, the DM NVX line just completed its second certification last month. Even a cursory glance at the news reveals that new vulnerabilities arise all the time, which underscores the constant need for a cycle of testing, patching, and re-testing.
Ultimately, pursuing these certifications is an extension of Crestron’s overall commitment to creating best-in-class products. As DiBella notes, “Moving signals is common. Moving signals while supporting security standards is very difficult. And that’s what separates us from the competition.”
For more information, see the following: