VPN software with BSI approval for government use

We support authorities, offices and companies that are bound to secrecy and that transmit data containing highly sensitive information of citizens or projects on a daily basis. The security of the communication channels used plays a special role and must comply with the recommendations and specifications of authorities and governments.

Politicians, government officials, and employees must be able to access network resources and data quickly, easily, and securely. This requirement for secure and reliable communication is made possible by the following components:

  • NCP VS GovNet Connector 2.X is approved for the protection of EU information up to the classification level "RESTREINT UE/EU RESTRICTED” and for the protection of NATO information up to the classification level "NATO RESTRICTED" (BSI-VSA-10710)
  • NCP VS GovNet server is approved for "RESTREINT UE/EU RESTRICTED" and "NATO RESTRICTED" (BSI-VSA-10711)

NCP VS GovNet Connector

With the NCP VS GovNet Connector 2.x, NCP offers the most powerful software solution for devices with a standard Windows 10 and Windows 11 operating system that is approved for use with the classification levels "RESTREINT UE/EU RESTRICTED" and "NATO RESTRICTED".  Based on the IPsec standard, highly secure data connections can be established to the NCP VS GovNet Server.

Users and IT administration benefit equally from the wide range of features which offer an advanced level of security but remain easy to use:

  • Approved by the German Federal Office for Information Security (BSI) for "RESTREINT UE/EU RESTRICTED" and "NATO RESTRICTED"
  • Support for devices with standard Windows 10 and Windows 11
  • Maximum performance and scalability
  • Flexible licensing models
  • Enhanced security integrity service
  • Central rights and configuration management
  • Strong authentication
  • Friendly net detection
  • Hotspot Logon
  • VPN Path Finder Technology (Fallback IPsec/HTTPS)
  • Quality of Service support
  • Support for Wi-Fi and mobile data

Further information

Thanks to the support of standard interfaces, the software can be combined with other approved authentication hardware (e.g. smartcard readers) or software (e.g. hard disk encryption). Signature verification based on elliptic curve cryptography is also supported.

BSI approval enables ...

  • ... the protection of EU information up to the classification level RESTREINT UE/EU RESTRICTED.
  • ... the protection of NATO information up to the classification level NATO RESTRICTED.


Users can access secure networks from anywhere in the world from computers running Microsoft Windows. NCP VS GovNet Connector supports seamless roaming to automatically switch to the best available connection medium – ideal for ‘always-on’ operation. Even if the connection medium is changed or briefly interrupted, the connection medium can maintain an application session with the NCP VS GovNet Server.

The custom branding option supports displaying a custom image or logo in the user interface of the VPN client. This also provides a visual indication that the client is the software officially provided by the authority or company.

Learn more about the full range of functions and features in Data Sheet. Please refer to our brochure for more information on the complete solution.

NCP VS GovNet Server

NCP VS GovNet Server is a highly secure VPN gateway solution for communication with RESTREINT UE/EU RESTRICTED and NATO RESTRICTED classification levels. NCP VS GovNet Server is also approved for these classification levels and is the ideal remote server for NCP VS GovNet Connector. The software solution is installed on a server (see requirements in the data sheet) using a complete image.

Information on the complete VPN solution for RESTREINT UE/EU RESTRICTED and NATO RESTRICTED can be found on our solution page.

Please refer to the Data Sheet.

Description

The NCP VS GovNet Server expands NCP’s portfolio with a highly secure variant of the NCP Secure Enterprise VPN Server for use in government environments or companies processing classified data. The gateway has been approved for processing data classified as RESTREINT UE/EU RESTRICTED and NATO RESTRICTED.

Users can be managed flexibly via the VPN gateway or back-end systems, such as RADIUS, LDAP or MS Active Directory. For security reasons, a hardened Linux operating system and privilege separation are used. The use of certificates with elliptical curves enables even more secure communication. Random numbers are generated by an approved random number generator of class DRG.4.

Benefits

  • Approved by the German Federal Office for Information Security (BSI) for "RESTREINT UE/EU RESTRICTED" and "NATO RESTRICTED"
  • Supports elliptical curves (ECC)
  • BSI tested random number generator (class DRG.4)
  • Integrated IP routing and firewall features
  • VPN Path Finder Technology (Fallback IPsec/HTTPS)
  • Automated tunnel forwarding
  • Multi-tenancy
  • Multi-processor support, highly scalable
  • Hardened Linux system; server application uses privilege separation