Data diode certifications: an overview

For security appliances, there is a wide array of certifications, varying from state-regulated to industry-related ones. More and more, governments create rules and regulations that enforce the use of certified equipment for specific government institutions and industries, such as (nuclear) power plants or water management systems.

It seems that the US and Asia are taking the lead and focus specifically on uni-directional technology for critical environments.

Probably the most well-known type of security certification is the Common Criteria for Information Technology Security Evaluation standard, abbreviated as Common Criteria or CC. Common Criteria provides a framework in which computer system users can specify their security requirements, which can then be implemented by vendors.

The standard requires independent testing laboratories to evaluate products to determine if they actually can confirm the vendor’s claims. In other words, Common Criteria provides assurance that the process of specification, implementation and evaluation of a computer security product has been conducted in a rigorous, standard and repeatable manner at a level that is equivalent with the target environment for use. The CC has 7 Evaluation Assurance Levels, from EAL1 to EAL7.


  • EAL1 focuses on functional testing. An evaluation at this level should provide evidence that the appliance functions in a manner consistent with its documentation, and that it provides useful protection against identified threats.
  • EAL2 is applicable in circumstances where developers or users require a low to moderate level of independently assured security in the absence of documentation, for example when securing legacy systems.
  • EAL3 focuses on a methodical test and check in order to gain maximum assurance from positive security engineering at the design stage, without substantial alteration of existing sound development practices.
  • EAL4 permits to gain maximum assurance from positive security engineering, based on good commercial development practices which, even though rigorous, do not require substantial specialist knowledge, skills, and other resources.
  • EAL5 offers maximum assurance from security engineering, based upon rigorous commercial development practices supported by moderate application of specialist security engineering techniques.
  • EAL6 appliances are engineered to protect high-value assets against significant risks. They are semi-formally tested.
  • This sets them apart from EAL7, which includes a formally verified design and testing. Some appliances can get an EAL7+ level, which is an augmented EAL7 variant.

The Fox DataDiode has an EAL7+ certification.


In addition to the CC, there are other certifications for security appliances, including NATO Secret. NATO allies use four levels of security classification, from most to least classified. At the top there is COSMIC TOP SECRET (CTS), followed by NATO SECRET (NS), NATO CONFIDENTIAL (NC) and NATO RESTRICTED (NR).

The Fox DataDiode has a NATO SECRET certification.

German government

The German Federal Office for Information Security (BSI) is the national cyber security authority in Germany. It works closely with technology vendors to ensure safe use of digital tools. The BSI certifies technology products on security.

The Fox DataDiode has a BSI certification.


The NL-NCSA certification is handled by the NBV, which is part of the Dutch intelligence department AIVD. The NBV evaluates security products and advises the Dutch government on their use.

The Fox DataDiode has a NL-NCSA certification.

For a more secure society
  • Experts
  • Services
  • Technology