As Data Centre security provider with over 15 years industry experience, we often receive enquiries for IL (Impact Level) rated security cages or enclosures. In this blog, we will try to put this misunderstanding to rest – here’s what you really need to know about Impact Levels.
What must be remembered is that IL (Impact level) is not a security rating of the specific product but accreditation of the Information Security Management system.
Security or server cages make up only one small part of a large complex of security measures and controls that must be in place for access to the platform and access to the data on the platform. The server cage is the last piece of the puzzle in this system to segregate servers and protect data, but on its own, it is wholly unable to achieve required Impact Level accreditation.
Industry expert Neil McRae has succinctly and helpfully explained the real meaning behind Impact Level certification; the following is taken from his A Dinner Table Guide to CESG Accreditation, in the sections which he writes on Impact Levels:
IL2 (2-2-4) – Protected (Confidentiality- Integrity-Availability)
- IL2 covers primarily ensuring that your platform has high availability and that there are basic controls in place for access to the platform and access to the data on the platform.
- Takes ISO 27K and specializes it towards Telecommunication suppliers
- The government requires IL2 for service providers to supply services.
o Local government less so but moving in that direction
o CESG Assured Service is now focused on this for PSN.
o If you want to offer services to the government then you are going to have to do this sooner or later.
IL3 (3-3-4) – Restricted
- Baseline for most central government projects (In my experience) – PNN / GSI
- Requires (SC) security cleared operatives and stronger controls on access (integrity) and stronger controls on confidentiality
- Requires complete segregation.
- Now typically requires encryption overlay layer, didn’t before.
- Quite expensive to build, run and operate.
o Can’t share systems – e.g. your Trouble Ticket system needs to be inside the IL3 bubble and separate to anything else
- Can’t really use offshore people in this space
IL4 (4‐4‐4) ‐ Conﬁdential
Builds on IL3
- Typically requires DV (Deep Vetted) security cleared operatives.
o Home Oﬃce / FCO / MOD
IL5 Secret and IL6 Top Secret (I’d have to shoot you)
o MOD / Security Services
Cross-Guard can provide various security cage options that will satisfy required Impact level accreditation:
Connexions cage system – doesn’t have a security rating, although it has been previously supplied to satisfy Impact Level requirements. In order to satisfy IL accreditation requirements, security cages constructed rather slab to slab or at 2.4 – 2.7m high with roof and underfloor barrier. The cage panels made from 2mm thick steel with 6mm or 12.7mm holes. The cage doors incorporate a combination of the electromagnetic locks with additional key operated two-point locking system that has been tested on our CX2 grille range by LPCB (Loss Prevention Certification Board) to the industry standard LPS 1175 security rating 1 and by Secured by Design as a “ Police preferred specification.”
Extendor cage system – certified. Extendor caging systems, Vulcan and Eclipse, certified by LPCB (Loss Prevention Certification Board) to SR 2 and 3 security rating and CPNI (the Centre for the Protection of National Infrastructure) approved.
If you’re after server cages for all your data security needs, do not hesitate to contact Cross-Guard today.
For more of Neil McRae’s ‘A Dinner Table Guide to CESG Accreditation’, the full text is available online at www.uknof.org.uk/uknof19/McRae-Security_levels.pdf