CoCo Compliance
simplifying and securing information flows

CoCo: simplifying and securing information flows

Obtaining sensitive personal data of citizens needs to remain easy for government employees. However, it must remain secure from hackers and fraudsters. Therefore Government Connect enforces the usage of the Government Connect Secure extranet (GCSx) when exchanging sensitive information. By centralizing the information on the extranet, the public sector can benefit from this secured communication channel. It can improve reputation and gain public confidence and enhance citizen centric services.

Besides exchanging sensitive information on a common platform, GCSx allows you to securely access applications and exchange emails. By storing information at a central location, the data doesn’t need to be sent over the internet or by post, making them less vulnerable for interception. Information can now be shared by the right people in an instant.

Obtaining CoCo Compliance

CoCo compliance is obtained when local authorities comply with the list of security requirements. These requirements prescribe the following criteria need to be met:

• Secure mobile access to government applications
• Enhanced user authentication and controlled public access
• Enforce the usage of more complex passwords

By implementing a strong two-factor authentication solution based on dynamic, one-time passwords, the CoCo security requirements can be met. Dynamic passwords are generated by a DIGIPASS, that generates a unique code every 32 seconds. This code is then used in combination with your username and/or PIN code whenever you need to logon remotely or enter a government application.

The fact of combining something you know (a username or a PIN code) with something you have (a one-time password generator), is what is called in industry terms: strong user authentication; which is what the CoCo criteria stipulate.

Remembering complex passwords is no longer needed, with one push on the button of the DIGIPASS device, you receive a unique code that will allow you to access your applications regardless of the place where you are working from. This unique code can only be used once and is valid for a limited period in time, thus preventing identity theft and data leakage.

Strong Authentication Solution Benefits

• Complies with the most stringent government standards
• Seamlessly works over any network and traverses any firewall
• Access to web, applications, and to files from a single solution
• Significant savings in user costs because deployment isn’t necessary
• Complete solution at a competitive total cost of ownership and return on investment

Fast Facts

• In March 2008 there were 76.8 million National Insurance numbers in the UK, with a population of 61 million.
• 77,500 cases of identity and impersonation fraud were reported in 2007, UK only.