Security-critical products assessed by NCSA-FI at the Finnish Transport and Communications Agency (Traficom)

When implementing security-critical products, it is important to note that the assessment report may include additional conditions. When planning new systems or in unclear situations, it is recommended to contact Traficom´s NCSA function. For products evaluated to protect nationally classified information, key management solutions are also included in the assessment, either as part of the SAA´s system approval process or through separate procedures. 

The list includes security-critical products assessed by Traficom´s Cyber Security Center, which can be used as part of systems that process classified information. The products on the list have been approved for protecting the confidentiality and integrity of information in high-threat environments.

Guidance on applying the products on the list to other threat levels in existing systems can be obtained from Traficom´s NCSA function if needed.

Securing national classified information up to security classification level TL II

INSTA Yhdyskäytävä FDDv3-10r-F

Type: Data diode gateway
Manufacturer: Insta Advance Oy
Security classification level: TL IV, III, II
Assessed versions and validity:

• Version 2.0.1: validity until 20 December 2026 (granted 20 December 2023)
• Version 2.2.1: validity until 16 December 2027 (granted 16 December 2024)

Conditions:
Safe use requires compliance with the usage policy established by Traficom. The instructions can be obtained from the manufacturer or Traficom´s NCSA function.

INSTA Yhdyskäytävä FDDv3-1r-F

Type: Data diode gateway
Manufacturer: Insta Advance Oy
Security classification level: TL IV, III, II
Assessed versions and validity:

• Version 2.0.1: validity until 20 December 2026 (granted 20 December 2023)
• Version 2.2.1: validity until 16 December 2027 (granted 16 December 2024)

Conditions:
Safe use requires compliance with the usage policy established by Traficom. The instructions can be obtained from the manufacturer or Traficom´s NCSA function.

Reaktor CDG yhdyskäytävä

Type: Data diode gateway
Manufacturer: Reaktor Innovations Oy
Security classification level: TL IV, III, II
Assessed versions and validity:

• Version 2.1.1: validity until 13 June 2026 (granted 13 June 2023)
• Version 2.3.2: validity until 20 June 2027 (granted 20 June 2024)
• Version 3.1.1: validity until 4 April 2028 (granted 4 April 2025)
• Version 3.2.1: validity until 21 August 2028 (granted 21 August 2025)
• Version 3.3.0: validity until 21 August 2028 (granted 21 August 2025)

Conditions:
Safe use requires compliance with the usage policy established by Traficom. The instructions can be obtained from the manufacturer or Traficom´s NCSA function.

Digia Linja yhdyskäytävä

Type: Data diode gateway
Manufacturer: Digia Finland Oy
Security classification level: TL IV, III, II
Assessed versions and validity:

• Version 26.3.0: validity until 26 March 2027 (granted 26 March 2026)

Conditions:
Safe use requires compliance with the usage policy established by Traficom. The instructions can be obtained from the manufacturer or Traficom´s NCSA function.

Navielektro L2 Data Diode

Type: Data diode
Manufacturer: Navielektro Ky
Security classification level: TL IV, III, II
Assessed versions and validity:

• Version 1.0: validity until 4 April 2028 (granted 4 April 2025)

Conditions:
Safe use requires compliance with the usage policy established by Traficom. The instructions can be obtained from the manufacturer or Traficom´s NCSA function.

Navielektro enGuard CDS yhdyskäytävä

Type: Data diode gateway
Manufacturer: Navielektro Ky
Security classification level: TL IV, III, II
Assessed versions and validity:

• Version 1.5.1: validity until 15 April 2029 (granted 15 April 2026)

Conditions:
Safe use requires compliance with the usage policy established by Traficom. The instructions can be obtained from the manufacturer or Traficom´s NCSA function.

Securing national classified information up to security classification level TL III

Digia Kevyt Linja yhdyskäytävä

Type: Gateway (diodeless)
Manufacturer: Digia Finland Oy
Security classification level: TL IV, III
Assessed versions and validity:

• Version 25.1.0: validity until 2 June 2026 (granted 4 June 2025)
• Version 26.3.0: validity until 26 March 2027 (granted 26 March 2026)

Conditions:
Safe use requires compliance with the usage policy established by Traficom. The instructions can be obtained from the manufacturer or Traficom´s NCSA function.

Reaktor CDG yhdyskäytävä (dioditon malli)

Type: Gateway (diodeless)
Manufacturer: Reaktor Innovations Oy
Security classification level: TL IV, III
Assessed versions and validity:

• Version 2.3.2: validity until 20 June 2027 (granted  20 June 2024)
• Version 3.1.1: validity until 4 April 2028 (granted  4 April 2025)
• Version 3.2.1: validity until 21 August 2028 (granted  21 August 2025)
• Version 3.3.0: validity until 21 August 2028 (granted  21 August 2025)

Conditions:
Safe use requires compliance with the usage policy established by Traficom. The instructions can be obtained from the manufacturer or Traficom´s NCSA function.

Protection of NATO classified information in national communication and information systems

Navielektro L2 Data Diode

Type: Data diode
Manufacturer: Navielektro Ky
Security classification level: NR, NC, NS
Assessed versions and validity:

• Version 1.0: validity until 4 April 2028 (granted 4 April 2025)

Conditions:
Safe use requires compliance with the usage policy established by Traficom. The instructions can be obtained from the manufacturer or Traficom´s NCSA function.

Navielektro enGuard CDS yhdyskäytävä

Type: Data diode gateway
Manufacturer: Navielektro Ky
Security classification level: NR, NC, NS
Assessed versions and validity:

• Version 1.5.1: validity until 15 April 2029 (granted 15 April 2026)

Conditions:
Safe use requires compliance with the usage policy established by Traficom. The instructions can be obtained from the manufacturer or Traficom´s NCSA function.

Reaktor CDG yhdyskäytävä

Type: Data diode gateway
Manufacturer: Reaktor Innovations Oy
Security classification level: NR, NC, NS
Assessed versions and validity:

• Version 3.2.1: validity until 21 August 2028 (granted  21 August 2025)
• Version 3.3.0: validity until 21 August 2028 (granted  21 August 2025)

Conditions:
Safe use requires compliance with the usage policy established by Traficom. The instructions can be obtained from the manufacturer or Traficom´s NCSA function.

Latest changes:

• 18.12.2024: INSTA Gateway version 2.2.1 assessed. Older versions with expired approval have been removed from the list.
• 14.2.2025: Digia Linja yhdyskäytävä version 25.1.0 added to the list.
• 10.4.2025: Reaktor CDG version 3.1.1 and Navielektro L2 Data Diode added to the list.
• 6.6.2025: Digia Kevyt Linja yhdyskäytävä version 25.1.0 added to the list.
• 2.9.2025: Reaktor CDG version 3.2.1 added to the list.
• 27.2.2026: Navielektro enGuard CDS 1.5.0 added to the list.
• 27.4.2026: Added Digia Linja yhdyskäytävä version 26.3.0, Reaktor CDG yhdyskäytävä version 3.3.0 and Navielektro enGuard CDS yhdyskäytävän version 1.5.1 to the list.

Lifecycle management and overwriting products

PiceaServices Volume Eraser

Type: Destruction of information with security classification level IV on Android and Apple iOS mobile devices
Manufacturer: Piceasoft Oy
Assessed version: 4.17.2.35
Validity: valid until further notice (granted 21 December 2021)
Conditions: As part of the assessment, a usage policy has been developed for the product, which must be followed in order for the approval to remain valid.

YouWipe

Type: Destruction of information on magnetic hard disks and SSDs, and on Android and Apple iOS mobile devices (TL IV)
Valmistaja: AllWipe Oy
Assessed version: 4.1.29
Validity: valid until further notice (granted  15 June 2020)
Conditions: As part of the assessment, a usage policy has been developed for the product, which must be followed in order for the approval to remain valid.