Mandates for National Security Systems
 

National Security Systems

At Jericho Systems, we continually work to ensure that our information assurance (IA) security software products meet the stringent requirements of national security systems.

Our technology is built in America for a secure America.



Compliance
When evaluating an IT product for security-sensitive environments, a good place to start is to determine whether that product meets validation and compliance requirements. NSTISSP #11 was primary guidance until 10 June 2013, when it was superseded by Committee on National Security Systems (CNSS) Policy No. 11 National Policy Governing the Acquisition of Information Assurance (IA) and IA-Enabled Information Technology Products.
An important program for determining if an IT product meets validation and compliance requirements for security-sensitive environments is NIST.

· NIST Federal Information Processing Standard (FIPS)
· Cryptographic Module Validation Program (CMVP)


Products that have been evaluated and validated as compliant with FIPS CMVP are identified on the CMVP Validation List.

Jericho Systems products’ FIPS status: Certified

EnterSpace Decisioning Service (ESDS) 6.5.0 and Jericho Authorization Provider (JAzP) 3.0


Specialized Requirements
In the future, certain sensitive defense systems will face additional security IT requirements as a result of provisions in “Subtitle D—Cyberspace-Related Matters” of the National Defense Authorization Act for Fiscal Year 2013. Specific baselines for those requirements, such as automated source code analysis, are currently being established.
Section 933 of the National Defense Authorization Act for Fiscal Year 2013 (Public Law 112-239) mandated the use of automated vulnerability analysis tools during the entire lifecycle of critical DOD systems. Section 942 of the National Defense Authorization Act for Fiscal Year 2014 (Public Law 113-66) builds on that to establish a joint software assurance center for the Department of Defense.
The joint office's charter would include supporting program offices in implementing DOD's supply chain risk management strategy and policies and, in coordination with the Center for Assured Software (CAS) of the National Security Agency, establishing a research and development program to improve the capability of automated software analysis tools.


Jericho Systems continues to adjust its processes to maintain full compliance as new requirements are identified.