If you’ve been following us for a while, you’ve probably read about us talking about IPv6, the latest IPv6-only mandates in the U.S. government, and technical guidance getting to an IPv6-only state. Continuing along with blog we wrote on Tayga (the open source NAT64 solution), the singular technical holdup in implementing IPv6-only in the enterprise […]
IPv6-Only Killer App: CLAT Read More »
Ivanti Policy Secure (IPS) has an implementation for doing DoD PKI Token SSH logins using x509 certificates. This method is not the traditional static RSA keys. The information below will show you how to configure each step of the way, as well as some troubleshooting steps. The Requirements For the last 20 years, DoD has
DoD PKI Token SSH CLI Login Read More »
**Update: As of 17 Feb 2023, (2) new manufacturers and (6) new FIPS 140-3 modules have been certified For vendors offering capability to the U.S. Department of Defense (DoD), the use of Federal Information Processing Standard (FIPS) validated cryptography can be a make or break feature within their products. Active FIPS certification for all
DoD Innovation Delays Culminating From the NIST CMVP Backlog Read More »
I know there’s been a lot of internet traffic on Log4j – not to mention all the drama on broken fixes, but we wanted to offer a different perspective: what are the Log4j vulnerability implications for DoD Information Network Approved Products List (DoDIN APL) testing and certification? What is the Log4j Issue? I wish this
Log4j and DoDIN APL Implications Read More »
It has been decades in the making, but the near future is crystal clear now: the DoD is mandating IPv6-only. This is different than previous pushes to move the Department to some level of IPv6 enablement – including IPv6/IPv4 dual-stack, etc. This new push comes with very specific actions. This directive also arrives at the
DoD Mandating IPv6-only Read More »
**Update: 23 April 2021 – MFA text requirement change** The time finally came for multifactor authentication in DoD. The DoD finally put their feet down on securing account access. For all devices/products coming into DoD (especially through DoDIN testing), will be held to account for the Network Device Management (NDM) Security Requirements Guide (SRG). Details
Multi-factor Authentication Now a CAT 1 in DoD Read More »
*updated 22 July 2021* A requirement for all DoD-facing systems on a network is to have a notice and consent banner. This is outlined specifically in the DoD memorandum “Policy on Use of Department of Defense (DoD) Information Systems-Standard Consent Banner and User Agreement,” from May 9, 2008. In this requirement, all systems have to
Windows IIS Server and a DoD Login Banner Read More »
For those product vendors that have been able to get listed and certified on the DoD Unified Capabilities Approved Products List (UC APL), there is a prerequisite certification required called FIPS 140-2. FIPS 140-2 is a certification program managed by the National Institute for Standards and Technology (NIST) and more specifically the Cryptographic Module Validation
NIST FIPS 140-2 RNG Transition Affecting UC APL Read More »
Tachyon Dynamics has once again helped NetApp receive its DoD UC APL Certification for the following platforms: NetApp Clustered Data ONTAP version 8.2.1 NetApp 7-Mode Data ONTAP version 8.2.1 NetApp published an article stating their satisfaction with our UC APL engineers and the quality of their work. Here’s the article: http://community.netapp.com/t5/Industries/The-Importance-of-Security/ba-p/98425 For more information on
NetApp Data ONTAP on DoD UC APL Read More »
Many enterprises in the DoD and US Federal Government are struggling with how to implement inexpensive 802.1x solutions for their wired LANs. Especially in the DoD, there are specific regulations that require the use of 802.1x on the Unclassified Networks (NIPRNet) and Classified Networks (SIPRNet). For your reference, those requirements are called Security and Technical
Inexpensive 802.1x Solutions Read More »