Information Assurance and Security
ASTi has a proven, long-term commitment to safeguarding sensitive and classified information. ASTi develops and maintains a complete spectrum of security and information assurance (IA) solutions. All ASTi products are built upon a solid security foundation and meet numerous government accreditation standards, such as Host Based Security System (HBSS) compliance. With an eye toward upcoming NIST Risk Management Framework (RMF), rest assured that ASTi has your system covered today and in the future.
(RMF in Process)
ASTi products are accredited with Authority To Operate (ATO) status in compliance with the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP). Contact ASTi for the latest information on RMF approval.
Hardening Scripts & Patches
ASTi’s IA scripts and patches eliminate all DISA high- and medium-severity vulnerabilities. The simple installation process relieves system administrators of difficult, time-consuming IA management chores, freeing them to perform other critical tasks.
ASTi’s IA Maintenance program is the ideal solution for customers requiring rigorous IA controls, conformance to DoD standards, and OS patch management throughout the product’s life. IA Maintenance is bundled with Software Maintenance, which also includes the latest ASTi software features and fixes.
Additional IA statements and approvals are available for Certificate of HBSS Compliance, TEMPEST Countermeasure Review (TCR), RoIP Cross Domain Solution (CDS) Determination, Emission Security (EMSEC) Determination, and Certificate Of Networthiness (CON).
Clear & Helpful Reports
ASTi processes the raw STIG, SCAP, and scan reports for easy analysis. These reports break outstanding Potential Discrepancy Items (PDIs) into lists of open, false-positive, and waiver items.
ASTi's current generation server products are based on Red Hat® Enterprise Linux®, the most certified operating system available today. The Information Maintenance (IA) Maintenance Program is an ideal security solution for customers who require even more rigorous IA controls, conformance to DoD standards and OS patch management over the product's life-cycle.
Applicable Product Lines:
- Telestra Studio & Studio VM
- Telestra Target
The IA Maintenance program is available as an option (US DOD only) within ASTi’s Software Maintenance program and will add IA updates to the software updates received thru Software Maintenance. IA Maintenance specific features are shown below:
- Facilitates DIACAP ATO, HBSS Compliance and other IA approvals
- Red Hat / RHEL, 3rd party and open source IA software updates provided
- Simple and Intuitive install and verification process
- Expedite the DAA approval process through easy to read reports and manifests
- Ease of renewal on anniversary date
- System manifest that defines the packages that have been approved and tested by ASTi
- IA scripts to eliminate all DISA high and medium severity vulnerability codes and also eliminate all or a majority of the lower severity items
- ASTi SCAP Non-Compliance Supplement Report: Includes a breakdown of STIG Benchmark Non-Compliance PDIs into a detailed open, false positive and waiver listing for analysis and use by the DAA
- ASTi has also incorporated various IA tools into our internal production test process to ensure that our application software is constantly updated with the latest security enhancements, while ensuring that the core integrity of the system (i.e. Communications) is maintained
Government Accreditation of ASTi Products
ASTi products are accredited through the year 2018 with Authority To Operate (ATO) status in compliance with the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP). Additional IA Statements and Approvals also available:
- Certificate of Host Based Security System (HBSS) Compliance
- TEMPEST Countermeasure Review (TCR)
- RoIP Cross Domain Solution (CDS) Determination
- Emission Security (EMSEC) Determination
Deliverables and Schedule
- The IA Maintenance Program provides one to three years of coverage to ensure that the customer's server systems receive critical security updates
- Quarterly IA releases against latest STIG
- Monthly Critical IAVA patches available for download
ASTi's IA Maintenance program eliminates a majority of the IA vulnerabilities. However, due to unique IA requirements at various customer sites, ASTi cannot ship systems that are ready to connect to any network. Typically, additional IA-related actions must be implemented, post-delivery, by the customer. Some examples include:
- Set non-guessable passwords
- Create specific user accounts as required
- Install additional IA tools as required (i.e. Virus scanner, IDS, etc.)
- Review audit logs
- Maintain specific physical security requirements (e.g. locks, guards, alarms)
- Active Software Maintenance Contract (purchased separately or bundled with IA Maintenance) is required