Information Assurance Maintenance Program

ASTi's current generation server products are based on Red Hat® Enterprise Linux®, the most certified operating system available today. The Information Maintenance (IA) Maintenance Program is an ideal security solution for customers who require even more rigorous IA controls, conformance to DoD standards and OS patch management over the product's life-cycle. All products include the standard IA features.

Applicable Product Lines:

  • Telestra Studio & Studio VM
  • Telestra Target
  • Voisus
  • SERA

Features

Note: The IA Package is an optional software package for ASTi platforms.

  • Facilitates DIACAP ATO, HBSS Compliance and other IA approvals
  • Red Hat / RHEL, 3rd party and open source IA software updates provided
  • ASTi software updates provided
    • Ongoing access to latest feature set and capabilities of the product
  • Simple and Intuitive install and verification process
  • Expedite the DAA approval process through easy to read reports and manifests
  • Includes a fixed amount of IA support time for any related IA questions
  • Tiered pricing schema as the number of nodes increases
    • Add new nodes to existing contract at already achieved tiered pricing level
  • Ease of renewal on anniversary date
  • System manifest that defines the packages that have been approved and tested by ASTi
  • IA scripts to eliminate all DISA high and medium severity vulnerability codes and also eliminate all or a majority of the lower severity items
  • ASTi SCAP Non-Compliance Supplement Report: Includes a breakdown of STIG Benchmark Non-Compliance PDIs into a detailed open, false positive and waiver listing for analysis and use by the DAA
  • ASTi has also incorporated various IA tools into our internal production test process to ensure that our application software is constantly updated with the latest security enhancements, while ensuring that the core integrity of the system (i.e. Communications) is maintained

Government Accreditation of ASTi Products

ASTi products are accredited through the year 2018 with Authority To Operate (ATO) status in compliance with the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP). Additional IA Statements and Approvals also available:

  • Certificate of Host Based Security System (HBSS) Compliance
  • TEMPEST Countermeasure Review (TCR)
  • RoIP Cross Domain Solution (CDS) Determination
  • Emission Security (EMSEC) Determination

Deliverables and Schedule

  • The IA Maintenance Program provides one to three years of coverage to ensure that the customer's server systems receive critical security updates
  • Automatically starts upon shipment of server or software
  • Quarterly or more frequent updates provided

Customer Responsibilities

ASTi's IA Maintenance program eliminates a majority of the IA vulnerabilities. However, due to unique IA requirements at various customer sites, ASTi cannot ship systems that are ready to connect to any network. Typically, additional IA-related actions must be implemented, post-delivery, by the customer. Some examples include:

  • Set non-guessable passwords
  • Create specific user accounts as required
  • Install additional IA tools as required (i.e. Virus scanner, IDS, etc.)
  • Review audit logs
  • Maintain specific physical security requirements (e.g. locks, guards, alarms)