Information Assurance and Security
ASTi has a proven, long-term commitment to safeguarding sensitive and classified information. ASTi develops and maintains a complete spectrum of security and information assurance (IA) solutions. All ASTi products are built upon a solid security foundation and meet numerous government accreditation standards. Since 2005, ASTi products have continuously held US Government IA accreditations through migrating programs including the current Risk Management Framework, so you can rest assured that ASTi has your system covered today and in the future.
RMF Approved
ASTi's Voisus product line is accredited with Authorization To Operate (ATO) status in compliance with the Risk Management Framework (RMF) for DoD Information Technology (IT).
Hardening Scripts & Patches
ASTi’s IA scripts and patches eliminate all DISA high- and medium-severity vulnerabilities. The simple installation process relieves system administrators of difficult, time-consuming IA management chores, freeing them to perform other critical tasks.
IA Maintenance
ASTi’s IA Maintenance program is the ideal solution for customers requiring rigorous IA controls, conformance to DoD standards, and OS patch management throughout the product’s life. IA Maintenance is bundled with Software Maintenance, which also includes the latest ASTi software features and fixes.
Government Accreditation
Additional IA statements and approvals are available for Certificate of HBSS Compliance, TEMPEST Countermeasure Review (TCR), RoIP Cross Domain Solution (CDS) Determination, and Emission Security (EMSEC) Determination.
Clear & Helpful Reports
ASTi processes the raw STIG, SCAP, and scan reports for easy analysis. These reports break outstanding Potential Discrepancy Items (PDIs) into lists of open, false-positive, and waiver items.
ASTi's current generation server products are based on Red Hat® Enterprise Linux®, the most certified operating system available today. The Information Assurance (IA) Maintenance Program is an ideal security solution for customers who require even more rigorous IA controls, conformance to DoD standards and OS patch management over the product's life-cycle.
Applicable Product Lines:
- Telestra Studio & Studio VM
- Telestra server
- Voisus
- SERA
Features
The IA Maintenance program is available as an option (US DOD only) within ASTi’s Software Maintenance program and will add IA updates to the software updates received thru Software Maintenance. IA Maintenance specific features are shown below:
- Facilitates RMF ATO, HBSS Compliance and other IA approvals
- Red Hat / RHEL, 3rd party and open source IA software updates provided
- Simple and Intuitive install and verification process
- Expedite the DAA approval process through easy to read reports and manifests
- Ease of renewal on anniversary date
- System manifest that defines the packages that have been approved and tested by ASTi
- IA scripts to eliminate all DISA high and medium severity vulnerability codes and also eliminate all or a majority of the lower severity items
- ASTi SCAP Non-Compliance Supplement Report: Includes a breakdown of STIG Benchmark Non-Compliance PDIs into a detailed open, false positive and waiver listing for analysis and use by the DAA
- ASTi has also incorporated various IA tools into our internal production test process to ensure that our application software is constantly updated with the latest security enhancements, while ensuring that the core integrity of the system (i.e. Communications) is maintained
Government Accreditation of ASTi Products
ASTi products are accredited with Authorization To Operate (ATO) status in compliance with the Risk Management Framework (RMF) for DoD Information Technology (IT). Additional IA Statements and Approvals also available:
- Certificate of Host Based Security System (HBSS) Compliance
- TEMPEST Countermeasure Review (TCR)
- RoIP Cross Domain Solution (CDS) Determination
- Emission Security (EMSEC) Determination
Deliverables and Schedule
- The IA Maintenance Program provides one to three years of coverage to ensure that the customer's server systems receive critical security updates
- Quarterly IA releases against latest STIG
- Monthly Critical IAVA patches available for download
Customer Responsibilities
ASTi's IA Maintenance program eliminates a majority of the IA vulnerabilities. However, due to unique IA requirements at various customer sites, ASTi cannot ship systems that are ready to connect to any network. Typically, additional IA-related actions must be implemented, post-delivery, by the customer. Some examples include:
- Set non-guessable passwords
- Create specific user accounts as required
- Install additional IA tools as required (i.e. Virus scanner, IDS, etc.)
- Review audit logs
- Maintain specific physical security requirements (e.g. locks, guards, alarms)
- Active Software Maintenance Contract (purchased separately or bundled with IA Maintenance) is required