DISA approval means that a product has been listed on the US Department of Defense Information Network (DoDIN) Approved Products List (APL). The APL process provides for an increased level of confidence through Cybersecurity and Interoperability (IO) certification. The DoDIN APL is the single approving authority for all military departments and DoD agencies in the acquisition of communications equipment that is to be connected to the Defense Information Systems Network.
The APL certification process is rigorous for the purpose of securing military networks in the US and abroad, and this level of security certification could also benefit commercial and private sector businesses that support critical infrastructure, financial transactions or other operations where failure is not an option. The security functional requirements come from an extensive public document called “Unified Capabilities Requirements” as well cybersecurity best practices.
What kinds of cybersecurity features and protocols should you look for in a timing solution?
- AAA protocol support – refers to Authentication, Authorization and Accounts, a family of computer security protocols including LDAP, RADIUS, and TACACS+ that mediate system access and permissions.
- Multi-level authorization – permits access by users with different permissions and prevents users from obtaining access to information or making changes for which they lack authorization.
- Configurable, complex passwords – uses different types of characters in unique ways to increase security. Configure the complexity requirements suitable for your organization.
- Access control lists (ACLs) – permits or denies access to the system based on user defined network addresses or subnets.
- HTTPS and NTP – Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between a browser and website. The communication protocol is encrypted for secure communication over a computer network.
- SSH, SCP, SFTP with public/private key support – There are a number of security technologies and protocols for linking servers and clients. Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network, typically remote sessions. Secure Copy Protocol (SCP) and Secure File Transfer Protocol (SFTP) are means of securely transferring computer files between a local host and a remote host or between two remote hosts operating over an SSH connection.
- Authenticated NTP – Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency networks. NTP provides two internal security mechanisms to protect authenticity of the computer systems involved in network clock synchronization.
Orolia’s SecureSync time and frequency reference solution delivers the highest level of Resilient Positioning, Navigation and Timing (PNT) cybersecurity available today, including all the critical functionality described above, as standard PNT cybersecurity features. At Orolia, we’re committed to protecting military and other critical networks around the world with exceptional engineering and rigorous industry standards.
David Sohn is a Solution Architect at Orolia, designing and developing solutions leveraging the organization's precision timing solution portfolio, including their flagship SecureSync and VersaSync products, and contributing to its entire portfolio of resilient PNT solutions. He has more than 10 years of experience designing, developing, and managing precision timing solutions and holds a BS in computer engineering from The Pennsylvania State University.