SecureIO for CSfC
SecureIO Suite and SecureIO RapidDeployer accelerate fielding of CSfC Android devices and applications
The National Security Agency’s (NSA) Commercial Solutions for Classified (CSfC) program establishes requirements for government agencies to safely use wireless networks and commodity hardware to handle classified communications. By using NIAP (National Information Assurance Partnership)-approved commercial products in layered solutions, registered CSfC solutions can protect classified data at substantially lower cost, with greater functionality and more immediate availability than traditional approaches.
CSfC requirements for commercial end-user devices (EUDs)—laptops, tablets and smartphones—to connect to secure networks are stringent, involving complex, precise provisioning and extensive per-application certification requirements. Our SecureIO product suite offers software solutions and tools to accelerate fielding of Android EUDs and mission-critical applications.
CSfC requirements for commercial end-user devices (EUDs)—laptops, tablets and smartphones—to connect to secure networks are stringent, involving complex, precise provisioning and extensive per-application certification requirements. Our SecureIO product suite offers software solutions and tools to accelerate fielding of Android EUDs and mission-critical applications.
Anchor Element Copy for linking on the same page:
https://www.perspectalabs.com/?data-scroll-to-anchor=HowItWorks
Copy for linking from an external page:
https://www.perspectalabs.com/?data-anchor-link=HowItWorks
How it worksSecureIO TLS SolutionCSfC Mobile Access Capability Package (MACP) requirements stipulate that each application implementing Transport Layer Security (TLS) must be individually tested and approved by NIAP. Since Android EUDs typically use TLS-encrypted app traffic inside an IPSec tunnel, each Android CSfC app that uses TLS would be subject to NIAP testing and NSA review. NIAP certification can be a long and expensive process, representing a high barrier to entry for new Android CSfC apps, especially government off-the-shelf apps.
Our flagship product is the SecureIO TLS Solution, which dramatically reduces the time required to approve, test and field CSfC-compliant Android devices. It provides a NIAP-approved common, shared TLS encryption function that can be used by every app running on the EUD. This SecureIO solution eliminates the need for the installed apps to implement their own transport security, enabling a wide variety of new apps to be quickly deployed on MACP-compliant Android EUDs. The SecureIO TLS Solution consists of SecureIO application software, which is installed on the Android EUD to provide an API, and the SecureIO VPN gateway, which provides a Linux-based VPN gateway / server component. SecureIO Rapid ProvisionerMACP requirements for EUDs include separation of IP stack space for outer and inner Internet Protocol Security (IPSec) tunnels, diversity of IPSec clients and separation of security credentials for the two tunnels. Manual separation of IP stacks, installation and configuration of IPSec clients and further configuration of in-host routing to achieve the desired networking and security posture is a time-consuming procedure fraught with possibilities of user and administrator error at each step. For an enterprise-wide deployment, this leads to excessive delays in formulating plans for installation, testing and eventual release of EUDs to end users. The SecureIO Rapid Provisioner is an industry-leading solution, available for both Windows and Android devices, which provides an automated process so that all necessary CSfC deployment and configuration steps can be performed accurately with a few button clicks. Rapid Deployer has been shown to reduce configuration time from more than 4 hours per device to 15 minutes, saving agencies resources and valuable time. It delivers speed, security compliance and scalability, while eliminating manual steps, improving accuracy of device provisioning and reducing the training required for the personnel performing the provisioning. For Windows laptops and tablets, Rapid Provisioner runs like a familiar wizard-based Windows application installer. Rapid Provisioner for Windows first deploys and configures an inner IPsec client and type-2 hypervisor on the host. It then creates a virtual machine (VM), which hosts the outer IPSec client, and sets up internal host-only interfaces and appropriate routing rules. It additionally deploys and configures monitoring applications for the Windows system tray and an application to monitor the system even before the user logs on or when the user logs off or when the desktop is locked. This aspect is critical for setups where pre-connect features are necessary, for example, for Active Directory based login checks. For Android smartphones and tablets, Rapid Provisioner provides an easy to use web interface through which an administrator creates categories of device types; each category supports users with similar device needs (e.g., different user groups require different apps). An administrator can use the Rapid Provisioner GUI to assign a new device to a specific user within a group. When the device is powered on, provisioning staff initiate the provisioning process by quickly tapping it with an NFC-capable provisioning device, after which the new device autonomously downloads, authenticates, decrypts and installs a package customized with the new user’s credentials and containing the configuration and software required for users in that user category. Other SecureIO productsIn addition to our SecureIO TLS Solution and the SecureIO Rapid Provisioner, we offer the following software products and applications:
Anchor Element Copy for linking on the same page:
https://www.perspectalabs.com/?data-scroll-to-anchor=features
Copy for linking from an external page:
https://www.perspectalabs.com/?data-anchor-link=features
Features
Anchor Element Copy for linking on the same page:
https://www.perspectalabs.com/?data-scroll-to-anchor=Advantages
Copy for linking from an external page:
https://www.perspectalabs.com/?data-anchor-link=Advantages
AdvantagesOur SecureIO products dramatically reduce the time, complexity and risk of errors for configuring and fielding CSfC-compliant Android and Windows devices, supporting arbitrary apps on these devices, and monitoring and managing certificates and status.
Anchor Element Copy for linking on the same page:
https://www.perspectalabs.com?data-scroll-to-anchor=resources
Copy for linking from an external page:
https://www.perspectalabs.com?data-anchor-link=resources
ResourcesAnchor Element Copy for linking on the same page:
https://www.perspectalabs.com/?data-scroll-to-anchor=links
Copy for linking from an external page:
https://www.perspectalabs.com/?data-anchor-link=links
Research, services and products of interestResearch
Services
Products
Anchor Element Copy for linking on the same page:
https://www.perspectalabs.com?data-scroll-to-anchor=requestinfo
Copy for linking from an external page:
https://www.perspectalabs.com?data-anchor-link=requestinfo
|