March 31st, 2008 by David Link, Co-Founder and CEO
Several of our Defense Department Customers recently asked us to help comply with a new directive – Alternative Logon Token for System Administrators that require Applications connected to the NIPR and SIPR networks to be compliant with the DOD’s PKI (Public Key Infrastructure) standard operating procedures. What does this mean for ScienceLogic and our EM7 Meta-Appliances?
EM7 needed to be modified to request client-side certificates from a connecting browser over SSLv3 and to ratify those against a DOD Public Key installed on our government customers’ systems prior to allowing access to the EM7 web-based application interface.
Some of you may be familiar with government issued CAC Cards – a smart card that DOD requires for controlled access to their IT systems. The Department of Defense’s Joint Task Force – Global Network Operations mandated the switch to CAC log-on as part of its information assurance (IA) strategy for protecting its information and networks.
CAC Cards using the DOD’s PKI make cryptographic log-on possible, also called CAC log-on, or even CLO. Cryptographic refers to the “crypto key,” the information in the CAC’s chip that verifies a user’s identity. The stored information allows the users to prove their identity by entering a six- to eight-digit PIN after inserting their CAC into a card reader connected to their computer.
The DOD had a very short timeframe to accomplish this Security requirement. The deadline is October 1, 2008.
ScienceLogic’s Software Engineering team understood the urgency and importance of supporting this requirement for National Security and Cyber-Security purposes. As a result, we are proud to announce that the EM7 Meta-Appliances currently support this DOD directive FIVE months prior to the official deadline.
Stop by our booth #2731 at FOSE and we’ll be glad to talk about it.