Federal and Public Sector Solutions


Build and Secure APIs for Mobile, Cloud, and On-Premise Integration


Forum Systems is a global leader in API Security Management and enables government agencies to redefine their operations and deliver IT modernization and securely deploy API-based architecture solutions. Serving as a trusted partner, and industry leader at multiple levels in federal, state and global government agencies, our Forum Sentry gateway technology helps to achieve security and modernization, by evolving hybrid architectures to enable mobile, cloud, and on-premise technologies to securely communicate.

 

FIPS 140-2 and NDPP Certified API Security

With unparalleled security-first pedigree, Forum Sentry adheres to a rigorous set of certification standards and is the only API Gateway product technology to achieve:Forum_Sentry_DevicewCert

  • NIST FIPS 140-2 Level II certification
  • NIAP Network Device Protection Profile (NDPP) certification
  • Department of Defense (DoD) Joint Interoperability Test Command PKI certification

Forum Sentry has been deployed as a strategic component for cross-domain, and API-based communications to serve as a technology aggregation capability that simplifies the path to API architectures and cross-domain secure information transfers.

 

The Forum Sentry API Gateway Solution

Helmet embossThe Forum Sentry API security gateway enables code-free building of APIs to integrate legacy and modern systems, connect cloud and mobile technologies, and extend business applications and services securely beyond information borders. For 15 years, the Forum Sentry API Gateway Solution has maintained a 100% deployment success rate for every technology deployment with U.S. Federal agencies, foreign governments and global enterprises, providing secure integration across channels, applications and infrastructure. Our dedication to our product success is unmatched in the industry and our deployment success is a testament to the capabilities of the product technology and the support infrastructure behind it.

Common Public Sector Solution Areas
Cyber Security

  • API Security at the API layer
  • Bi-directional protocol-break security
  • Identity correlation with data payloads
  • Integrated AV and BASE64 scanning

Identity Federation

  • Authentication and Authorization
  • Multi-Context Access Control
  • Attribute-Based Access Control
  • Hybrid Cloud to On-Premise Bridging
  • Agentless, no-code SSO

CDM Phase 3

  • Agentless enforcement
  • Information aggregation and format conversion
  • Identity and attribute data tagging
Derived PIV Authentication

  • Derived PIV authentication
  • PIV attribute control
  • Mobile PIV token conversion

Logical to Physical Access Control

  • Physical PIV to logical credentials
  • Dynamic Access Control of Applications and Services
  • Extensible Federation to 3rd party integrations
  • Monitoring and Alerting

Cross-Domain Security

  • Protocol transformation
  • Bi-directional data security and correlation
  • Protocol, Message, Source, Destination, and Identity access controls
  • Data encryption
  • Data signing

  • DATASHEET

    Download the Forum Sentry Datasheet

    DOWNLOAD

    REQUEST DEMO

    Let us show you how an API gateway works

    SIGN UP

    WEBINAR

    Fundamentals of Enterprise API Security

    WATCH NOW

    WHITE PAPER

    Reducing Application Cost and Risk through Centralized API Security

    DOWNLOAD

    TECHNICAL SPEC

    Download the Forum Sentry Technical Spec

    DOWNLOAD

How to Buy Forum Systems Federal Products

Inclusion as a United States General Services Administration (GSA) Schedule Vendor allows government customers to obtain special and approved pricing and license terms from a trusted vendor. GSA establishes long-term government-wide contracts with commercial firms to provide access to commercial supplies and services that can be ordered directly from GSA Schedule contractors.

Forum Systems recognizes that securing a GSA Schedule Contract is an important vote of confidence from the U.S. government enabling the company to increase its leverage in prospective government accounts and further its overall stronghold in the government market.

GSA Schedules offer customers direct access to high-performance solutions and services at discount pricing including the benefits of shorter lead-times, lower administrative costs and reduced inventories.

  • immix Forum Systems’ (GSA) Schedule contract number is GS-35F-0265X

Forum Systems has relationships with System Integrators (SIs) and Government Solutions providers that can leverage thier expertise and established partnerships with government agencies. For more information please contact sales at sales@forumsys.com.

Federal Product Certifications


FIPS 140-2 Level II Certification

The Federal Information Processing Standard (FIPS) 140-2 is required by all US Federal agencies for cryptographic modules and cryptographic processing. This standard is also recognized and enforced by the Canadian government, as well as members of other industries such as the financial services industry. The National Institute of Standards and Technology (NIST) is the government agency that oversees the FIPS 140-2 validation process. FIPS 140-2 is a process by which a product is adequately documented and validated by a NIST-certified lab to ensure that our use of cryptography is completely secure.

The focus on FIPS 140-2 is to protect all aspects of Forum Systems cryptographic processing. This gives customers an assurance that the following are secure:

  • authentication and access control
  • key management and storage
  • cryptographic algorithms
  • pseudo random number generation
  • strength of passwords
  • password storage
  • error and failure states
  • physical security
  • power up self-tests
  • integrity checks
  • design assurance

NIAP Network Device Protection Profile (NDPP) Certification

The NDPP compliant designation builds on Forum Sentry’s FIPS 140-2 certification foundation, reaffirming Forum Systems’ commitment to delivering industry-leading API and cloud security gateway technology for protecting cloud, mobile and on-premise infrastructure traffic.

The creation by National Information Assurance Partnership (NIAP) of technology-specific Protection Profiles with their own set of security assurance requirements offer more targeted assurance with achievable, repeatable and testable requirements. Protection Profile compliance requires assurances and testing more rigorous than the previous EAL schemes. In cooperation with other countries, the United States has initiated an evaluation paradigm where achieving success for certain IT products requires a transition to Protection Profile compliance and a move away from EALs.

While many network devices pursued evaluations at EAL4 in the past, the majority of new evaluations by network device vendors are pursing evaluation against the NIAP Network Device Protection Profile. Forum Systems has completed an evaluation that will be acceptable to the widest range of purchaser and that will comply with the CNSSP #11 purchasing requirements. Forum’s Common Criteria evaluation demonstrates the products conformance to the Network Device Protection Profile and that the product provides all the security features required in the Network Device Protection Profile.

Now “NDPP Compliant,” Forum Sentry is the industry’s only FIPS 140-2 NDPP-certified API Gateway for enabling secure connectivity between mobile application, cloud applications, and on-premise IT components. Forum Sentry is the only API gateway vendor to achieve NDPP security certification, a testament to the security pedigree of the product technology.


Joint Interoperability Test Command -Department of Defense (JITC DoD-PKI)

Many programs supporting the Department of Defense (DOD) missions require security services, such as authentication, confidentiality, non-repudiation, and access control. To help address these security problems, the DOD developed a Public Key Infrastructure (PKI). The DOD PKI provides products and services that enhance the security of networked information systems and facilitate digital signatures. These must be tested to ensure they are enabled correctly, and are interoperable with the DOD PKI.

Following strict compliance testing of the Forum Sentry and requirements defined by Joint Interoperability Test Command -Department of Defense (JITC DoD-PKI), the Forum Systems’ FIA Gateway (Sentry™ 1504G) is currently being deployed by government agencies for secure information sharing and collaboration.

Department of Defense Class 3 Public Key Infrastructure Public Key-Enabled Application Requirements, version 1.0 13 July 2000 in the following areas: Retrieving Certificates, Importing Keys and Certificates, Storing Trust Points, Verifying Communication Protocols, Checking Certificate Status, Path Development and Processing, Application Configuration and Application Documentation.

Federal Government Compliance and Directives

DITSCAP

DoD Information Technology Security Certification and Accreditation Process requires Interoperability Certification and Information Assurance (IA) accreditation of all telecommunications products connected to the DSN.

NSTISSP # 11

National Security Telecommunications and Information Systems Security Policy No. 11 http://niap.nist.gov/cc-scheme/nstissp-faqs.html is a National Information Assurance Directorate which requires that systems that enter, process, store, display or transmit national security information must include information assurance products validated against the International Common Criteria for Information Security Technology (NIAP Common Criteria) http://www.niap.nist.gov/cc-scheme/in_evaluation.html#f, and or Federal Information processing Standard 140-2 (FIPS).

CNSS Policy # 15

U.S. Government Departments or Agencies desiring to use security products implementing AES to protect national security systems and/or information (i.e., to provide confidentiality, authentication, non-repudiation, integrity, or to ensure system availability) or other mission critical information related to national security, are subject to review and approval by the National Institute of Standards and Technology (NIST) in accordance with the requirements of Federal Information Processing Standard (FIPS) 140-2.

NCES

Net-Centric Enterprise Services program will provide a secure, collaborative information-sharing which enables systems to provide the right information to the right person at the right time.

EGA (E-Government Act)

The E-Government Act of 2002 and the Federal Information Security Management Act (FISMA) permanently establishes the guidelines set forth in the original Gov. Information Security Reform Act (GISRA) that provides significant privacy and security responsibilities for federal information technology system operators, and provides the framework for securing the Federal government’s information technology.

FISMA

Mandatory under the Federal Information Security Act of 2002, All applications and content, should be protected against unauthorized access, use, disclosure, disruption, modification or destruction of information collected or maintained by the agency. Federal agencies have until December 2006 to apply requirements to their existing systems. A recent survey of about 70 federal chief information security officers found that only about 40 percent of them had begun the now-mandatory process of categorizing their major applications and general support systems according to the impact that a serious breach in those systems could have on their agencies’ ability to operate. (Federal Computer Weekly, March 2005) Federal Information Security Management Act of 2002 (Title III of E-Gov)

NSTISSP #11

NSTISSP #11 is a national security community policy governing the acquisition of information assurance (IA) and IA-enabled information technology products. The policy was issued by the Chairman of the National Security Telecommunications and Information Systems Security Committee (NSTISSC), 2/1/00. The policy mandates, effective 1 July 2002, that departments and agencies within the Executive Branch shall acquire, for use on national security systems, only those COTS products or crypto modules that have been validated in accordance with the International Common Criteria for Information Technology Security Evaluation, National Information Assurance Partnership’s (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS), or by the National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS) Crypto module Validation Program (CMVP). Additionally, subject to policy and guidance for non-national security systems, NSTISSP # 11 notes that departments and agencies may wish to consider the acquisition of validated COTS products for use in information systems that may be associated with the operation of critical infrastructures as defined in the Presidential Decision Directive on Critical Infrastructure Protection (PDD-63).