Federal and Public Sector Solutions


Providing COTS product technology to solve mission-based agency challenges


Forum Systems is a US based technology company focused on core solution areas to achieve cyber-secure deployment and enable agencies to achieve their goals of IT modernization and improved cyber security posture

 

FIPS 140-2 and NDPP Certified API Security

With unparalleled security-first pedigree, Forum Sentry adheres to a rigorous set of certification standards and is the only API Gateway product technology to achieve:Forum_Sentry_DevicewCert

  • NIST FIPS 140-2 Level II certification (with embedded FIPS 140-2 Level III certified HSM)
  • Common Criteria Network Device Protection Profile (NDPP) certification
  • Department of Defense (DoD) Joint Interoperability Test Command PKI certification

Forum Sentry has been deployed as a strategic component for cross-domain, and API-based communications to serve as a technology aggregation capability that simplifies the path to API architectures and cross-domain secure information transfers.

 

The Forum Sentry API Gateway Solution

Helmet embossThe Forum Sentry API security gateway enables code-free building of APIs to integrate legacy and modern systems, connect cloud and mobile technologies, and extend business applications and services securely beyond information borders. For 15 years, the Forum Sentry API Gateway Solution has maintained a 100% deployment success rate for every technology deployment with U.S. Federal agencies, foreign governments and global enterprises, providing secure integration across channels, applications and infrastructure. Our dedication to our product success is unmatched in the industry and our deployment success is a testament to the capabilities of the product technology and the support infrastructure behind it.

Solution Areas
MOBILE

  • Mobile Security and Authentication
  • PIV and DPIV Authentication
  • BYOD Integration

IT MODERNIZATION

  • Architecture Complexity Reduction
  • API Enablement
  • Cloud to On-Premise Secure APIs
  • Legacy Message and Protocol Conversion

CDM PHASE 3

  • Agentless enforcement
  • Information aggregation and format conversion
  • User-Based and Host-Based telemetry monitoring
IDAM

  • Cyber-secure Policy Enforcement
  • Identity Repository Protection
  • Federation and SSO

CYBER SECURITY

  • API Security
  • Data Signing and Encryption
  • Threat Prevention
  • Data Exfiltration Protection
  • Machine Learning and Artificial Intelligence

  • DATASHEET

    Download the Forum Sentry Datasheet

    DOWNLOAD

    REQUEST DEMO

    Let us show you how an API gateway works

    SIGN UP

    WEBINAR

    Fundamentals of Enterprise API Security

    WATCH NOW

    WHITE PAPER

    Reducing Application Cost and Risk through Centralized API Security

    DOWNLOAD

How to Buy Forum Systems Federal Products

Inclusion as a United States General Services Administration (GSA) Schedule Vendor allows government customers to obtain special and approved pricing and license terms from a trusted vendor. GSA establishes long-term government-wide contracts with commercial firms to provide access to commercial supplies and services that can be ordered directly from GSA Schedule contractors.

Forum Systems recognizes that securing a GSA Schedule Contract is an important vote of confidence from the U.S. government enabling the company to increase its leverage in prospective government accounts and further its overall stronghold in the government market.

GSA Schedules offer customers direct access to high-performance solutions and services at discount pricing including the benefits of shorter lead-times, lower administrative costs and reduced inventories.

  • immix Forum Systems’ (GSA) Schedule contract number is GS-35F-0265X

Forum Systems has relationships with System Integrators (SIs) and Government Solutions providers that can leverage their expertise and established partnerships with government agencies. For more information please contact sales at sales@forumsys.com.

Federal Product Certifications


FIPS 140-2 Level II Certification

The Federal Information Processing Standard (FIPS) 140-2 is required by all US Federal agencies for cryptographic modules and cryptographic processing. This standard is also recognized and enforced by the Canadian government, as well as members of other industries such as the financial services industry. The National Institute of Standards and Technology (NIST) is the government agency that oversees the FIPS 140-2 validation process. FIPS 140-2 is a process by which a product is adequately documented and validated by a NIST-certified lab to ensure that our use of cryptography is completely secure.

The focus on FIPS 140-2 is to protect all aspects of Forum Systems cryptographic processing. This gives customers an assurance that the following are secure:

  • authentication and access control
  • key management and storage
  • cryptographic algorithms
  • pseudo random number generation
  • strength of passwords
  • password storage
  • error and failure states
  • physical security
  • power up self-tests
  • integrity checks
  • design assurance

NIAP Network Device Protection Profile (NDPP) Certification

The NDPP compliant designation builds on Forum Sentry’s FIPS 140-2 certification foundation, reaffirming Forum Systems’ commitment to delivering industry-leading API and cloud security gateway technology for protecting cloud, mobile and on-premise infrastructure traffic.

The creation by National Information Assurance Partnership (NIAP) of technology-specific Protection Profiles with their own set of security assurance requirements offer more targeted assurance with achievable, repeatable and testable requirements. Protection Profile compliance requires assurances and testing more rigorous than the previous EAL schemes. In cooperation with other countries, the United States has initiated an evaluation paradigm where achieving success for certain IT products requires a transition to Protection Profile compliance and a move away from EALs.

While many network devices pursued evaluations at EAL4 in the past, the majority of new evaluations by network device vendors are pursing evaluation against the NIAP Network Device Protection Profile. Forum Systems has completed an evaluation that will be acceptable to the widest range of purchaser and that will comply with the CNSSP #11 purchasing requirements. Forum’s Common Criteria evaluation demonstrates the products conformance to the Network Device Protection Profile and that the product provides all the security features required in the Network Device Protection Profile.

Now “NDPP Compliant,” Forum Sentry is the industry’s only FIPS 140-2 NDPP-certified API Gateway for enabling secure connectivity between mobile application, cloud applications, and on-premise IT components. Forum Sentry is the only API gateway vendor to achieve NDPP security certification, a testament to the security pedigree of the product technology.


Joint Interoperability Test Command -Department of Defense (JITC DoD-PKI)

Many programs supporting the Department of Defense (DOD) missions require security services, such as authentication, confidentiality, non-repudiation, and access control. To help address these security problems, the DOD developed a Public Key Infrastructure (PKI). The DOD PKI provides products and services that enhance the security of networked information systems and facilitate digital signatures. These must be tested to ensure they are enabled correctly, and are interoperable with the DOD PKI.

Following strict compliance testing of the Forum Sentry and requirements defined by Joint Interoperability Test Command -Department of Defense (JITC DoD-PKI), the Forum Systems’ FIA Gateway (Sentry™ 1504G) is currently being deployed by government agencies for secure information sharing and collaboration.

Department of Defense Class 3 Public Key Infrastructure Public Key-Enabled Application Requirements, version 1.0 13 July 2000 in the following areas: Retrieving Certificates, Importing Keys and Certificates, Storing Trust Points, Verifying Communication Protocols, Checking Certificate Status, Path Development and Processing, Application Configuration and Application Documentation.

Federal Government Compliance and Directives

DITSCAP

DoD Information Technology Security Certification and Accreditation Process requires Interoperability Certification and Information Assurance (IA) accreditation of all telecommunications products connected to the DSN.

NSTISSP # 11

National Security Telecommunications and Information Systems Security Policy No. 11 http://niap.nist.gov/cc-scheme/nstissp-faqs.html is a National Information Assurance Directorate which requires that systems that enter, process, store, display or transmit national security information must include information assurance products validated against the International Common Criteria for Information Security Technology (NIAP Common Criteria) http://www.niap.nist.gov/cc-scheme/in_evaluation.html#f, and or Federal Information processing Standard 140-2 (FIPS).

CNSS Policy # 15

U.S. Government Departments or Agencies desiring to use security products implementing AES to protect national security systems and/or information (i.e., to provide confidentiality, authentication, non-repudiation, integrity, or to ensure system availability) or other mission critical information related to national security, are subject to review and approval by the National Institute of Standards and Technology (NIST) in accordance with the requirements of Federal Information Processing Standard (FIPS) 140-2.

NCES

Net-Centric Enterprise Services program will provide a secure, collaborative information-sharing which enables systems to provide the right information to the right person at the right time.

EGA (E-Government Act)

The E-Government Act of 2002 and the Federal Information Security Management Act (FISMA) permanently establishes the guidelines set forth in the original Gov. Information Security Reform Act (GISRA) that provides significant privacy and security responsibilities for federal information technology system operators, and provides the framework for securing the Federal government’s information technology.

FISMA

Mandatory under the Federal Information Security Act of 2002, All applications and content, should be protected against unauthorized access, use, disclosure, disruption, modification or destruction of information collected or maintained by the agency. Federal agencies have until December 2006 to apply requirements to their existing systems. A recent survey of about 70 federal chief information security officers found that only about 40 percent of them had begun the now-mandatory process of categorizing their major applications and general support systems according to the impact that a serious breach in those systems could have on their agencies’ ability to operate. (Federal Computer Weekly, March 2005) Federal Information Security Management Act of 2002 (Title III of E-Gov)

NSTISSP #11

NSTISSP #11 is a national security community policy governing the acquisition of information assurance (IA) and IA-enabled information technology products. The policy was issued by the Chairman of the National Security Telecommunications and Information Systems Security Committee (NSTISSC), 2/1/00. The policy mandates, effective 1 July 2002, that departments and agencies within the Executive Branch shall acquire, for use on national security systems, only those COTS products or crypto modules that have been validated in accordance with the International Common Criteria for Information Technology Security Evaluation, National Information Assurance Partnership’s (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS), or by the National Institute of Standards and Technology (NIST) Federal Information Processing Standards (FIPS) Crypto module Validation Program (CMVP). Additionally, subject to policy and guidance for non-national security systems, NSTISSP # 11 notes that departments and agencies may wish to consider the acquisition of validated COTS products for use in information systems that may be associated with the operation of critical infrastructures as defined in the Presidential Decision Directive on Critical Infrastructure Protection (PDD-63).