Continuous Diagnostics and Mitigation
Phase 3: Boundary Protection and Event Management
The CDM Program of the Department of Homeland Security (DHS)/Federal Network Resilience (FNR) is a federally funded program, designed to provide a new approach to protecting the cyber infrastructure of the .gov network environment. CDM moves away from historical compliance reporting toward combating threats to our nation’s networks on a real-time basis. The CDM Program offers DHS, along with Federal Departments and Agencies, State, Local, Regional, and Tribal governments, the ability to enhance and further automate existing continuous network monitoring capabilities, correlate and analyze critical security-related information, and enhance risk-based decision making at the agency and Federal enterprise levels.
The Forum Sentry API Security Gateway
The Forum Sentry API Security Gateway is the industry’s only FIPS 140-2 and NIAP NDDP certified API Security Gateway purpose-built to provide an API-based architecture that enables secure collaboration and information assurance by API data processing with identity-based dynamic rule enforcement. The Forum Sentry API Security gateway combines Security, Identity, Mediation, and Reporting into one central technology architecture that can be deployed and managed in any computing environment.
Industry Certified and Proven Secure:
FIPS 140-2 Level II
– Entire Hardware System
EAL 4+ Certified Integrated Hardened Security
– FIPS 140-2 Level III HSM with Security World
NIAP NDPP (Network Device Protection Profile)
– All Administration Interfaces and Ports
U.S. Dept. of Defense Certified PKI Component
– No OpenSSL libraries, no C-Based libraries
Achieving CDM through Secure Collaboration
The CDM Program requires a technology capability that can consolidate disparate client and server based technologies into a unified set of collaborating entities. Challenges of CDM within agencies and across agencies include:
- Disparate network infrastructure topology and information formats challenge interoperability and access
- Tools lack scalability for facilitating information consolidation via secure transfer
- Assurance of data in mandated formats (e.g. SCAP, etc)
- Data privacy and data integrity assurance
- Achieving FIPS 140-2 security baseline for information consolidation and access
Forum Sentry API Security Gateway solves all of these areas with cryptographic accelerated processing, dynamic encryption and decryption of information selectively grouped by enclave, and schema enforcement and data aggregation that ensures interoperability and standardized formatting of information exchanges.
Solving CDM Phase 3 General Requirements for all Tools and Technologies
The CDM Phase 3 requirements have 4 primary overriding requirements that all technologies and tools must adhere to across all functional areas. These include:
Reporting: Centralized dashboard consolidation of information such as devices, software products, people, roles, accounts, credentials, etc.
Interoperate: Data sharing with tools, client systems, server systems, databases, identity systems, etc
Scale: Must be able to scale to high volume transactions
Secure Collected Data: FIPS 140-2 data security for content, and FIPS 140-2 protocol security for communication channels
Forum Sentry API Security Gateway is purpose-built for interoperability and accelerated, scalable data security with FIPS 140-2 certified algorithms and patented cryptographic acceleration. Reporting and consolidation of information is fundamental to gateway technology which aggregates data feeds and facilitates secure data transfer and collaboration. The ability for Forum Sentry to dynamically apply security and identity related policies in-line to the data streams enables dynamic collaboration and secure enclaves of information exchanges to be built, while enabling seamless interoperability and offloading data transfer scalability from the underlying environment tools.
Secure Data within Physical and Logical Enclaves
The Continuous Monitoring and Diagnostics initiative involves data consolidation and collaboration from complex, diverse ecosystems of information. The ability to securely combine and aggregate this information for analysis is essential to ensure that the privacy consideration of the data itself are kept within the ‘enclaves’ of expected collaboration. Forum Sentry API Security Gateway provides the ability to function at the border areas of information exchange to dynamically encrypt data and securely transmit data to the designated locations using the designated security based on the identity context of the information itself. This dynamic ability to have rules that enact on traffic at TCP Layer 4-7 with policy rules dynamically applied based on identity and message criteria enable simplifying the data consolidation and information assurance within the privacy of the collaboration enclaves.
CDM Phase 3 – End State
CDM requires implementing a collaboration network architecture that enables data exchange among the tools involved in capturing the data from various sources to use for CDM correlation and aggregated analysis. Creating a secure ecosystem requires embracing FIPS 140-2 and NDDP secure gateway technology which provides a rules-based approach of Layer7 deep-context awareness for information assurance and granular privacy and security. Dynamic identity and security rules applied at the data borders provide a sophisticated level of information context far beyond traditional Tier 0 network components.
A gateway approach as a central theme for CDM implementation removes the complexities associated with end-point based solutions that use disparate tools and technologies. Aggregating information securely, consistently, and at highly scalable speeds, with specific privacy controls at the information border exchanges ensure only the target correlation points have the privileges to access the data. Interoperability is simplified through architecture design of the gateway mediation layer.