Trusted Computing for Defense & Aerospace
Curtiss-Wright goes well beyond standard approaches to Trusted Computing to provide truly secure solutions for air, ground, and sea platforms. We keep cybersecurity and physical protection in mind, from design and testing to supply chain and manufacturing. This comprehensive, end-to-end approach creates an effective mesh of protection layers that integrate to ensure reliability of Curtiss-Wright products in the face of attempted compromise.
The Risk Management Framework (RMF) is for assessing risk and is designed for federal information systems. Apart from assessing risks, the RMF also provides guidance on selecting controls to mitigate risk, and then authorizes and monitors those systems. While the framework itself is maintained by NIST in special publications SP 800-53, SP 800-34, SP 800-61, SP 800-53A, SP 800-37, SP-800-137, SP 800-60, and others, NIST does not perform assessment or certification of systems under RMF. Programs should be assessed under guidance of the SP 800-53A Guide for Assessing the Security Controls in Federal Information Systems and Organizations. Different departments and agencies will determine who provides the oversight needed to sign off on after appropriate assessments are completed in order to allow systems to operate.
The Common Criteria (CC), administered by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), is a framework to help evaluate products against a defined security target (ST) and security functional requirements (SFR). Normally, products will pull much of their ST from an already defined protection profile (PP) for a given set of products. Products are then evaluated against their defined ST and SFR at an independent lab. Furthermore, when being evaluated, the Evaluated Assurance Level (EAL) can also be selected from level 0 to level 7. The EAL dictates the strictness of the evaluation, with higher levels looking at the entire development process of the product, and the highest level requiring formal verification of security claims. It is important to remember that higher EAL levels do not imply higher security; they simply show that there is a higher level of confidence in the verification of the security claims. Because CC certification by itself only states that the evaluated product meets its defined ST and SFR, vendors must select and define, and customers must evaluate the ST and SFR of any product to ensure that the defined capabilities meet the security needs for their system and have been evaluated to the appropriate confidence.
The National Information Assurance Partnership (NIAP) manages the certification of commercial off-the-shelf (COTS) components to Common Criteria (CC) certification. NIAP works with certified testing laboratories to perform CC certification and maintains the list of validated products.
The Defense Information Systems Agency (DISA) within the U.S. Department of Defense (DOD) helps ensure continued operation and security of the DOD Global Information Network. DISA also manages a repository of Security Technical Implementation Guides (STIG) that can help secure computing systems. STIGs can range from general to product-specific. While DISA does not perform certification, they do maintain the set of STIGs used to secure systems, and they approve submitted STIGs prior to including them in the list. Vendors who want to generate and provide specific STIGs for their own products can submit them to DISA for approval and inclusion.
The Commercial Solutions for Classified (CSfC) is a program of the U.S. National Security Agency (NSA) that takes CC-certified security solutions, layers those solutions to produce a product, and certifies that the product can securely protect National Security Systems (NSS) that operate on classified data. NSA may put additional requirements on a product, or require that CC protection profile selections for products are included on the CSfC list. The designer should start discussions on CSfC with NSA prior to going through CC certification for individual portions of that CSfC product. CSfC provides an alternative to using Type-1 NSA certified cryptography. Its use does present tradeoffs that can affect product life cycle, key management requirements, and product classification.
The RTCA DO-178C/EUROCAE ED-12C Software Considerations in Airborne Systems and Equipment Certification is a U.S. Federal Aviation Administration (FAA) design assurance guideline to approve the airworthiness of aviation software. It details the requirements for software development, testing, test coverage, and reliability. There are multiple design assurance levels (DALs) based on the level of criticality of the system failing, with “A” indicating catastrophic danger and “E” indicating no impact on safety. Since DO-178C can influence the entire software development process, ensuring that the requirements are well understood prior to starting development is essential.
The RTCA DO-254/EUROCAE ED-80 Design Assurance Guidance for Airborne Electronic Hardware standard is the FAA hardware counterpart to DO-178C and provides guidance for certification of complex avionics components that can influence flight safety. As with DO-178C, levels of criticality exist (A to E), and the DO-254 guidelines can influence the entire hardware development process. Requirements to meet DO-254 certification should be understood before beginning development of a new complex hardware avionics component.
Read the full article here.
Explore DAR Encryption Approaches
Endorsed by the NSA for securing classified and sensitive U.S. Government information when appropriately keyed.
An internationally recognized security certification standard for commercial cryptography.