Information Assurance Maintenance Program

ASTi's current generation server products are based on Red Hat® Enterprise Linux®, the most certified operating system available today. The Information Maintenance (IA) Maintenance Program is an ideal security solution for customers who require even more rigorous IA controls, conformance to DoD standards and OS patch management over the product's life-cycle. All products include the standard IA features.

Applicable Product Lines:

  • Telestra Studio & Studio VM
  • Telestra Target
  • Voisus
  • SERA

Features

The IA Maintenance program is available as an option (US DOD only) within ASTi’s Software Maintenance program and will add IA updates to the software updates received thru Software Maintenance. IA Maintenance specific features are shown below:

  • Facilitates DIACAP ATO, HBSS Compliance and other IA approvals
  • Red Hat / RHEL, 3rd party and open source IA software updates provided
  • Simple and Intuitive install and verification process
  • Expedite the DAA approval process through easy to read reports and manifests
  • Ease of renewal on anniversary date
  • System manifest that defines the packages that have been approved and tested by ASTi
  • IA scripts to eliminate all DISA high and medium severity vulnerability codes and also eliminate all or a majority of the lower severity items
  • ASTi SCAP Non-Compliance Supplement Report: Includes a breakdown of STIG Benchmark Non-Compliance PDIs into a detailed open, false positive and waiver listing for analysis and use by the DAA
  • ASTi has also incorporated various IA tools into our internal production test process to ensure that our application software is constantly updated with the latest security enhancements, while ensuring that the core integrity of the system (i.e. Communications) is maintained

Government Accreditation of ASTi Products

ASTi products are accredited through the year 2018 with Authority To Operate (ATO) status in compliance with the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP). Additional IA Statements and Approvals also available:

  • Certificate of Host Based Security System (HBSS) Compliance
  • TEMPEST Countermeasure Review (TCR)
  • RoIP Cross Domain Solution (CDS) Determination
  • Emission Security (EMSEC) Determination

Deliverables and Schedule

  • The IA Maintenance Program provides one to three years of coverage to ensure that the customer's server systems receive critical security updates
  • Quarterly IA releases against latest STIG
  • Monthly Critical IAVA patches available for download

Customer Responsibilities

ASTi's IA Maintenance program eliminates a majority of the IA vulnerabilities. However, due to unique IA requirements at various customer sites, ASTi cannot ship systems that are ready to connect to any network. Typically, additional IA-related actions must be implemented, post-delivery, by the customer. Some examples include:

  • Set non-guessable passwords
  • Create specific user accounts as required
  • Install additional IA tools as required (i.e. Virus scanner, IDS, etc.)
  • Review audit logs
  • Maintain specific physical security requirements (e.g. locks, guards, alarms)
  • Active Software Maintenance Contract (purchased separately or bundled with IA Maintenance) is required