New DoD STIG from DISA for Application Security and Development!

On the 29th of April the Defense Information Systems Agency (DISA) released the Application Security and Development, Security Technical Implementation Guide (STIG) Version 3, Release 3.

Version 3 of this STIG originated a year earlier under the authority of DoD Directive 8500.1. This directive requires all IA and IA-enabled IT products incorporated into DoD Information Systems to be configured in accordance with DoD approved security configuration guidelines. DISA establishes these guidelines to require that components being used to provide IA or IA-enabled functionality will, in addition to meeting all the requirements specified in this document, be evaluated in accordance with the NIAP approval process. For information on the National Information Assurance Partnership (NIAP) approval process or NIAP approved products, refer to the following web site: http://www.niap-ccevs.org/CC-Scheme/VPL/.

DBsign Data Security Suite®, the premier PKI/CAC enabling product for DoD, satisfies this requirement of the STIG. Furthermore, DBsign satisfies Application Security and Development STIG, V3R3 paragraphs:

  • 3.6 Cryptography
  • 3.7.5 Data Integrity
  • 3.8.3 PKI Authentication
  • 3.7.2 Data Storage
  • 3.16 Mobile Code
  • 6.11 PKI Certificate Configuration