Cleansing media in an unobtrusive manner requires the ability to rapidly develop and deploy the tools to catch the attacks, clean infected files and ensure operations proceed at pace. Tresys understands the mission critical requirements for pragmatic and fast file sanitization.

Areas of focus include the following:

• Clean multiple file types such as the following:
  • Microsoft Office(Word, Excel, PowerPoint),
  • Imagery file types such as:
    • Joint Photographic Experts Group (.jpg);
    • Bitmap (.bmp);
    • Tagged Image Format (.tiff);
    • Microsoft Metafile and Enhanced Metafile (.wmf or .emf);
    • Graphics Interchange Format (.gif);
    • Portable Network Graphics (.png);
  • Compressed files (.zip, .gz, .bz2, and .tar); and
  • Text Files.
• Quarantine malicious files.
• Perform appropriate auditing.
• Ensure data at rest protection.
• Clean multiple types of removable media, including encrypted media.

Services may include the following:

• File Sanitization Assessment
• File Sanitization Solution Engineering & Development (New and/or Integration)
• File Sanitization Tool Deployment
• Training & Support

Related Technologies:

• File Sanitization Tool
• VM Fortress

Related Solutions:

• File Sanitization Tool

Tresys application security engineering builds upon Linux system security and centralized identity and access management to bring application security to a new level. Additionally, Tresys is a pioneer in the analysis of secure Linux systems as part of the certification processes. This combined experience allows our developers and engineers to efficiently and effectively lock down systems and meet compliance requirements.

Areas of focus include:

• Analyze security risk factors and compliance requirements.
• Gather and articulate system security goals.
• Examine the system security architecture and critical security controls.
• In-depth analysis of the security policies (e.g., SELinux, etc.).
• Code-level audit of security aware or security critical software components.
• For assessment projects:
  • Create and present a security assessment report which may include:
    • Identification of risks and security critical systems
    • Analysis of current weaknesses in architecture, configuration, and procedures
    • Recommendations for short and long term changes to improve the security posture and responsiveness of the organization
  • Develop total cost of ownership (TCO) and/or cost benefit analysis (CBA) of recommended changes for practical, cost-effective strategy.
• Review and/or recommend appropriate commercial-off-the-shelf (COTS) or government-off-the-shelf (GOTS) solutions, custom options and integrated solutions to meet tactical and strategic requirements, standards, or address vulnerabilities.
• Configure application security controls according security best practices.
• Implement customized protection and hardening policies for applications using Linux system security controls; including customizing iptables and existing SELinux policies.
• Integrate application authentication and authorization mechanisms with centralized identity solutions, including Single Sign-on and multi-factor authentication.
• Review and update application update mechanisms and procedures including the following:
  • Email
  • Web applications
  • IM & Chat environments
  • Social networking sites
  • Application Firewalls
  • Databases

Services may include the following:

• Application Security Assessment & Consulting (for Government & Systems Integrators)
• Application Lockdown Engineering/Development (New and/or Legacy)
• Application Migration (post Security redesign)
• Training & Support

Related Technologies:

• Open Source: Certifiable Linux Integration Platform (CLIP)
• Open Source: CDS Framework
• VM Fortress
• Bedrock
• Brickwall
• Razor

Related Solutions:

• DCID 6/3 & NIST 800-53 Linux Platform
• N-Tier Application Mandatory Access Control (MAC) for UK Government

Tresys is an industry recognized leader in multilevel security (MLS) and multi single level (MSL; or multi-enclave) security challenges. Coupled with our strong CDS background, Tresys has proven expertise and experience in the development of multi-level clients and servers, the deployment of effective platforms, and support for security policies and rules development.

Areas of focus include:

• Analyze operational environment, including appropriate regulations (e.g., Director of Central Intelligence Directive [DCID] 6/3, Department of Defense [DOD] 8500.2, DOD Instruction 8510.01 - Defense Information Assurance Certification and Accreditation Process [DIACAP].
• Analyze documented high-level functional requirements and risk factors.
• Review the security requirements for appropriate operating environment / networks, including Top Secret, Secret, and Coalition classifications.
• Review of required MLS or MSL requirements addressing TSABI (Top Secret/SCI and Below Interoperability), TABI (Top Secret and Below Interoperability), SABI (Secret and Below Interoperability).
• Review of operational platforms including system monitoring, integrity measurement, auditing, and administrative role separation.
• Functional and compliance review of MLS or MSL applications.
• Review of all appropriate documentation, security policies, functional and security testing infrastructure, and operational procedures.
• For assessment & consulting projects:
  • Create and present a strategic MLS/MSL roadmap which may include:
    • Identification of risks and security critical systems
    • Analyze of current weaknesses in architecture, configuration, and procedures
    • Recommend short and long term changes to improve the security posture and responsiveness of the organization
    • Review and/or recommend appropriate commercial-off-the-shelf (COTS) or government-off-the-shelf (GOTS) solutions, custom options and integrated solutions to meet tactical and strategic requirements, standards, or address vulnerabilities
  • Develop a total cost of ownership and/or cost benefit analysis of recommended changes for practical, cost-effective strategy
• For solution development efforts:
  • Design security architecture capable of meeting the most stringent security requirements for networks operating at Top Secret, Secret, and Coalition classifications.
  • Develop a secure Linux platform, including system monitoring, integrity measurement, auditing, and administrative role separation.
  • Develop full-system, strict SELinux policies.
  • Port existing MLS / MSL applications from legacy trusted operating systems.
  • Create and execute functional and security tests.
  • Develop documentation to meet certification and accreditation requirements.
  • Support certification and accreditation testing.
  • As appropriate, migrate existing policies (e.g., Trusted Solaris) to full-system, strict SELinux policies.

Services may include the following:

• MLS/MSL Assessment & Consulting (for Government & Systems Integrators)
• MLS/MSL Engineering & Development (New and/or Integration)
• MLS/MSL Solution Deployments & Migrations
• Training & Support

Related Technologies:

• Open Source: Certifiable Linux Integration Platform (CLIP)
• Open Source: CDS Framework
• TurretGate
• VM Fortress

Related Solutions:

• DCID 6/3 & NIST 800-53 Linux Platform
• Cross Domain Toolkit for US Department of Defense / Intelligence Agencies
• Virtualization Security for Australian Defense

Tresys helped pioneer the use of Linux in cross domain solutions (CDS) and brings deep expertise to bear on the unique security challenges posed by connecting differing security domains. Tresys also has extensive expertise and experience in the development of multi-level clients and servers. From innovative technology integration to custom guards or one way message transfer, Tresys delivers secure, yet practical, solutions.

Areas of focus include:

• Analyze operational environment, including appropriate regulations (e.g., Director of Central Intelligence Directive [DCID] 6/3, Department of Defense [DOD] 8500.2, DOD Instruction 8510.01 - Defense Information Assurance Certification and Accreditation Process [DIACAP].
• Analyze of documented high-level functional requirements and risk factors.
• Review the security requirements for appropriate operating environment / networks, including Top Secret, Secret, and Coalition classifications.
• Review of required CDS requirements addressing TSABI (Top Secret/SCI and Below Interoperability), TABI (Top Secret and Below Interoperability), and SABI (Secret and Below Interoperability).
• Review of operational platforms including system monitoring, integrity measurement, auditing, and administrative role separation.
• Functional and compliance review of CDS applications and associated data flows / rules.
• Review of all appropriate documentation, security policies, functional and security testing infrastructure, and operational procedures.
• For assessment & consulting projects:
  • Create and present of a strategic CDS roadmap which may include:
    • Identify of risks and security critical systems
    • Analyze of current weaknesses in architecture, configuration, and procedures
    • Recommend short and long term changes to improve the security posture and responsiveness of the organization
    • Review and/or recommend appropriate commercial-off-the-shelf (COTS) or government-off-the-shelf (GOTS) solutions, custom options and integrated solutions to meet tactical and strategic requirements, standards, or address vulnerabilities
  • Develop a total cost of ownership and/or cost benefit analysis of recommended changes for practical, cost-effective strategy
• For solution development efforts:
  • Design security architecture capable of meeting the most stringent security requirements for networks operating at Top Secret/SCI, Top Secret, Secret, and Coalition classifications.
  • Develop a secure Linux platform, including system monitoring, integrity measurement, auditing, and administrative role separation.
  • Develop of full-system, strict SELinux policies.
  • Port existing CDS applications from legacy trusted operating systems.
  • Create and execute functional and security tests.
  • Develop documentation to meet certification and accreditation requirements.
  • Support certification and accreditation testing.
  • As appropriate, migrate existing policies (e.g., Trusted Solaris) to full-system, strict SELinux policies.
• Note that for messaging services environments Tresys may leverage our existing CDS messaging platform - TurretGate. Key features of TurretGate include the following:
  • Delivers high security and performance in an appliance-based Cross Domain Solution (CDS) for appropriate routing of middleware-oriented messaging (MOM) traffic.
  • Based on Java Messaging Services (JMS) but adaptable to other message formats (e.g., X.500, STOMP, etc.).

Services may include the following:

• CDS Assessment & Consulting (for Government & Systems Integrators)
• CDS Engineering & Development (New and/or Integration)
• CDS Deployments & Migrations
• Training & Support

Related Technologies:

• Open Source: Certifiable Linux Integration Platform (CLIP)
• Open Source: CDS Framework
• TurretGate
• VM Fortress

Related Solutions:

• DCID 6/3 & NIST 800-53 Linux Platform
• Cross Domain Toolkit for US Department of Defense / Intelligence Agencies

Tresys secure application development services include augmenting existing applications to add security features, developing new security-critical applications, and complete system development - including operating system level enhancements and suites of integrated applications. Tresys software developers deliver the most complex projects on time with exceptionally high quality.

Areas of focus include:

• Design application architectures capable of meeting the organization's functional requirements.
• Port existing applications or functional requirements from legacy trusted environment - both network and platform.
• Develop applications for different usability, reliability and functional requirements including:
  • Middleware, Custom and Web applications using technologies such as JBoss, AJAX, LAMP, Clearsilver, Apache or Cherokee, Python, Perl, PHP, and Websphere;
  • Database development on platforms such as DB2, Oracle, MySQL, POstgreSQL; and
  • Service oriented architectures using XML (SOAP or REST) on HTTP, FTP and SMTP via WSDL.
• Create and execute operational, functional and security testing.
• Deploy and integrate developed applications per client needs.

Services may include the following:

• Applications Assessment & Planning
• Application Development (New and/or Integration)
• Application Deployment
• Training & Support

Related Technologies:

• Open Source: Certifiable Linux Integration Platform (CLIP)
• TurretGate
• VM Fortress
• Bedrock
• Brickwall
• Razor

Related Solutions:

• DCID 6/3 & NIST 800-53 Linux Platform
• Secure Chat Solution for US Depart of Defense Combat Command
• N-Tier Application Mandatory Access Control (MAC) for UK Government