ObjectSecurity, the leader for application security policy automation, and Promia, Inc., a leading provider of secure technologies to government and industry, today announced that they have been contracted for another project phase by US Navy (with Promia as the prime under a Promia Raven™ engineering & support contract, and ObjectSecurity as subcontractor). The main purpose of this project spiral is to implement a next-generation full-stack, high-assurance security intrusion detection and enforcement architecture and XML information assurance across US Navy networks. The project spiral involves integrating ObjectSecurity OpenPMF™ policy management with Promia Raven™ XML information exchange capabilities, and scalable Authorization Based Access Control (ZBAC) to distribute authorizations.
Dr. Ulrich Lang, CEO and co-founder of ObjectSecurity commented: “We are thrilled to implement our joint architecture for high-assurance SOA and Cloud applications, and to put it into operational use for Navy. This XML information assurance milestone will integrate OpenPMF with Raven in an operational environment, and thus set the scene for the remaining future spirals”. John Mullen, CEO and co-founder of Promia added: ”This project moves our product strategy forward together with ObjectSecurity, NuParadigm, and HP Labs technology (ZBAC). The partnership combines top experts and technologies from around the world with a seasoned team who know Navy networks, understand Navy personnel and have worked successfully for years in the field to support Navy objectives.”
Future phases call for the technology to be jointly developed using enhanced versions of existing program tools and installed equipment to provide extended service at minimal cost and impact to existing systems (incl. Promia Raven / Blocker / Notebook, ObjectSecurity OpenPMF, NuParadigm, HP Labs ZBAC). Once all spirals have been completed, the project will provide an Information Assurance (IA) platform for the development and operation of secure and reliable systems for government, commercial and military organizations, and to specifically support the cyber defense of Navy’s SOA and Cloud applications. These systems also provide extended cyber situational awareness with improved battle damage assessment. The project focuses on what really matters in cyber security: a high performance trust architecture with development tools that enforce the paradigm; lifecycle education and training; and proactive, dynamic Information Assurance (IA). The project provides an effective means to efficiently manage information assurance for dynamically changing, interconnected SOA & Cloud applications, and particularly a facility to expedite (1) agile change, (2) rapid certification and accreditation (C&A), (3) flexible policy management. On a technical level, the project will provide (1) “Constraining” high assurance SOA & Cloud application development environment; (2) Run Time hardened, trusted runtime platform with full-stack protection hosts SOA/Cloud applications and protection; (3) Management system with global, full-stack policy management & automation, reporting, accreditation automation & decision support, configuration, versioning, scanning, testing. Without this project, the intended benefits of Navy SOA & Cloud adoption would be lost.