Tools with a DoD Authority To Operate

Product List by Product and Date Posted
Product Date Posted

GrassMarlin

Software

GrassMarlin is a GOTS tool (free) can be used by any organization and is a passive network and discovery tool that identifies control system components and devices and creates a network architecture diagram and inventory which can be imported into the CSET or Visio tools.

May 2018

Cypherpath

Software

Cypherpath is a COTS product (purchase version) that is used in the Cyber Ranges and Test and Development Environment to emulate both IT and OT systems. The software delivers high-fidelity, highly realistic infrastructures that mirror live production isolated environments on-demand by abstracting machines, networks, storage, and apps in software-defined self-contained files. The software is deployed on the DISA Joint Regional Stacks, NAVFAC TDE and has a SIPR ATO. 

May 2018

VMWare Workstation Player

Software

Workstation Player is a COTS product (free and purchase versions) can be used by any organization as a virtual machine. The Kali and SamuraiSTFU tools run on a VM. 

May 2018

Flying Squirrel

Software

Flying Squirrel is a Government-off-the-Shelf (GOTS) free software application developed by the U.S. Naval Research Laboratory that any organization can use to provide real-time discovery, analysis, and mapping of IEEE 802.11a/b/g/n wireless networks. Any organization can use the tool to create a Test and Development Environment and simulate the DoD Host Based Scanning System. 

May 2018

Integrity (formerly Sophia)

Software

Integrity is a COTS product (purchase version) that can be used by any organization and is a passive monitoring solution for ICS/SCADA/FRCS. The original Sophia technology was funded by the DoE and developed by Idaho National Labs. NexDefense obtained exclusive rights to the technology and Integrity is the next evolution of Sophia. Integrity is a purpose built, proactive security solution (modular software platform) that provides network visualization and situational awareness for ICS/SCADA networks and industrial control systems. While most commonly used for defensive purposes, Integrity can also be used for offensive security purposes, to determine potential design flaws, misconfigurations, or other design issues that could be exploited to gain control of a system. DoD originally participated at over 30 sites, and the USMC is the first service to purchase and deploy Integrity and get a NIPRNet ATO. Other services are in various pilot and test stages.

May 2018

OSISoft

Software

The OSISoft Pi System is a COTS product (purchase version) that is a highly secure unidirectional gateway (data diode) used to transmit data from the Level 3 historian to the Level 4 historian. The Pi System enables the business data such as utility consumption to move from the OT side to the IT side for invoicing and transactional data processing. It has a Navy ATO.

May 2018

Nessus Network Monitor

Software

Industrial Security from Tenable delivers non-intrusive, continuous asset discovery and vulnerability detection for safety-critical operational networks. Purpose-built for OT systems, the sensors use passive network monitoring and deep packet inspection to safely detect new assets and reveal OT vulnerabilities across a wide range of protocols and manufacturers – including Siemens, ABB, Emerson, GE, Honeywell, Rockwell/Allen-Bradley, Schneider Electric, and more. The sensors powering Industrial Security are currently part of the DISA-sponsored ACAS solution, which has received ATOs through nearly 9,000 instances across the entire DoD and Intelligence Community. The complete Industrial Security solution – sensors plus management console – is undergoing evaluation in test environments such as the NCRC and should be ready for connection to the DODIN in early 2018.

May 2018

DoD Software Content Automation Protocol Tool

Software

The DoD SCAP Tool is a restricted to government employees and federal contractors and is used to perform vulnerability and compliance checks of IT systems and components using the STIGS. This tool should be used to conduct security audits if the DoD HBSS/ACAS system is not available.

Jun 2018
Share