|ORBexpress® Successfully Completes Security Evaluation for F-35 Lightning II Joint Strike Fighter|
In support of Joint Strike Fighter program requirements, Lockheed Martin, the National Security Agency, InfoGard and OIS have successfully completed a security evaluation of the ORBexpress RT for C++ product. A variety of artifacts were generated during this process that are useful for certification and accreditation of U.S. Department of Defense systems that use the ORBexpress products. The results of the evaluation process satisfied the Joint Strike Fighter program requirements for compliance with the National Security Telecommunications and Information Systems Security Policy (NSTISSP) No. 11.
The CNI system, being developed by Northrop Grumman for the F-35’s prime contractor, Lockheed Martin, is a crucial component for the success of the F-35’s advanced warfighting mission. The CNI system needs strong security to insure seamless and uninterrupted performance on the battlefield. The successful evaluation of ORBexpress saved the JSF program significant time and money by allowing the program to use COTS (Commercial Off-the-Shelf) communications middleware while still meeting the JSF's security objectives, instead of developing costly proprietary middleware.
The Northrop Grumman CNI system uses software defined radios based on the Software Communications Architecture (SCA). Developed by the U.S. Department of Defense as part of the Joint Tactical Radio System (JTRS), the SCA uses the Common Object Request Broker Architecture (CORBA) as the communications middleware framework. ORBexpress meets the rigorous requirements for JTRS radios transmitting classified data.
InfoGard, an internationally recognized security consulting, testing and evaluation company, was one of the two independent parties that evaluated ORBexpress. InfoGard is an accredited Common Criteria laboratory under NIAP and NVLAP (NVLAP Lab Code: 100432-0), and was the first private IT security laboratory to become accredited by the United States National Institute of Standards and Technology (NIST). InfoGard also performs security testing such as penetration testing and application vulnerability assessments. InfoGard is accredited to test and validate the security of IT products and networks for approval and use by the U.S. Federal Government, the Department of Defense, Visa International, and MasterCard International.
"As part of our evaluation of ORBexpress, we were given unprecedented access by OIS to the code, development processes and developers of ORBexpress," said Ryan Day of InfoGard. "Combined with OIS's thorough responses to our questions, this access enabled us to efficiently complete our evaluation."
"During this stringent evaluation, a number of independent third parties reviewed and analyzed ORBexpress for different quality aspects," said Charles Rush, Vice President of OIS’s Software Products Engineering. "This gives the developers of mission-critical systems even further confidence in using ORBexpress to develop their systems which require high robustness and reliability."
ORBexpress is a registered trademark, and Objective Interface and OIS are trademarks, of Objective Interface Systems, Inc. All other trademarks are the property of their respective owners.