Naval Information Warfare Center (NIWC) Atlantic signed a five-year licensing agreement with Ignyte Platform Inc. for use of the command’s Security Content Automation Protocol (SCAP) Compliance Checker (SCC) trade secret software source code earlier this year.
The agreement allows Ignyte, an integrated cyber risk assurance company, to commercialize compiled binaries of the software. SCC software was initially developed by NIWC Atlantic engineers in 2008 and binary forms of the SCC software were made available for free public use through the Defense Information Systems Agency (DISA) in 2021. The license to Ignyte was issued under the authority of Section 801 of the Fiscal Year 2014 (FY14) National Defense Authorization Act (NDAA).
SCAP Compliance Checker is an application designed to automate security compliance checking using open source SCAP specifications. Due to the critical function the software performs, it is highly requested for use by other government agencies and contractors.
“Currently, SCC is used by over 2000 government employees across 200 plus agencies and is used to audit computers to determine if they are compliant with Department of Defense (DoD) security requirements,” said Jack Vander Pol, SCC team lead with NIWC Atlantic. “The Navy is SCC’s largest end user with over 600 registered users. The software is used by NIWC staff to perform risk management framework (RMF) validation and by system administrators across the U.S. Navy to perform self-assessments.”
The licensing partnership with the Navy will allow the Ignyte team to integrate SCAP with the existing open source ecosystem to bring the capability to a broader set of potential customers that serve the military.
“We can now integrate proven technology into the cyber risk management platform that we offer to our clients, many who already provide services to the federal government,” said Max Aulakh, president of Ignyte. “This strengthens our working relationship with the Navy and Department of Defense and also allows our clients to better support the federal government and meet its security standards.”
NIWC Atlantic’s SCC team will provide initial support to Ignyte as part of the agreement. According to Vander Pol, the NIWC Atlantic team created a custom export of the current version of the software’s source code by removing any sensitive data and documenting the process for Ignyte to compile custom builds of SCC on Windows and Linux. The team will also directly communicate with Ignyte to answer any questions their engineers may have in compiling the SCC trade secret source code to binaries.
The NIWC Atlantic team works closely with industry partners such as Ignyte to develop and enhance existing capabilities required for the defense industrial base. This integration will accelerate the adoption of Cyber Security Maturity Model, Open Security Control Assessment Language (OSCAL) and Federal Risk and Authorization Management Program (FedRAMP) Program.
Capt. Nicole Nigro, NIWC Atlantic commanding officer, signed the software license agreement on behalf of the U.S. Navy on Jan. 18, 2023.
“Agreements like these show how private industry can become instrumental partners in further developing products and technologies that allow companies to easily and more securely work with the federal government,” Nigro said. “We are proud to see the work of our talented engineers expand to have a broader impact in support of the national security mission.”
According to the licensing agreement, any commercial products produced by Ignyte utilizing the licensed source code will need to bear an original name other than the current licensed SCC designator to differentiate it from the NIWC Atlantic software product.
Ignyte purchased a single version of the licensed source code, which cannot be reproduced, for access by an identified group of authorized users. As the software source code is considered trade secret, the company will ensure that the licensed source code is only shared with the authorized users who must be U.S. citizens. Products developed using the licensed source code must be manufactured substantially in the United States.
Find out more about Security Content Automation Protocol Compliance Checker by visiting https://www.niwcatlantic.navy.mil/scap/.
Want to get involved with OS AI? - A small number of Sponsorship Opportunities are now available here. Starting at $500.