U.S. Federal JITC certification: Everything you need to know

Cyber    Pernille Winness Haldsrud, November 3 2020
7 mins
government

Protecting confidential data for government organizations

Ava’s cyber security solution, Ava Reveal, has successfully completed certification testing with the Defense Information Systems Agency’s (DISA) Joint Interoperability Test Command (JITC). The JITC certification allows our product to be added to the Department’s Approved Products List (APL) and is significant for our Federal customers, as well as commercial organizations, as it validates the security of our solution and also enables the procurement of a solution that can help combat growing insider threat issues. 

In this post, we’ll provide you with a deep dive rundown of JITC, including an explanation of why the JITC is important, and suggestions of how this certification impacts you.

What is JITC?

The Joint Interoperability Test Command (JITC) is the United States Department of Defense’s (DoD) non-service operational test agency for Information Technology (IT) and National Security Systems (NSS). 

JITC aims to conduct Information Assurance (IA) or Cyber Security (CS) and Interoperability (IO) testing, which meets acceptable levels to be used on production DoD networks, such as NIPRNet, SIPRNet, or JWICS. Simply put, JITC’s main responsibilities are to certify and test that IT tools are both secure and interoperable per the standards and requirements set by the U.S. Department of Defense.

JITC Cybersecurity tools

The Department of Defense Information Network’s (DoDIN) Approved Product List (APL) consists of 45 different groups, including Cybersecurity Tools (CST). There are 39 approved Cybersecurity Tools, ranging from backup software to firewalls, network packet capturing, web gateways, and application services—and, now, one tool specifically focused on User Activity Monitoring to combat insider threats.

How does the JITC Certification impact you (and why is it important)?

The JITC certification is required to be listed on the APL. DoD organizations use this list of vendor solutions as a starting point for finding IT tools to meet mission critical needs. The certification means customers can be confident in our compliance with the relevant Security Technical Implementation Guides (STIG). As required by the process, we have also established a Military Unique Deployment Guide (MUDG) to ensure customers deploy the solution in compliance with organizational security requirements. Examples of organizations where the JITC Certification is essential: 

  • Department of the Army
  • Department of the Navy
  • Department of the Air Force
  • Office of the Secretary of Defense
  • Inspector General

The JITC certification validates that the vendor product meets strict security requirements established by the U.S. Government and the DoD. The government has such high standards that non-Federal entities can trust that the product will also keep their organizations safe. We’re honored to have this seal of approval, which is a strong indication of a secure product that can further help detect and mitigate insider threats in the Federal Government.

1. Validation of our processes

At Ava we take security to heart. From our product direction and how we design, build and test our own products. We’re very open about our security process and want our customers to be confident in our products. Organizations like JITC help us provide our customers with the confidence that we’re building things the right way, without just having to take our word for it.

2. Commitment to interoperability

As part of a complete solution, Ava Security leverages or integrates with existing infrastructure services such as LDAP, SAML for authentication, and other critical logging tools to ensure end-to-end security and visibility. Certification testing with the JITC gave us the opportunity to demonstrate this capability. 

3. Supporting Federal

By being on the Department of Defense Information Network’s (DoDIN) Approved Product List (APL), we can double down on our investment in Federal, and provide them with the tools they need to continue the mission-critical work they’re doing in service to us all. This is only the beginning.

Ava Reveal is fully JITC certified

Ava Reveal, under its former name Jazz Networks, has successfully completed IA/CS testing. Ava Reveal is now certified by JITC and listed as an approved User Activity Monitoring (UAM) Cybersecurity Tool on the Approved Product List. The certification validates that we are able to serve the government in combating insider threats in a safe, secure, and effective manner. 

At Ava, we have a strong culture of security and continuous improvement. Hiring key talent from the beginning has ensured that our products are built with Federal requirements in mind, which ultimately helped ensure a straightforward evaluation and certification process. Ava Federal, a separate entity part of the Ava family, has developed strong relationships with government partners and agencies and continues to build on those relationships by helping them meet mission-critical goals in enhancing user monitoring and ensuring data security.

The certification process required working with JITC, our partners, and sponsors within DISA. Ava Federal was able to complete certification testing within a short amount of time, despite the many restrictions in place due to COVID-19.

We would like to thank our sponsors, the JITC team, and testers for working diligently with us to test and certify Ava Reveal – especially now, during a time complicated by COVID-19.

Yogan Patel, Sales Engineer, Ava Federal

Working together with Federal organizations

Federal-hosted competition

Ava Reveal won the U.S. Cyber Command insider threat competition in early 2019 against some of the top insider threat, EDR, UBA, and SIEM vendors. 

The insider threat event sought to identify security solutions that employed advanced, real-time analysis of multiple data sources for anomaly detection, specifically those that offered both predictive monitoring and policy-based monitoring features. For every attack, the participants were evaluated across many different dimensions, including “time to respond”, “fullness of context”, and “innovative methods used”.

NITTF CNSSD 504 compliant

Ava Reveal is compliant with the NITTF CNSSD 504 and meets key UAM requirements defined within the document, including keystroke monitoring, full application content, screen capture, file shadowing for all lawful purposes, and attributing all collected data to a specific user. 

government

Protecting confidential data for government organizations