What is the Department of Defense Information Network Approved Products List (DoDIN APL)?

The Department of Defense Information Network Approved Products List (DoDIN APL) ensures the security and reliability of the technology used by the United States Military. The DoDIN APL names specific models of network infrastructure devices that have been tested and verified for utilization within the DoD's network infrastructure.

What are the goals of the Department of Defense Information Network Approved Products List (DoDIN APL)?

The goals and purpose of the Department of Defense Information Network Approved Products List (DoDIN APL) is to provide a measurable level of assurance to the Department of Defense that the products listed have been through meticulous security testing and meet their stringent requirements. The DoDIN APL also works to streamline the acquisition process by providing a pre-approved list of products that can be used in various network configurations within the DoD.

Who is subject to the Department of Defense Information Network Approved Products List (DoDIN APL)?

All Department of Defense Information Network (DoDIN) components, including the Army, Navy, Air Force, and Marine Corps, are required to purchase only those technology products that are included in the DoDIN APL. This included contractors, subcontractors, and other entities engaged with the DoD. Technology products included typically consist of routers, switches, firewalls, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS). Communication systems like Voice over IP (VoIP), video conferencing tools, cybersecurity products, and software applications may also be considered for inclusion. Inclusion in the DoDIN APL shows that the product is reliable, secure, and trusted at the highest levels of government.

FIPS 140 and DoDIN APL

Q: What is the relationship between DoDIN APL and FIPS 140?

DoDIN APL and FIPS 140 have a close relationship. FIPS 140 is a U.S. Government standard that details the security requirements for cryptographic modules, and it is issued by the National Institute of Standards and Technology (NIST), a unit of the U.S. Department of Commerce. Any product that employs cryptographic modules must comply with FIPS 140 to be considered for inclusion on the DoDIN APL. A FIPS 140 Certification affirms that a product's cryptographic modules meet the stringent security requirements laid out by the U.S. government.

Q: How does SafeLogic overcome the FIPS 140 problem for the DoDIN APL Ecosystem?

SafeLogic offers FIPS 140 Validation-as-a-Service, guaranteeing your company a FIPS 140 certificate in your own name in just two months, whereas traditional validation can take up to two years. SafeLogic ensures your FIPS 140 certification remains 'active' in spite of changing requirements. When a technology vendor obtains FIPS 140 Validation for a product, they can sell that product to federal agencies and companies in the Defense Industrial Base that are pursuing CMMC contracts.

What is the DoDIN APL and What are its Goals?

The Department of Defense Information Network Approved Products List (DoDIN APL) is a pivotal component in ensuring the security and reliability of the technology used by the United States military
This list encompasses the specific models of network infrastructure devices that have been tested and verified for utilization within the DoD's network infrastructure
The purpose of the DoD APL is twofold. Firstly, it provides a measurable level of assurance to the Department of Defense that the products listed have been through meticulous security testing and meet their stringent requirements
The second purpose is to streamline the acquisition process by providing a pre-approved list of products that can be used in various network configurations within the DoD

Who is Subject to DoDIN APL?

DISA process guide

All Department of Defense (DoD) components, including the Army, Navy, Air Force, and Marine Corps, are required to purchase only those technology products that are included in the DoD Approved Products List (APL). This requirement extends to any contractors, subcontractors, and other entities directly or indirectly engaged with the DoD
Technology products on the DoD APL primarily consist of network infrastructure devices such as routers, switches, firewalls, Intrusion Detection Systems (IDS), and Intrusion Prevention Systems (IPS). Furthermore, communication systems like Voice over IP (VoIP) and video conferencing tools, cybersecurity products, and software applications that are designed to operate within the DoD's network environment can also be considered for inclusion
Inclusion in the DoD APL is a significant achievement for any product. It shows potential customers, particularly those within the Department of Defense, that the product is reliable, secure, and trusted at the highest levels of government. Consequently, it opens up significant business opportunities within the defense sector, where the stakes are high and the need for trusted, reliable products is vital

What is the Relationship Between DoDIN APL and FIPS 140?

DoDIN APL and FIPS 140 have a close relationship, particularly in the realm of cybersecurity
FIPS 140 is a U.S. government standard that details the security requirements for cryptographic modules — hardware or software components that handle encryption and decryption. It is issued by the National Institute of Standards and Technology (NIST), a unit of the U.S. Department of Commerce
Any product that employs cryptographic modules, such as those used for secure data transmission, secure storage, or user authentication, must comply with FIPS 140 to be considered for inclusion on the DoDIN APL
Thus, FIPS 140 compliance forms a crucial part of the security assessment carried out during the evaluation process for the DoDIN APL
Achieving FIPS 140 certification affirms that a product's cryptographic modules meet the stringent security requirements laid out by the U.S. government, further bolstering its chances of inclusion on the DoDIN APL and demonstrating its commitment to providing the highest level of security

How Are Companies Seeking DoDIN APL Certification Getting Tripped Up by FIPS 140 Validation?

APLIT user guide

Being included on the DoD APL is not a simple task. It requires a product to undergo a comprehensive evaluation process. It includes both testing for security vulnerabilities and functionality testing to ensure that the product can perform its intended task without causing disruptions within the DoD's complex network environment
Traditionally, companies seeking compliance with the FIPS 140 component of DoDIN APL have had one choice: hire a FIPS 140 consultant who would then orchestrate a long, complex, difficult and expensive process involving the applicant, the consultant, a FIPS 140 testing lab certified by NIST, NIST itself, and possibly the encryption module supplier to document, test and certify the exact cryptographic modules being used in the product being assessed for DoDIN APL certification
Often this work would be based on an open-source cryptography module, or one embedded in the product operating system. Given the long queues and limited resources at both the certification labs and NIST itself, this process can literally take years

How Does SafeLogic Overcome the FIPS 140 Problem for the DoDIN APL Ecosystem?

Through its breakthrough FIPS 140 Validation-as-a-Service offering, SafeLogic can get your company a FIPS 140 certificate in your own names in just two months, not the 2+ years as is required for traditional FIPS 140 validations
SafeLogic also ensures your FIPS 140 certificate remains ‘active’ despite changing requirements or the discovery of security vulnerabilities, so you can continue using it to support procurements
Once a technology vendor obtains FIPS 140 validation for its product, they can now sell that product to federal agencies. In additional, their product now meets the stringent cryptography requirements in DoDIN APL, Common Criteria, FedRAMP, StateRAMP and CMMC 2.0

Safe Logic logo

Four Ways Companies Pursuing DoDIN APL Certification Benefit from Working with SafeLogic

1. SafeLogic provides you one-stop shopping. As opposed to working with a FIPS 140 consultant AND a FIPS certification lab AND NIST AND possibly open source or operating system vendors, you only need to work with SafeLogic. Our FIPS 140 experts handle any necessary interaction with any third party. Your resources can then focus on other aspects of your DoDIN APL initiative.

2. SafeLogic helps you continue meeting your DoDIN APL cryptography requirements as your FIPS 140 requirements change and their needs change. For instance, SafeLogic experts can test new algorithms, test new OEs, etc.

3. Should you need one, RapidCert can get you a FIPS 140 certificate in your own name in two months. In the FIPS 140 world, vendors with their own CMVP certificates can have a distinct competitive advantage over those relying on an open source or operating system CMVP cert from another vendor.

4. MaintainCert makes sure your underlying FIPS Validated module remains ‘Active’ using a white glove service model for a fixed cost. If a company relies on an open-source module or something that comes with the OS, and that module goes historical, that will put its DoDIN APL status at risk.

FIPS 140

Cybersecurity Compliance

Technology