Infoblox has been fortunate in that our products have had a strong presence among agencies of the United States federal government. In addition to serving the U.S.’s security needs, it’s always been an accolade that we point to with pride: If Infoblox products are good enough for entities such as the Department of Defense, they are probably sufficient for your network security.
There’s a challenge, of course. Next to finance and health, the federal government has the highest levels of security and compliance of any industry segment. That’s understandable, but an underlying problem is an inconsistent interpretation of what represents compliance. Infoblox systems have been deployed throughout various agencies within the Department of Defense for many years, but while one configuration may be acceptable to one auditor at one military installation, this same configuration rates a failure from another auditor at another military installation because they’ve interpreted the rules in a different way. Or quite possibly used a completely different set of rules!
That’s what led me to reach out to the Defense Information Security Agency, the group within the DoD that oversees technological security. I worked with DISA to create the Security Technical Implementation Guide (STIG) for Infoblox NIOS 7 . Published in May 2016 after a year’s work, the STIG guide creates clear, standardized easy to follow procedures that allows customers to configure their products to a prescribed set of rules. It eliminates uncertainty and increases consistency.
It goes without saying that security is important for the federal government, and when there’s a lack of standardization, it’s a problem. It causes inefficiency and problems for our customers. And frankly, when a government agency fails a security audit, the news reports aren’t granular when it comes to specific commands or bases – it’s the entire agency that failed an audit.
It’s important to note that the DISA approving Infoblox’s STIG is not an approval or an endorsement. It is simply a validation that our product can be put in a state deemed secure by DISA. Any Infoblox customer – military or commercial – can use the library of STIG guidelines to replicate the secure state that the DOD uses. So even if you don’t have military grade network, the Infoblox STIG may be beneficial for you as a starting point for creating a network security baseline on your NIOS systems.