NetAcquire Security Features
NetAcquire systems, powered by Red Hat Enterprise Linux for Real Time, are designed to meet the security, compliance, and operational requirements of mission‑critical DoD and government environments.
Platform Security
- SELinux (Security‑Enhanced Linux) enforces mandatory access controls to restrict system access and contain potential breaches.
- System‑wide cryptography policies and FIPS‑validated modules ensure consistent, standards‑based encryption across all services.
DoD Instruction 8500.01
DoDI 8500.01 defines the DoD’s cybersecurity baseline. NetAcquire systems support compliance efforts through alignment with DISA Security Technical Implementation Guides (STIGs) and optional pre‑delivery hardening profiles.
Enhanced Security Operating Modes
With the Enhanced Security option enabled, the system supports two operational modes:
- Restricted Mode Operators access only non‑privileged functions for data acquisition and processing. Administrative functions are unavailable.
- Maintenance Mode Privileged administrators may temporarily enter this mode to adjust security or system configuration settings before returning the system to Restricted Mode for normal operation.
Security Profiles
Systems may be pre‑configured prior to delivery to support DISA STIG requirements. This includes:
- Enabling all encryption and authentication features
- Disabling non‑essential services and daemons
- Applying hardened OS and application configurations
Data at Rest (DaR) Security
LUKS with TPM Integration
NetAcquire systems use LUKS with a Trusted Platform Module (TPM) for secure key management. LUKS encrypts entire block devices, making it well‑suited for protecting internal storage and optional removable media.
CNSSP‑11 / NSA CSfC Solutions
NetAcquire offers CipherDriveOne solutions that participate in the NSA Commercial Solutions for Classified (CSfC) program to meet CNSSP‑11 requirements. These solutions integrate:
- Red Hat Enterprise Linux for Real Time
- TPM‑based key protection
- FIPS‑compliant cryptography
CipherDriveOne provides hardware‑assisted encryption with software‑based authentication, delivering robust protection for sensitive data‑at‑rest.
Data‑in‑Transit (DiT) Protection
Data Flow Engine Cryptography
NetAcquire’s Data Flow Engine (DFE) supports encryption and decryption of data streams using multiple ciphers and modes.
Supported Block Ciphers
- AES
- Aria
- Camellia
- ChaCha20
Confidentiality‑Only Modes
- CFB (Cipher Feedback Mode)
- CTR (Counter Mode)
Authenticated Encryption Modes
Provide confidentiality and integrity:
- GCM (Galois/Counter Mode)
- CCM (Counter with CBC‑MAC)
Supported Key Lengths
- 128‑bit
- 192‑bit
- 256‑bit
