NetAcquire Security Features
NetAcquire, now powered by Red Hat Enterprise Linux for Real Time, puts security compliance front and center.
- SELinux (Security-Enhanced Linux) enforces mandatory access controls to limit system access and contain breaches.
- System-wide cryptography policies and FIPS-compliant modules ensure strong encryption and secure communications.
DoD Instruction 8500.01
DoD Instruction 8500.01 is the foundational cybersecurity policy for the U.S. Department of Defense. NetAcquire offers paths to compliance available via work to fulfill DISA’s Security Technical Implementation Guides (STIG).
Enhanced Security
When equipped with the Enhanced Security option, the server supports two operating modes: Restricted and Maintenance.
The server normally operates in Restricted mode where operators may access non-privileged user functions for data acquisition and processing. System administration functions are not available in this mode.
Privileged users (system administrators) may temporarily put the system in Maintenance mode to reconfigure security and other administrative settings, then return to Restricted mode for normal operation.
Security Profiles
The server may be pre-configured before delivery to improve compliance with DISA STIG requirements. This includes enabling all encryption/authentication features and disabling non-essential daemons/services.
Data at Rest (DaR) Security
LUKS
In NetAcquire systems, LUKS pairs with a TPM module to provide key management. LUKS encrypts entire block devices and is therefore well-suited for protecting contents of devices such as (optionally) removable storage media.
CNSSP-11 (NSA CSfC)
NetAcquire offers CipherDriveOne solutions that are part of the NSA CSfC program to satisfy CNNS Policy No.11 requirements. These products pair with the Red Hat for Real Time and a TPM module, delivering FIPS-compliant cryptography.
CipherDriveOne products provide robust and advanced solutions for safeguarding data-at-rest, ensuring the utmost security for sensitive information. The products seamlessly integrate hardware-based encryption mechanisms, adding an extra layer of protection using software-based authentication.
Cryptography (Encrypting/Decrypting data) for Data in Transit
NetAcquire offers encryption/decryption of data streams via our Data Flow Engine in various ciphers and modes.
Supported block ciphers
- AES
- Aria
- Camellia
- ChaCha20
Modes for encryption/decryption only
These modes support confidentiality.
- CFB (Cipher Feedback Mode)
- CTR (Counter Mode)
Modes for authenticated encryption/decryption
These modes support confidentiality and integrity together.
- GCM (Galois/Counter Mode)
- CCM (Counter with Cipher block chaining MAC)
Key Lengths
- 128 bits
- 192 bits
- 256 bits
