SAW – So you want to play the government game?

Share Post

I've been pondering good old fashioned sharp toothed saws lately after reading several recent motivational posts around the Internet. I also suspect it is hard for any horror movie aficionado to hear the word uttered without conjuring up the 2000 movie franchise sharing the same single word name, SAW.

In both cases the context of the cutting device is used as a backdrop to present the sharpness of the blades as being important in highly competitive situations. Stephen Covey, the well renowned author of "Seven Habits of Highly Effective People", provides a seventh habit of Sharpening the Saw, a method of refining the intellect, family, and physical work in balance in such a way that the person as a whole stays sharp and is able to cut through tasks with razor efficiency. A recently article by Tyler Tevooreen brings to mind the same imagery with a parable of two loggers in a contest to cut down trees wherein the logger who spends the beginning of his contest with blade to stone ends up with a competitive edge over a much more eager and ultimately overworked counterpart. Of course the movie Saw, well, if you've seen it then you know you'd want it to be as efficient as possible. All of these illustrations point out two key points;

  • If you want to play in the game you MUST bring your saw
  • If you want to win, excel, survive your saw must be sharp

In the world of Government Wi-Fi and high security networking, the cutting device you have to bring to the forest is meeting the stringent policy and certification requirements that drastically limit the companies that can compete for government business. Keeping your "saw" sharp involves continuing to follow and understand those requirements over time and providing a timely portfolio of hardware that can keep up with the breakneck pace of innovation in the Wi-Fiworld. In the following I will detail the policies and credentials that must be met and maintained in order to compete in the Federal space.

For the Department of Defense (DoD) and the Civilian government (Civ) the road to Wi-Fi and Suite B high security networks started with a moratorium against all things broadcast by a computer for the purposes of network connectivity or Bluetooth. This includedWi-Fi, keyboards, mice, etc. The ban was such that some devices sold to the government with these components would be sent to a chop shop post purchase to remove the offending components.

Not until April of 2004 was the Department of Defense Directive 8100.2 published thatallowed properly configured wireless devices to be included in hardware regularly used by the military. Civ agencies continued with a moratorium for many more years only allowing Wi-Finetworks on a case by case basis when the risk was accepted by a Designated Approving Authority in relation to a particular use case.

The first and largest tree to be felled in addressing the initial policy from the government in 2005 was that of the encryption standards that had recently changed from Wired Equivalent Privacy (WEP) to the much more robust Wi-FiProtected Access (WPA2) and the Advanced Encryption Standard (AES). In order to meet the requirement to provide Wi-Fi,a device had to be submitted to the National Institute of Standards and Technology (NIST) for validation of the proper implementation of the encryption module in the product. This was accomplished by meeting the strict standard of the Federal Information Processing Standard (FIPS) in accordance with the Publication 140-2, which specifically provides tests to insure that encrypted information can withstand a parallel attack for a predefined duration of time, thus removing the threat that any piece of information could be used in a meaningful amount of time to threaten national security.

The second major tree that needed a good cutting was that of Common Criteria (CC). This validation focuses on general security robustness and is recognized by more governments than just the United States. Aruba Networks security expert Jon Green provided an excellent two-part article on FIPS and CC in great detail here.

Aruba Networks submitted and was able to meet these initial policy hurdles in the 2005-2006 timeframe providing controller based products utilizing 802.11 a/b/g to DoD customers. Fast forward from that point in time to present day -- the portfolio and advances in both the industry and here at Aruba Networks achieve speeds of greater than a gigabit using 802.11 ac technology -- a staggering accomplishment. Throughout that voyage in time Aruba Networks has focused both people power and dollars to sharpen our saw by proactively working on the required credentials necessary to be a leader to market with government approved network components.

As mass adoption begins to take place in both the DoD and Civ market places in the United States, the ability to utilize the past performance of successfully accredited Aruba Networks is a strong selection factor for our Federal customers. Looking forward to Wave II AC products and beyond, Aruba Networks will continue to practice a balanced portfolio of accredited systems and you can always expect to find us at the grind.

In classic horror movie fashion … you best bring your sharp saw as well if you want to play this game.

PS – I promise to knock it off with the movie analogies

The Movie SAW - (Trigger warning – Horror Film)

Stephen Covey, "Seven Habits of Highly Effective People"

Sharpening the Saw

Tyler Tervooren, "Sharpening The Saw: Why Productive People Always Have Time For Exercise"

DISA 8100.2 Policy for Wireless

FIPS 140-2 Publication