DoDIN APL Archives - Corsec Security, Inc.®

Fed Roundup: December 2025

Jake Nelson — Thu, 08 Jan 2026 17:39:09 +0000

Announcements:

DISA calls for strengthened partnerships with industry during their Forecast to Industry 2025 event

Security Technical Implementation Guide Updates:

Microsoft Azure SQL Managed Instance STIG – Ver 1, Rel 1
1 All SRG-STIGs Public (U)
Canonical Ubuntu 24.04 LTS STIG SCAP Benchmark – Ver 1, Rel 2
Oracle Linux 8 STIG SCAP Benchmark – Ver 2, Rel 6
Cisco NX OS Switch STIG
Cisco IOS Switch STIG
Canonical Ubuntu 24.04 LTS STIG – Ver 1, Rel 3
Canonical Ubuntu 24.04 LTS STIG for Chef – Ver 1, Rel 3
Riverbed NetIM STIG
Apple vision OS 2
Oracle Linux 9 STIG SCAP Benchmark – Ver 1, Rel 1
Apple iOS/iPadOS 26 STIG – Ver 1, Rel 1
Microsoft Office 365 ProPlus STIG SCAP Benchmark – Ver 3, Rel 6
Microsoft Defender Antivirus STIG SCAP Benchmark – Ver 2, Rel 6
Cisco IOS XE Router RTR STIG SCAP Benchmark – Ver 3, Rel 4
Cisco IOS XE Router NDM STIG SCAP Benchmark – Ver 3, Rel 4
Canonical Ubuntu 24.04 LTS STIG for Ansible – Ver 1, Rel 3
Canonical Ubuntu 22.04 LTS STIG SCAP Benchmark – Ver 2, Rel 4
Apple macOS 26 (Tahoe) STIG – Ver 1, Rel 1

Updates & Announcements:

None

Special Publications, Interagency Reports, & Cybersecurity White Papers:

Updates & Announcements:

None

Protection Profile Announcements:

NIAP Endorses CPP ND V4.0

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: December 2025 appeared first on Corsec Security, Inc.®.

Fed Roundup: November 2025

Jake Nelson — Tue, 02 Dec 2025 16:03:25 +0000

Announcements:

DISA is modernizing its Data Centers

Security Technical Implementation Guide Updates:

Anduril NixOS STIG – Ver 1, Rel 2
Application Programming Interface (API) SRG – Ver 1, Rel 1
Application Security and Development STIG – Ver 6, Rel 4
Apple macOS 15 (Sequoia) STIG – Ver 1, Rel 5
Apache Tomcat Application Server 9 STIG – Ver 3, Rel 3
Canonical Ubuntu 22.04 LTS STIG for Chef – Ver 2, Rel 6
Canonical Ubuntu 22.04 LTS STIG for Ansible – Ver 2, Rel 6
Canonical Ubuntu 22.04 LTS STIG – Ver 2, Rel 6
Canonical Ubuntu 24.04 LTS STIG – Ver 1, Rel 3
Cloud Linux AlmaLinux OS 9 STIG – Ver 1, Rel 3
Cisco IOS XR Router STIG
Cisco IOS XE Switch STIG
Cisco IOS XE Router STIG
Cisco IOS Router STIG
Dragos Platform 2.x STIG – Ver 1, Rel 4
Google Android 15 STIG
Google Android 14 STIG
Google Android 14 BYOAD STIG
IBM z/OS STIG
Ivanti Connect Secure STIG
MariaDB Enterprise 10.x STIG – Ver 2, Rel 4
Microsoft Windows Server 2022 STIG – Ver 2, Rel 6
Microsoft Windows Server 2019 STIG – Ver 3, Rel 6
Microsoft Windows 11 STIG – Ver 2, Rel 5
Microsoft Windows 10 STIG – Ver 3, Rel 5
Microsoft SQL Server 2022 STIG
Microsoft Office 365 ProPlus STIG – Ver 3, Rel 4
Microsoft IIS 10.0 STIG
Oracle Linux 9 STIG – Ver 1, Rel 3
Oracle Linux 8 STIG for Ansible – Ver 2, Rel 6
Oracle Linux 8 STIG – Ver 2, Rel 6
Oracle Database 19c STIG – Ver 1, Rel 3
Rancher Government Solutions RKE2 STIG – Ver 2, Rel 4
Red Hat OpenShift Container Platform 4.x STIG – Ver 2, Rel 4
Red Hat Enterprise Linux 9 STIG for Chef – Ver 2, Rel 6
Red Hat Enterprise Linux 9 STIG for Ansible- Ver 2, Rel 6
Red Hat Enterprise Linux 9 STIG – Ver 2, Rel 6
Red Hat Enterprise Linux 8 STIG for Ansible – Ver 2, Rel 5
Red Hat Enterprise Linux 8 STIG – Ver 2, Rel 5
Samsung Android OS 15 with Knox 3.x STIG
Samsung Android OS 14 with Knox 3.x STIG
Samsung Android 15 BYOAD STIG
Samsung Android 14 BYOAD STIG
Traditional Security STIG Checklist – Ver 2, Rel 7
Tri-Lab Operating System Stack (TOSS) 4 STIG – Ver 2, Rel 3

Updates & Announcements:

None

Special Publications, Interagency Reports, & Cybersecurity White Papers:

Updates & Announcements:

NIAP Progress Report – Third Quarter 2025

Protection Profile Announcements:

PP-Module for Virtual Private Network Version 3.0

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: November 2025 appeared first on Corsec Security, Inc.®.

Fed Roundup: October 2025

Jake Nelson — Tue, 04 Nov 2025 21:56:17 +0000

Announcements:

The STIG program is on hold during the U.S. Government shutdown

Security Technical Implementation Guide Updates:

Axonius Federal Systems Ax-OS STIG – Ver 1, Rel 1
BIND 9.x STIG – Ver 3, Rel 1
Google Android 16 STIG
Samsung Android 16 STIG
Microsoft Defender Antivirus STIG – Ver 2, Rel 6

Updates & Announcements:

None

Special Publications, Interagency Reports, & Cybersecurity White Papers:

None

Updates & Announcements:

Protection Profile Announcements:

None

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: October 2025 appeared first on Corsec Security, Inc.®.

Fed Roundup: September 2025

Jake Nelson — Tue, 30 Sep 2025 21:52:19 +0000

Announcements:

DISA has announced changes to the DoDIN APL program

Security Technical Implementation Guide Updates:

Axonius Federal Systems Ax-OS STIG – Ver 1, Rel 1
Canonical Ubuntu 24.04 STIG SCAP Benchmark – Ver 1, Rel 1
Cloud Computing SRG
BIND 9.x STIG – Ver 3, Rel 1
Google Android 16 STIG
Samsung Android 16 STIG
Microsoft Defender Antivirus STIG – Ver 2, Rel 6

Updates & Announcements:

None

Special Publications, Interagency Reports, & Cybersecurity White Papers:

Updates & Announcements:

2nd Quarter Progress Report
Functional Package for Transport Layer Security (TLS) Version 2.1 published
Product Removals due to CVEs
CISA Releases Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Devices

Protection Profile Announcements:

Draft Protection Profile for General Purpose Operating Systems (GPOS) V5.0

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: September 2025 appeared first on Corsec Security, Inc.®.

Fed Roundup: August 2025

Jake Nelson — Wed, 03 Sep 2025 18:13:27 +0000

Announcements:

Security Technical Implementation Guide Updates:

Apple iOS/iPadOS 18 – Ver 2, Rel 1
Compilation – SRG-STIG Library (U)
Cloud Computing SRG
Microsoft Defender Antivirus STIG – Ver 2, Rel 5

Updates & Announcements:

None

Special Publications, Interagency Reports, & Cybersecurity White Papers:

Updates & Announcements:

1st Quarter Progress Report

Protection Profile Announcements:

None

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Dir of Marketing
Jnelson@corsec.com

The post Fed Roundup: August 2025 appeared first on Corsec Security, Inc.®.

The DoDIN APL Program Is Ending

Jake Nelson — Wed, 06 Aug 2025 14:47:18 +0000

On July 18th, DISA released a final memo regarding the DoDIN APL. Although brief, the subject of the document was to announce that the DoDIN APL, as it is known today, is going to sunset (cease to exist).

The following dates were referenced within the memo:

The APL program will be sunset on September 30, 2025
All testing will be completed by December 31, 2025
DISA will maintain the repository of approved DoDIN APL products through FY 2026
Any work that cannot be completed by that time will be returned to the vendor
Moving forward, cybersecurity requirements will transition to the DISA RME Vendor Security Technical Implementation Guides (STIG) program
Interoperability (IO) requirements will be identified by a soon to be updated Unified
Capabilities Requirements (UCR)-CORE document and enforced through
contractual provisions

Although this is a big change, the new direction indicates aspects of the program will remain – the most notable being STIG authoring and or testing.

This shift in the program means developing a plan and strategy to address compliance/security requirements for the DoD is now arguably more important without the APL to backup vendor claims through listings. Areas like FIPS 140-3, Common Criteria (EAL), STIG compliance, UCR conformance, etc. will be critical. These certifications will likely become increasingly relied upon as proof of security and testing by a Government program now that the DoD won’t have its own.

The time to complete STIG work (which should continue to be required for DoD sales) will be reduced and the cost will drop as well. Corsec believes it will take time for all the military agencies and offices to become aware of the change that occurred over the past few weeks. As such, it is important to talk to your customers and prospects directly.

If you would like to speak directly with a member of our team, set a time to talk to our experts.

About The DoDIN APL

For 15 years, the DoDIN APL represented the agency’s master list of secure, trusted, and approved technology infrastructure products. The DoDIN APL was developed in an effort to maintain a single consolidated list of products that have completed Interoperability (IO) and Information Assurance (IA) / Cybersecurity (CS) certification. Getting a product included on this coveted list involved a rigorous 39-step process overseen by the Approved Products Certification Office (APCO). This laborious and often confusing process involved the submission of a series of properly completed forms and product documentation, attainment of prerequisite validations, and adherence to strict scheduling guidelines and interdependencies.

About Corsec Security, Inc.

For over 27 years, Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post The DoDIN APL Program Is Ending appeared first on Corsec Security, Inc.®.

CSG Completes DoDIN APL Process on their NetScaler MPX Solution

Jake Nelson — Mon, 16 Jun 2025 22:11:03 +0000

Corsec would like to congratulate our partner, Cloud Software Group (CSG), formerly Citrix, on completing the DoDIN APL process for their NetScaler MPX 9100 FIPS and 8900 FIPS solution. To achieve this milestone, CSG partnered with Corsec, both teams working to harden the product against security requirements for STIG testing, CAC compliance, and IPv6.

The platform is listed under Tracking Number (TN) 2412201 as a Cybersecurity Tools (CST). Both Interoperability (IO) certification and Cybersecurity (CS) testing were completed at a DISA Test Center of Excellence (TCOE).

For more on the listing process, visit the DISA Approved Products List and for more information on engineering your product to meet federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About The DoDIN APL

The DoDIN APL represents the agency’s master list of secure, trusted, and approved technology infrastructure products. The DoDIN APL was developed in an effort to maintain a single consolidated list of products that have completed Interoperability (IO) and Information Assurance (IA) / Cybersecurity (CS) certification. Getting a product included on this coveted list involves a rigorous 39-step process overseen by the Approved Products Certification Office (APCO). This laborious and often confusing process involves the submission of a series of properly completed forms and product documentation, attainment of prerequisite validations, and adherence to strict scheduling guidelines and interdependencies.

About Cloud Software Group

More than 100 million users around the globe rely on Cloud Software Group to help them adapt, transform, and meet the challenges facing every modern enterprise across private, public, managed and sovereign cloud environments.

About Corsec Security, Inc.

For over 27 years Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

Connect With Us:

Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe

Press Contact:

Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com

The post CSG Completes DoDIN APL Process on their NetScaler MPX Solution appeared first on Corsec Security, Inc.®.

SEL completes 2nd DoDIN APL Project for SDN Product

Jake Nelson — Mon, 16 Jun 2025 21:45:41 +0000

Corsec would like to congratulate our partner, Schweitzer Engineering Laboratories, Inc. (SEL), on completing the DoDIN APL process for their SEL-2700 Series Software Defined Network (SDN) Switches and SEL-5056 Flow Controller. To achieve this milestone, SEL partnered with Corsec, both teams working to harden the product against security requirements for STIG testing, CAC compliance, and IPv6.

The platform is listed under Tracking Number (TN) 2016002 as an Access IP Switch and Non-Assured Services Local Area Network (Non-ASLAN). Both Interoperability (IO) certification and Cybersecurity (CS) testing were completed at a DISA Test Center of Excellence (TCOE).

About The DoDIN APL

About Schweitzer Engineering Laboratories, Inc.

SEL specializes in creating digital products and systems that protect, control, and automate power systems around the world. This technology prevents blackouts and improves power system reliability and safety at a reduced cost. A 100 percent employee-owned company headquartered in Pullman, Washington, SEL has manufactured products in the United States since 1984 and serves customers worldwide.