On July 18th, DISA released a final memo regarding the DoDIN APL. Although brief, the subject of the document was to announce that the DoDIN APL, as it is known today, is going to sunset (cease to exist).
The following dates were referenced within the memo:
- The APL program will be sunset on September 30, 2025
- All testing will be completed by December 31, 2025
- DISA will maintain the repository of approved DoDIN APL products through FY 2026
- Any work that cannot be completed by that time will be returned to the vendor
- Moving forward, cybersecurity requirements will transition to the DISA RME Vendor Security Technical Implementation Guides (STIG) program
- Interoperability (IO) requirements will be identified by a soon to be updated Unified
Capabilities Requirements (UCR)-CORE document and enforced through
contractual provisions
Although this is a big change, the new direction indicates aspects of the program will remain – the most notable being STIG authoring and or testing.
This shift in the program means developing a plan and strategy to address compliance/security requirements for the DoD is now arguably more important without the APL to backup vendor claims through listings. Areas like FIPS 140-3, Common Criteria (EAL), STIG compliance, UCR conformance, etc. will be critical. These certifications will likely become increasingly relied upon as proof of security and testing by a Government program now that the DoD won’t have its own.
The time to complete STIG work (which should continue to be required for DoD sales) will be reduced and the cost will drop as well. Corsec believes it will take time for all the military agencies and offices to become aware of the change that occurred over the past few weeks. As such, it is important to talk to your customers and prospects directly.
If you would like to speak directly with a member of our team, set a time to talk to our experts.
About The DoDIN APL
For 15 years, the DoDIN APL represented the agency’s master list of secure, trusted, and approved technology infrastructure products. The DoDIN APL was developed in an effort to maintain a single consolidated list of products that have completed Interoperability (IO) and Information Assurance (IA) / Cybersecurity (CS) certification. Getting a product included on this coveted list involved a rigorous 39-step process overseen by the Approved Products Certification Office (APCO). This laborious and often confusing process involved the submission of a series of properly completed forms and product documentation, attainment of prerequisite validations, and adherence to strict scheduling guidelines and interdependencies.
About Corsec Security, Inc.
For over 27 years, Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.
###
Connect With Us:
Stay up to date with Corsec as we bring you all the most recent updates to the standards, certifications, and requirements – Subscribe
Press Contact:
Jake Nelson
Corsec Director of Marketing
jnelson@corsec.com