On July 18th, DISA released a final memo regarding the DoDIN APL. Although brief, the subject of the document was to announce that the DoDIN APL, as it is known today, is going to sunset (cease to exist).

The following dates were referenced within the memo:

• The APL program will be sunset on September 30, 2025
• All testing will be completed by December 31, 2025
• DISA will maintain the repository of approved DoDIN APL products through FY 2026
• Any work that cannot be completed by that time will be returned to the vendor
• Moving forward, cybersecurity requirements will transition to the DISA RME Vendor Security Technical Implementation Guides (STIG) program
• Interoperability (IO) requirements will be identified by a soon to be updated Unified
  Capabilities Requirements (UCR)-CORE document and enforced through
  contractual provisions

Although this is a big change, the new direction indicates aspects of the program will remain – the most notable being STIG authoring and or testing.

This shift in the program means developing a plan and strategy to address compliance/security requirements for the DoD is now arguably more important without the APL to backup vendor claims through listings. Areas like FIPS 140-3, Common Criteria (EAL), STIG compliance, UCR conformance, etc. will be critical. These certifications will likely become increasingly relied upon as proof of security and testing by a Government program now that the DoD won’t have its own.

The time to complete STIG work (which should continue to be required for DoD sales) will be reduced and the cost will drop as well. Corsec believes it will take time for all the military agencies and offices to become aware of the change that occurred over the past few weeks. As such, it is important to talk to your customers and prospects directly.

​​​​​​​If you would like to speak directly with a member of our team, set a time to talk to our experts.

For over 27 years, Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

Corsec would like to congratulate our partner, Cloud Software Group (CSG), formerly Citrix, on completing the DoDIN APL process for their NetScaler MPX 9100 FIPS and 8900 FIPS solution.  To achieve this milestone, CSG partnered with Corsec, both teams working to harden the product against security requirements for STIG testing, CAC compliance, and IPv6.

The platform is listed under Tracking Number (TN) 2412201 as a Cybersecurity Tools (CST). Both Interoperability (IO) certification and Cybersecurity (CS) testing were completed at a DISA Test Center of Excellence (TCOE).

For more on the listing process, visit the DISA Approved Products List and for more information on engineering your product to meet federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

The DoDIN APL represents the agency’s master list of secure, trusted, and approved technology infrastructure products. The DoDIN APL was developed in an effort to maintain a single consolidated list of products that have completed Interoperability (IO) and Information Assurance (IA) / Cybersecurity (CS) certification. Getting a product included on this coveted list involves a rigorous 39-step process overseen by the Approved Products Certification Office (APCO). This laborious and often confusing process involves the submission of a series of properly completed forms and product documentation, attainment of prerequisite validations, and adherence to strict scheduling guidelines and interdependencies.

For over 27 years Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

Corsec would like to congratulate our partner, Schweitzer Engineering Laboratories, Inc. (SEL), on completing the DoDIN APL process for their SEL-2700 Series Software Defined Network (SDN) Switches and SEL-5056 Flow Controller.  To achieve this milestone, SEL partnered with Corsec, both teams working to harden the product against security requirements for STIG testing, CAC compliance, and IPv6.

The platform is listed under Tracking Number (TN) 2016002 as an Access IP Switch and Non-Assured Services Local Area Network (Non-ASLAN). Both Interoperability (IO) certification and Cybersecurity (CS) testing were completed at a DISA Test Center of Excellence (TCOE).

For more on the listing process, visit the DISA Approved Products List and for more information on engineering your product to meet federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About The DoDIN APL

The DoDIN APL represents the agency’s master list of secure, trusted, and approved technology infrastructure products. The DoDIN APL was developed in an effort to maintain a single consolidated list of products that have completed Interoperability (IO) and Information Assurance (IA) / Cybersecurity (CS) certification. Getting a product included on this coveted list involves a rigorous 39-step process overseen by the Approved Products Certification Office (APCO). This laborious and often confusing process involves the submission of a series of properly completed forms and product documentation, attainment of prerequisite validations, and adherence to strict scheduling guidelines and interdependencies.

For over 27 years Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

###

###

###

Corsec would like to congratulate our partner, SolarWinds Inc., on completing the DoDIN APL process for their platform.  To achieve this milestone, SolarWinds partnered with Corsec, both teams working to harden the product against security requirements for STIG testing, CAC compliance, and IPv6.

The platform is listed under Tracking Number (TN) 2334801 as a Element Management System (EMS).  Both Interoperability (IO) certification and Cybersecurity (CS) testing were completed at a DISA Test Center of Excellence (TCOE).

For more on the listing process, visit the DISA Approved Products List and for more information on engineering your product to meet federal and regulated industry security requirements, schedule time to speak to a Corsec engineer.

About The DoDIN APL

The DoDIN APL represents the agency’s master list of secure, trusted, and approved technology infrastructure products. The DoDIN APL was developed in an effort to maintain a single consolidated list of products that have completed Interoperability (IO) and Information Assurance (IA) / Cybersecurity (CS) certification. Getting a product included on this coveted list involves a rigorous 39-step process overseen by the Approved Products Certification Office (APCO). This laborious and often confusing process involves the submission of a series of properly completed forms and product documentation, attainment of prerequisite validations, and adherence to strict scheduling guidelines and interdependencies.

SolarWinds was founded by IT professionals solving complex problems in the simplest way, and have carried that spirit forward since 1999. Their digital agility solutions are built to help companies of any size accelerate business transformation today and into the future.

For over 26 years Corsec has assisted companies through the IT security certification process for FIPS 140-2 / FIPS 140-3, Common Criteria (CC), CSfC, and the DoD’s APL. We are a privately owned company focused on partnering with organizations worldwide to assist with the process of security certifications and validations. Our certification methodology helps open doors to new markets and increase revenue for clients with products ranging from mobile phones to satellites. Our broad knowledge safeguards against common pitfalls and thwarts delays, translating to a swift and seamless path to certification. Corsec has created the benchmark for providing business leaders with fast, flexible access to industry knowledge on security certifications and validations.

###

###

###

###