RMS for a Government Contractor

Hello All,

I have a bit of a dilemma. I am currently piloting RMS 4.1 at my facility, the Johns Hopkins University Applied Physics Laboratory, and I've hit a wall in regards to the approval process. We are currently piloting RMS, in an unclassified environment. We would like to take the pilot into a dual enclave environment, however due to security concerns we must prove our solution will work to our in house security folks as well as the Defense Systems Security Reps (DSS). We have designed a solution that would work within a Red/Black environment using RS232 communication, however explaining this method communication to security is easier said than done. Our in house security folks suggested if we were to find another government CONTRACTOR that is already using this technology; it would be a “shoe-in” approval process for us. However, I understand calling these other agencies might not be the best approach, so I was hoping someone online would be able to provide some insight as to if this solution or technology has been implemented within another government contractor facility before. Please contact me if you know of a case!

I've had several AMX Sales engineers very confused by this, and tried to explain how it has been implemented within the government, and do not see the concern. Unfortunately, since we are a contractor, we are held to higher standards than any other government agency. Examples of government contractors are us JHUAPL, Northrop Grumman, Boeing, Rathyeon, etc. We simply need some form of documentation stating this software has been implemented in another government contractor institution. A letter from DSS would suffice.

Please help!

Comments

  • I implement AMX systems (including RMS servers) in TS/SCI and higher environments all the time. Residing on the JWICS, SIPR, NIPR, IDISS and SIMS networks. Clients from NSA, CENTCOM, SOCOM, WHCA, WHMO, Whitehouse itself, Dept of State, ... the list goes on, this is all my company deals with.

    Many of those contractors you mentioned use the same amx and cre$tron hardware and software daily.. others include, BAE, Harris, CACI, FGS, Booz Allen.., etc..

    We aren't limited to Serial communications either.. I use IP communication between devices on top side networks inside of scifs.
  • mjones2620mjones2620 Junior Member Posts: 86
    I implement AMX systems (including RMS servers) in TS/SCI and higher environments all the time. Residing on the JWICS, SIPR, NIPR, IDISS and SIMS networks. Clients from NSA, CENTCOM, SOCOM, WHCA, WHMO, Whitehouse itself, Dept of State, ... the list goes on, this is all my company deals with.

    Many of those contractors you mentioned use the same amx and cre$tron hardware and software daily.. others include, BAE, Harris, CACI, FGS, Booz Allen.., etc..

    We aren't limited to Serial communications either.. I use IP communication between devices on top side networks inside of scifs.

    You say "inside" of scifs and on these networks, but what we are trying to create is an RMS between equipment that can operate in either classified or unclassified environments... so equipment that could be displaying classified material at once instance, could be unclassified next. We would want to always be able to control RMS from an unclassified network location, which poses the problem. Even though the technology would prohibit screen shots or anything leaking, it still cannot be proven risk free without documentation that it's been done elsewhere. Understand my dilemma now?
  • GregGGregG Just some guy... Posts: 249
    I'm not certain there is a simple way this could be done without RMS itself being secured at the highest level.

    Take a simple example where you use the amx master to swap VTC IP information and a network opto-isolator.

    I've done this with a un-networked AMX masters in the room and the code was written such that the programmer would not need to ever know the IPs involved, but with unclassified external IP access to that AMX master it would be a simple matter to show those VTC IPs (or destination called IPs) out on the RMS console.


    Edit: Oops, this is pretty much your original idea, and no I have never tried it or gotten it approved

    This could maybe get certified with some amount of re-transmitting and sanitizing data from one master to another and then having that master represent the actual devices with limited virtual devices which are added on the RMS console somehow.
  • mjones2620mjones2620 Junior Member Posts: 86
    Any update on this?

    Just curious if anyone has seen this implemented since my last post?
  • mjones2620mjones2620 Junior Member Posts: 86
    Update

    Has anyone heard of this being deployed at any Government Contractor facility?
Sign In or Register to comment.