Monkton Completes their Common Criteria Validation through the National Information Assurance Partnership (NIAP) Scheme out of the NSA

Share Article

Monkton completes their Common Criteria Validation through the National Information Assurance Partnership (NIAP) Scheme out of the NSA with Acumen Security - featuring the first NIAP Validated Enterprise mobile apps.

Rebar by Monkton

Rebar by Monkton

At this point, it comes down to the Government functional community asking its leadership, ‘why can’t we have new mobile and cloud enabled capability deploy in GFY18?’

Monkton Inc. has completed their Common Criteria Validation through the National Information Assurance Partnership (NIAP) Scheme managed by NSA for its "IA Docs Reinforced by Rebar" iOS native mobile app, evaluated by Acumen Security. IA Docs is the first ever enterprise mobile app to be validated against the NIAP Application Software Protection Profile v1.2 and Encryption Extension v1.0 Protection Profile, and can be listed on the Commercial Solutions for Classified (CSfC) Components list. 
 
"For Monkton, this achievement is twofold. First, we were able to validate that mobile apps developed on our Rebar platform can be taken through a third-party assessment against the NIAP baseline by an NSA authorized lab like Acumen Security." remarks Harold Smith III, Co-founder of Monkton. Following up Smith stated, "Second, IA Docs will be the first true CSfC enterprise mobile app that has dual layers of cryptography for both data at rest and data in transit. This is a watershed moment for mobility in National Security uses." 
 
"While we won’t say NIAP validation is an easy process, the expertise of Acumen, and the professionalism of the NSA NIAP Office, really helped us get through NIAP relatively quickly – we couldn’t have worked with a better lab to make this happen," adds Smith.

Rebar leverages SafeLogic's CryptoComply for its additional layers of cryptography - adding SafeLogic CEO Ray Potter, "With Rebar, Monkton is making significant strides in the federal deployment of mobile technology. It’s very exciting for the SafeLogic team to be part of that effort, as it strongly reflects our mission to streamline and accelerate FIPS 140-2 validation of encryption, the required benchmark for the public sector and building block for Common Criteria."
 
IA Docs is a mobile app that enables organizations to view documents stored in Amazon Web Services (AWS) S3 buckets. This enables users on a NIAP validated iPad or iPhone to access and store S3 content in any AWS environment, including their [AWS] recently announced support for FedRAMP Impact Level 6 (SECRET).
 
IA Docs was built on top of Monkton's Rebar. Rebar is a NIAP compliant development platform (SDK) that enables mobile developers to build native iOS and Android apps that comply with both the NIAP Application Software Protection Profile v1.2 and Encryption Extension v1.0 Protection Profile. Rebar insulates mobile developers from needing to fully understand complex security, policy, and PKI requirements when building mobile apps. Rebar enables them to focus on what mobile developers typically do exceptionally well: deliver modern mobile-first user experiences and code the business logic within the app to improve user efficiencies. Using Monkton’s Rebar platform, any organization can build and deploy a simple NIAP compliant native mobile app that supports PKI credentials within a single day. Then, optionally, organizations can take the NIAP Compliant apps they develop through a formal NIAP Validation, like Monkton with IA Docs.
 
Monkton Co-founder and COO, Chris Gorman follows "In order to deliver true mission mobility, you need end to end policy compliance from device to data source. In most cases, mobile apps are going to connect to either a Cloud Service Provider (CSP) or directly to a Government network/data center. Organizations can select CSfC approved mobile device like the iPad and FedRAMP IL 4/5/6 CSP p-ATO environments like AWS… the missing puzzle piece in the end to end compliance trust chain has been the security of the mobile app. The recent October DoD Memo mandating NIAP compliance for all COTS and GOTS mobile native apps that process or contain sensitive (Controlled Unclassified Information) data is absolutely a huge leap forward in providing the appropriate guidance to best safeguard against the ever-increasing rise of nation-state sponsored cyber-attacks,"

"Monkton’s successful NIAP validation of IA Docs is proof positive both NIAP compliance and formal NSA validation can be done, even by small companies," continues Gorman, adding on "When Monkton started our NIAP evaluation, we were pre-revenue at the time, but recognized NIAP to be a strategic investment and necessary requirement for anyone doing mobile work with the Government, and additionally benefiting regulated private industry as well. Rebar has recently been deployed on contract in the DoD in support of a new GOTS mobile app, and now we are validated with NIAP. It has been an exciting year for new accomplishments."
 
"2018 will be the year for mobility in the Government. This will be the year that Government moves beyond conversations about MDM, calendar, contact, and email, and so on to enabling real Government mission solutions through mobile - it is the year for Mission Mobility. With Monkton and Rebar, all the pieces are aligned and ready: the policy exists, the devices are certified and approved, the cloud infrastructure is certified and approved, and now the tools [Rebar] to build secure NIAP compliant mobile apps has been proven. Mission mobility projects should be planned in terms of months instead of years. At this point, it comes down to the Government functional community asking its leadership, ‘why can’t we have new mobile and cloud enabled capability deploy in GFY18?’" posits Smith.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Liza Colby
Monkton, Inc
+1 703-226-9035
Email >
Visit website