Embedded Security Capabilities

TELEGRID’s recognized capabilities in the field of Embedded Security are the product of 30+ years’ experience in design, development and production of embedded systems used, primarily, in voice and data encryption, secure unified communications and management of networked encryptors.   This experience led to the development, by the company, of the Embedded Security Framework (ESF), a structured collection of encryption and authentication modules designed to accelerate the design and development of embedded security systems.  In 2018, the Framework won the important Cyber Security Excellence Award.

Cybersecurity Excellence Awards Gold Medal Winner

The Framework was developed in line with DISA’s Secure Technical Implementation Guides (STIGs).  It includes a FIPS 140-2 compliant encryption engine as well as DoD approved mutual authentication methods (i.e., PKI).  This helps Government Engineers by speeding up the design of STIG compliant embedded systems. The Framework also includes all relevant documentation (e.g., FIPS 140-2 certificate, STIG questionnaire, etc.) which speeds up the certification process.  By incorporating security early in the development cycle product designers can eliminate late-stage redesigns thereby reducing cost and development time.  Additionally the Framework includes integration into centralized authentication services including RADIUS and LDAPS as well as support for Out of Band management via SNMPv3.

Embedded Security Framework Features

FIPS 140-2 Encryption

  • Ten Commandments of Embedded Software Security


    FIPS validated algorithms and modules

  • Pre-compiled FIPS 140-2 compliant applications (Apache, OpenSSH, OpenVPN, etc.)

Public Key Infrastructure (PKI)

  • CAC/PIV credential-enabling
  • LDAP Integration with Active Directory
  • PKI certificates for mutual authentication
  • Certificate loading and installation for upload into a DoD Certificate Authority (CA)
  • Configuration of a root of trust/ trust anchor to support chained certificate validation
  • Revocation checking – Online Certificate Status Protocol (OCSP) or Certificate Revocation Lists (CRL)

Centralized Authorization

  • System access validation via RADIUS, TACACS+ and Diameter

Developed in line with DISA STIGs

  • Reduces late-stage redesigns for non-STIG compliant encryption and authentication
  • Includes relevant documentation to speed certification

Embedded Security Framework Development Board

FIPS 140-2 Level 1 Compliance Yes
Public / private key pair generation / certificate signing request Yes
Symmetric Key Cryptography Yes
Hashing Yes
Random Number Generation Yes
IPSec Yes
TLS (version 1.1 minimum per NIST SP 800-52) Yes
SSH (v2)  Yes
NTPv3 / v4 compliant Yes
SNMPv3 / v2c Yes
Syslog Yes
Public Key Infrastructure (PKI)  
Supports Multiple Public Key Infrastructures Yes
Certificate revocation checking (OCSP and CRL) Yes
Supports PKI-based Two Factor authentication Yes
Authentication, Authorization, Accounting (AAA)
Supports Centralization Authentication and Authorization Yes
802.1x Support Yes
Audit log / trail Yes
Social Media Auto Publish Powered By : XYZScripts.com