| Section | Requirement | Fortanix Solution | How Fortanix Helps |
|---|---|---|---|
| Operationalizing Transparency and Security in ThirdParty Software Supply Chains |
• Secure software development practices • Machine-readable attestations and artifacts |
Data Security Manager (DSM) | Fortanix DSM delivers full key lifecycle management, code signing, and secrets management to help ensure only verified and trusted software is deployed. DSM can integrate with CI/CD pipelines to automate secure signing processes, track key usage, and generate audit logs, so agencies now can validate software provider attestations and have evidence of compliance with secure software development practices. |
| Improving the Cybersecurity of Federal System |
• Phishing-resistant authentication • Enhanced threat detection |
Data Security Manager (DSM) | DSM continuously monitors cryptographic operations, while REST APIs enable integration with SIEM tools to give administrators real time alerting for suspicious cryptographic activities. DSM offers visibility into crypto assets usage patterns to help detect anomalies indicative of cyber threats. |
| Securing Federal Communications | Encryption for DNS | Data Security Manager (DSM) | DSM integrates with firewall vendors to encrypt the TLS with keyless SSL and manages the encryption keys and certificates used in Transport Layer Security (TLS) 1.3 protocols. |
| Encryption for Email, Video and instant messages | DSM delivers Bring Your Own Key functionality for any cloud and SaaS provider to give agencies complete control over data. DSM also supports Client-Side Encryption for Google Workspaces and helps drive ITAR compliance. | ||
| Quantum-Resistant Cryptography | DSM supports all the post-quantum cryptography (PQC) algorithms recommended by NIST as part of the Commercial National Security Algorithm Suite (CNSA) 2.0, including ML-KEM, ML-DSA, SHA, AES, XMSS, LMS. Agencies can now gain cryptographic agility to ensure future quantum resiliency. | ||
| Hardware Security Modules, Trusted Execution Environment (TEE) and other isolation technologies | Data Security Manager (DSM) Fortanix HSMs built on Intel SGX Confidential Computing |
DSM centralizes encryption key lifecycle management for onpremises, multi-cloud, and hybrid environments, eliminating data siloes and simplifying auditing and control. Keys are securely stored in natively integrated FIPS 140-2 Level 3 (soon FIPS 140-3 Level 3) validated HSM. DSM is the only data security platform to leverage TEEs through its Confidential Computing technology, bolstering security for cryptographic keys and access tokens to protect them even while in-use |
|
| Solutions to Combat Cybercrime and Fraud | Digital Identity Documents | Data Security Manager (DSM) | DSM secures cryptographic keys, credentials, and certificates used in issuing and verifying digital identity documents, ensuring their authenticity and integrity. |
| Promoting Security with and in Artificial Intelligence | Enhancing cyber defense and secure AI systems | Confidential Computing Manager (CCM) Data Security Manager (DSM) |
CCM secures data and applications in Trusted Execution Environments (TEEs), protecting AI models and data as it’s actively used. CCM ensures the confidentiality and integrity of the AI systems, while DSM secures the cryptographic keys used in AI-generated code to mitigate risks associated with insecure AI coding practice |
| Aligning Policy to Practice | Zero Trust Architecture | Data Security Manager (DSM) |
DSM supports MFA, OTP, and enforces fine-grained RBAC and Quorum Approvals to limit access and allow only authorized and privileged applications or users to de-crypt the data. Key access and usage are monitored through real time audit logs to ensure adherence to policie |
| National Security Systems and Debilitating Impact Systems | Hardware Roots of Trust | Data Security Manager (DSM) |
DDSM features natively integrated FIPS 140-2 Level 3 validated HSMs. The platform is built on Confidential Computing, thus providing a Trusted Execution Environment for a hardware root of trust for secure booting and cryptographic operations. |
| Additional Steps to Combat Significant Malicious CyberEnabled Activities | Critical Infrastructure Protection | To elevate resilience against cyberattacks, DSM secures encryption keys and certificates used in critical infrastructure systems in natively integrated FIPS 140-2 Level 3 validated HSM. Audit logging service provides real-time insights into key usage, helping detect and respond to unauthorized access attempts. |
