Meeting Federal Architecture Requirements

Posted on

Federal IT projects that go out to tender are required to select bids that deliver the least cost technically acceptable solution. The Federal requirements included in network and application-centric procurements include several technology items that have to be delivered. Kemp completed certification on all of the Federal requirements in the 2nd half of 2018.

Kemp LoadMaster delivers on all of the specific requirements at a lower cost than other load balancer options available, and therefore Kemp LoadMaster not only provides the best load balancer and application experience on the market but is also the least cost technically acceptable option due to our competitive pricing model.

Load Balancing 101

Every application delivered to users over the web benefits from a load balancer. Some of the benefits provided by Kemp and LoadMaster include:

  • Security – Application level security to compliment Firewalls, IDS, and IPS systems.
  • Authentication – LoadMaster provides enhanced authentication via web form-based login, RADIUS integration, two-factor authentication, Common Access Card (CAC) and Personal Identification Verification (PIV) login, plus Kerberos Constrained Delegation (KCD) authentication.
  • Persistence – LoadMaster delivers client persistence across sessions via Cookies or Source IP.
  • Health Checking – continuous checking of networks and application servers to identify and route around any issues.
  • Load Balancing – provides the optimal client session spread over available servers using multiple algorithms and delivering the best application experience.
  • Global Load Balancing – spread connections across geographically dispersed application deployments to ensure resilience and the best application experience for clients irrespective of where they are.
  • Professional Services – three tiers of professional services are available to assist federal departments with their planning, deployments, and support in the future.

Federal Contracting Requirements

There are four named requirements related to the application and network services that any federal Contract bid response has to deliver to be compliant. Kemp LoadMaster delivers compliance for them all:

FIPS 140-2 Support

Federal Information Processing Standard (FIPS) Publication 140-2 is a standard maintained and issued by NIST that coverts the requirements for cryptography in both hardware and software. FIPS 140-2 support is mandated in Federal Contracts via the Federal Information Security Management Act (FISMA) which covers all unclassified information systems. This means that any procurement that requires encryption requires FIPS 140-2 support via a Federally approved solution.

All Kemp LoadMaster versions include FIPS 140-2 support in the core operating system. The Kemp solution is using the OpenSSL FIPS Object Model, FIPS Certificate #1747.

Homeland Security Presidential Directive-12 (HSPD-12)

HSPD-12 mandates that all unclassified information systems have to support authentication via a Common Access Card (CAC) or Personal Identification Verification (PIV) card. Both of these are smart cards that use X509 V3 PKI certificates for security and include an identity certificate and a digital login certificate for each user.

Kemp LoadMaster includes support for CAC and PIV in the core software. Support for login to the LoadMaster management interface (for those authorized to access it) and support for Kerberos proxying to CAC & PIV to allow authentication to back end applications is included. This fully meets the HSPD-12 requirements.

Domain Name System Security Extensions (DNSSEC)

A directive from the Federal CIO mandates support for DNSSEC. The requirement is designed to protect federal systems from DNS attacks. Both client-side DNS and server-side DNS are required to support DNSSEC in Federal procurements.

Client-side DNSSEC is included in all Kemp LoadMaster deployments as part of the core software. Server-side DNSSEC is also supported with the addition of the Kemp GEO add-on module that enables multi-site global load balancing.

DoD Unified Capabilities Approved Products List (UCAPL)

The Department of Defense maintains a list of approved products that bid responses to DoD procurements must be on. To be on the list requires UCAPL Certification.

Kemp completed UCAPL certification in February 2016 and received a three-year accreditation. The accreditation covers all LoadMaster versions currently available.

Call to Action

Responding to a Federal Contract procurement requires that all the technical requirements are met and that the costs are kept as low as possible to deliver the least cost technically acceptable solution. Kemp LoadMaster is the best choice to deliver on the mandated requirements outlined in this article, and at the lowest price. If you want to win Federal business, then include Kemp in your responses. Contact us today so we can partner with you and win new business together.

Posted on

Mike Bomba

Mike Bomba has worked within the Department of Defense for over 35 years. He is currently KEMP Technologies Federal Solutions Architect. Mike has held various leadership roles over a 35 year career in the Department of Defense including; Chief of Integration, Director of Projects, Plans and Architecture, Director of Projects and Engineering, Director, Operational Engineering Directorate, U.S. Army Network Enterprise Technology Command and 6 years as an officer in the U.S. Army signal community. Immediately prior to Mike joining KEMP, he served as Riverbed Technology's Senior Solutions Architect for Department of Defense (DoD).