Department of Defense Information Network (DoDIN) Approved Products List (APL): What is it and Why it Matters
This is the second of a four-part security blog series covering why ScienceLogic is listed in the DoDIN APL catalog, what this means for monitoring critical IT infrastructure, and why APL certification is relevant for all organizations. Part two is about what the DoDIN APL is and why it matters to both government and non-government organizations.
The role of the U.S. government as a major consumer of enterprise technology hadn’t gotten much attention, until the last few years. It would be easy to assume that selling and integrating technology in federal environments was not a focus for technology vendors, or that federal enterprises were the exclusive realm of a handful of big tech players.
The reality is that the federal government marketplace is highly competitive, with some of the world’s most interesting technology environments, just like many commercial enterprises. On its own, the Department of Defense (DoD) is an example of just how vibrant—and challenging—the federal marketplace can be.
The Biggest on Earth—and in Space
The DoD is the largest employer in the world, with over 2.9 million military and civilian employees, and with 4,800 physical locations in 160 countries—and in space—backed by an annual national defense budget of $740.5 billion. Its technology environment, the Department of Defense Information Network (DoDIN), is a global technology infrastructure managed largely by the Defense Information Systems Agency (DISA).
The scope of DISA’s purview is vast, including:
- 180,000 mobility users
- 2.1 million email accounts
- 2,500 user applications
- 17,000 circuits
- 100s of services and capabilities
DISA supports the Executive Branch as well as the DoD, and in addition to its routine IT operations, the data flow within its networks includes classified information and communications in combat theaters. Its operations are a textbook definition of the term “mission critical.” Reliability and security are essential, and so, while much of the DoDIN estate is made of technology that has been proven over years of service, new and innovative technologies are vital to successfully executing the department’s mission.
DoDIN APL – Not for Beginners
There is a rigorous process that guides what technologies can be integrated into the DoD’s massive network. That process, known as the Unified Capabilities Framework (UCF), ensures high standards of cybersecurity and interoperability across the scope and lifecycle of products. The UCF governs how the DoD certifies, connects, operates, and continuously monitors IT in their networks.
Because of the DoDIN’s strict security and interoperability requirements, DISA maintains a single catalog of products certified and pre-approved for purchase. That catalog is known as the Approved Products List (APL), and if a product isn’t included in the APL, you’re not likely to find it in an operational DoD environment.
Three Phases of the DoD IT Lifecycle
Getting certified for the APL is the first of three steps mandated by policy. The three steps are:
- CERTIFY: technology vendors, in collaboration with DISA, perform thorough cybersecurity and interoperability certification tests. If a product passes, it is placed on the Approved Products List (APL), a single, consolidated list of certified products from which DoD Components can buy.
- TEST/CONNECT/OPERATE: Once a product is procured, individual DoD components perform tests similar to those which were performed in the DoDIN APL testing process to meet site connection and operational requirements for their specific location. Once a product passes these tests, approval to connect then operate on the DoDIN is granted.
- MAINTAIN/SECURE: Once a product is connected and operational, DoD components perform upgrades and maintenance for the life of the product to meet ongoing security requirements.
Given the size and complexity of the DoD infrastructure, and the challenges associated with maintaining maximal DoDIN health, availability, and reliability, it was crucial for ScienceLogic to invest in the process necessary to certify our SL1 AIOps platform for inclusion on the APL. Beyond the market opportunity, ScienceLogic recognizes the importance of playing a role in supporting the mission of the DoDIN in defending our national interests.
ScienceLogic SL1: A Recognized Leader
ScienceLogic is recognized as an AIOps leader by respected technology analyst firms including Gartner, Forrester, and EMA. We’ve invested a great deal of resources in engineering an IT Operations monitoring platform that meets the challenges in operating the biggest, most complex environments in IT—including the DoDIN.
Our confidence that SL1 is the best AIOps platform available is high, as reflected by its ability to integrate with both the extensive legacy systems and state-of-the-art technologies that constitute the DoDIN. SL1 meets the DoDIN’s high standards, enabling a level of resiliency consistent with the DoD’s global mission, and supporting security that is integral to the platform which enhances the DoDIN’s overall security posture. In fact, ScienceLogic was the first IT operations monitoring platform to earn APL certification and has been listed in the catalog since 2014.
ScienceLogic continues to invest in maintaining that privilege, putting SL1 through DISA’s rigorous process for listing on the APL, including third-party penetration testing. This commitment is reflected in the number of defense agencies that rely on ScienceLogic as a key component in maintaining the reliability, efficiency, and availability of their networks. These include the Department of the Navy, National Geospatial Intelligence Agency, Joint Communications Support Element, and many other federal agencies.
Upholding the Highest Standards
When it comes to meeting and upholding the standards necessary for APL certification, and for maintaining the trust of the DoD, there is no room for compromise. Earlier this year the consequences of failure were shown when many federal agencies and private sector organizations were affected by a digital supply chain attack launched through a vendor providing IT infrastructure management software. The attack was described by one member of Congress as “a grave risk to federal, to state, to local governments, to critical infrastructure, to the private sector.”
In response, the federal government made the integrity of federal IT infrastructure a priority, and the White House issued an Executive Order on Improving the Nation’s Cybersecurity. ScienceLogic echoes the need to bolster the security, resiliency, and reliability of the systems on which the country relies. And as we have since 2014, we stand ready to do our part to improve and secure our nation’s critical IT infrastructure.
For more information on DoDIN, DISA, APL, and how ScienceLogic helps meet the federal government’s rigorous cybersecurity and interoperability requirements for its technology infrastructure, watch for part three of this four-part security blog series. And for more information, visit the ScienceLogic Trust Center.