Skip to Primary Menu Skip to Utility Menu Skip to Main Content Skip to Footer
Noname Security enters into agreement to be acquired by Akamai
Learn more
Noname Security Logo

STIGs, FIPS, ZT, and API Security

Dean Phillips
Share this article

Leading by Example

The United States has been a leader in information technology for decades, and the U.S. government has been a major driver in that arena from the start. Considering the sensitivity of data shared between agencies, as well as how lucrative that data is to cybercriminals, the government realized early on that it needed strong security standards to protect itself from malicious actors. Hence, the formation of the Federal Information Processing Standards (FIPS) and Security Technical Implementation Guides (STIGs).

FIPS and STIG standards are intended to make government systems as secure as possible, requiring agency and department compliance to achieve system accreditation.  But as threats change, cybersecurity requirements must adapt. Executive Order 14028, Improving the Nation’s Cybersecurity, was the federal government’s latest effort to increase security by driving a government-wide emphasis on Zero Trust (ZT).

Subsequently, the Defense Information Systems Agency (DISA) and the Cybersecurity and Infrastructure Security Agency (CISA) both produced a ZT reference architecture to implement EO 14028. These new roadmaps don’t negate FIPS and STIG compliance, they add to the list of things agencies need to address.

How API Security Affects Compliance

Of the newly added requirements, securing APIs is of particular interest. This means agencies should have complete visibility of their API landscape, an accurate inventory of API and data types, as well as security controls in place to detect anomalies and thwart attacks. It also means having testing mechanisms implemented during the DevOps process to uncover API vulnerabilities and design flaws before production.

When you think about the explosive growth of applications and device proliferation over the years, APIs are the common denominator for communications, enabling agencies to connect and share information collectively and with constituents. But API security hasn’t kept up with the increasing reliance on them. As evidence, Cloudflare publicly confirmed that API calls are growing twice as fast as HTML traffic, making APIs “an ideal candidate for new security solutions aimed at protecting customer data.” The other unfortunate reality is that APIs cannot inherently be trusted in a ZT environment. Therein lies a predicament. But, there is a solution – Noname Security’s hardened virtual appliance.

Meeting Unique Public Sector Requirements for API Security

Noname’s hardened virtual appliance provides a FIPS-enabled solution for on-prem, cloud or hybrid deployments that adheres to STIGs and meets the unique needs of public sector agencies. We provide a comprehensive solution across the lifecycle of APIs while addressing the visibility and security requirements under the new ZT roadmaps. Ultimately, agencies receive a programmatic approach to API security that will help them address vulnerabilities in a cost-effective manner.

Noname Security is committed to protecting our customers’ sensitive data as it is the lifeblood of their operations. Our hardened virtual appliance helps do that in the most restrictive environments and should be a key component of any agencies’ ZT implementation. For agencies looking to address these CISA or DISA requirements for API security while maintaining system accreditation, partnering with Noname Public Sector provides the solution you need.