A "Security-First" operating system
Cybersecurity hardened Linux based operating system for securing embedded controllers
Puts SECURITY FIRST!
Prioritize mission requirements and build on a clean, stable, and secure foundation.
- Applies recognized industry security standard frameworks
- Includes a pro-configured bootloader, operating system kernel, and a powerful set of security and customization tools
- Leverages the same technology used to protect terrestrial-based services
- Can be tailored for custom requirements
Click any tab for more information:
Security
National Institute of Standards and Technology is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness.
Common Vulnerabilities and Exposures identify and associate potential impact to confidentiality, integrity, and availability.
National Vulnerability Database is a centralized collection of CVEs enabling automated detection and reporting as well as streamlining mitigations and remediations.
Security Content Automation Protocol is a cybersecurity protocol that standardizes how to communicate information about security configurations and software flaws.
OpenSCAP provides multiple tools to assist administrators and auditors with assessment, measurement, and enforcement of security baselines.
Integrity
Software Bill of Materials is a comprehensive list of all the software components, dependencies, and metadata associated with an application.
A kernel level function using a cryptographic digest to continuously validate and alert on any change to the underlaying OS.
System Package Data Exchange an open SBOM standard, aimed at interoperability, to transparently list components, licenses, copyrights, security references, and other metadata.
Chain of trust is established using public-key cryptography, validating the integrity of each component.
Trusted sources, such as certificate authorities, ensure a secure foundation and provide disk encryption, secure boot and file integrity.
Linux distribution with a read-only core system in which the base operating system, once installed, cannot be modified during regular use.
Manageability
Yocto is an open-source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture.
Mender is an open-source, over-the-air (OTA) update manager for IoT and embedded Linux devices. Its client-server architecture enables the central management of software deployments.
New images are deployed via Mender, which are staged to an inactive partition (A/B).
An alternative image (A/B) enables an easy recovery from incomplete, corrupted, and other undesired states.
If part of the upgrade cannot be completed, the OS image is able to roll back to the state the system was in before starting the upgrade process.
Copyright © 2024 | 21 Software