Information Assurance

We ensure that even the most remote users can access the benefits of protected internet-enabled technologies

As a long-time trusted partner to the U.S. government, Inmarsat Government has established a template for operating Department of Defense (DoD) networks out of commercial teleports worldwide. Our approach is a benchmark for successful DoD/industry collaboration.

As the DoD information assurance guidance has evolved, we have engineered, implemented and maintained mitigation methods to address potential points of exploitation. These methods include a combination of physical and network security at our teleport facilities, and many of our recommendations – such as fencing, access controls and system monitoring – have been replicated to maximize the protection level for other military networks.

We have designed and manage all access to secure enclaves at many of our worldwide teleports. These secure enclaves are only accessible by authorized military personnel and are built to Mission Assurance Category (MAC) I specifications, capable of Red/Black communication processing.

We recognize the risks associated with utilizing weak cryptography methods when processing Tracking, Telemetry and Command (TT&C) commands. Accordingly, government-approved encryption of the TT&C uplink plays a key role in determining which satellites are chosen for our customer networks. Our solutions utilize satellites which meet the most stringent security requirements by using government-approved cryptography on the command links. This encryption ensures that the control over the satellite remains in the correct hands of the appropriate satellite operators.

Through our in-depth expertise and experience supporting accreditation/authorization efforts with our customers, we understand the entire Assessment and Authorization (A&A) process. Our skilled team knows exactly what it takes for our managed programs to achieve and sustain an Authority to Operate (ATO). We have generated the complete Risk Management Framework (RMF) authorization package for our military customers, ushering this package through the assessment process up to an ATO award under RMF.

We provide guidance to our government customers in assigning the proper Confidentiality, Integrity and Availability levels in accordance with the Committee on National Security Systems Instruction (CNSSI) 1253. Our expert staff can assist with tailoring the applicable security controls, ensuring all required overlays are included. Inmarsat Government can participate in all A&A activities, including developing the Security Authorization Package; generating detailed diagrams and compliant policy creation; as well as establishing and continued management of the Enterprise Mission Assurance Support Service (eMASS) instance. We routinely review the RMF Knowledge Service online in the interest of using the latest policies, templates, and instructions.

After the authorization process is completed, Inmarsat Government conducts continuous monitoring of the managed system, adhering to all RMF requirements. We continually audit the security of authorized and managed networks through automated means, as well as human interaction. System security is maintained and verified in numerous ways, including adhering to updates to applicable Security Technical Implementation Guides (STIGs); conducting automated device vulnerability scans daily; reviewing the security team bi-weekly; completing Information Assurance Vulnerability Alert (IAVA) program compliance; and updating anti-virus/threat signature daily, where applicable.

Inmarsat Government’s Information Assurance/Cyber team possesses the requisite certifications which demonstrate expertise in the Cyber and A&A realm, including the Certified Information Systems Security Professional (CISSP) and Certified Authorization Professional (CAP).