U.S. Federal JITC certification: Everything you need to know

Ava’s cyber security solution, Ava Reveal, has successfully completed certification testing with the Defense Information Systems Agency’s (DISA) Joint Interoperability Test Command (JITC). The JITC certification allows our product to be added to the Department’s Approved Products List (APL) and is significant for our Federal customers, as well as commercial organizations, as it validates the security of our solution and also enables the procurement of a solution that can help combat growing insider threat issues. 

In this post, we’ll provide you with a deep dive rundown of JITC, including an explanation of why the JITC is important, and suggestions of how this certification impacts you.

The JITC certification is required to be listed on the APL. DoD organizations use this list of vendor solutions as a starting point for finding IT tools to meet mission critical needs. The certification means customers can be confident in our compliance with the relevant Security Technical Implementation Guides (STIG). As required by the process, we have also established a Military Unique Deployment Guide (MUDG) to ensure customers deploy the solution in compliance with organizational security requirements. Examples of organizations where the JITC Certification is essential: 

• Department of the Army
• Department of the Navy
• Department of the Air Force
• Office of the Secretary of Defense
• Inspector General

The JITC certification validates that the vendor product meets strict security requirements established by the U.S. Government and the DoD. The government has such high standards that non-Federal entities can trust that the product will also keep their organizations safe. We’re honored to have this seal of approval, which is a strong indication of a secure product that can further help detect and mitigate insider threats in the Federal Government.

At Ava we take security to heart. From our product direction and how we design, build and test our own products. We’re very open about our security process and want our customers to be confident in our products. Organizations like JITC help us provide our customers with the confidence that we’re building things the right way, without just having to take our word for it.

As part of a complete solution, Ava Security leverages or integrates with existing infrastructure services such as LDAP, SAML for authentication, and other critical logging tools to ensure end-to-end security and visibility. Certification testing with the JITC gave us the opportunity to demonstrate this capability. 

By being on the Department of Defense Information Network’s (DoDIN) Approved Product List (APL), we can double down on our investment in Federal, and provide them with the tools they need to continue the mission-critical work they’re doing in service to us all. This is only the beginning.

Ava Reveal, under its former name Jazz Networks, has successfully completed IA/CS testing. Ava Reveal is now certified by JITC and listed as an approved User Activity Monitoring (UAM) Cybersecurity Tool on the Approved Product List. The certification validates that we are able to serve the government in combating insider threats in a safe, secure, and effective manner. 

At Ava, we have a strong culture of security and continuous improvement. Hiring key talent from the beginning has ensured that our products are built with Federal requirements in mind, which ultimately helped ensure a straightforward evaluation and certification process. Ava Federal, a separate entity part of the Ava family, has developed strong relationships with government partners and agencies and continues to build on those relationships by helping them meet mission-critical goals in enhancing user monitoring and ensuring data security.

The certification process required working with JITC, our partners, and sponsors within DISA. Ava Federal was able to complete certification testing within a short amount of time, despite the many restrictions in place due to COVID-19.

Ava Reveal won the U.S. Cyber Command insider threat competition in early 2019 against some of the top insider threat, EDR, UBA, and SIEM vendors. 

The insider threat event sought to identify security solutions that employed advanced, real-time analysis of multiple data sources for anomaly detection, specifically those that offered both predictive monitoring and policy-based monitoring features. For every attack, the participants were evaluated across many different dimensions, including “time to respond”, “fullness of context”, and “innovative methods used”.

Ava Reveal is compliant with the NITTF CNSSD 504 and meets key UAM requirements defined within the document, including keystroke monitoring, full application content, screen capture, file shadowing for all lawful purposes, and attributing all collected data to a specific user.