Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
SBIR Success Story: Object Security LLC
1855 First Ave., Ste 103
San Diego, CA 92101
Contact: Ulrich Lang
Phone: 650-515-3391
E-Mail: Ulrich.lang [at] objectsecurity.com (Ulrich[dot]lang[at]objectsecurity[dot]com)
Website (Optional): https://objectsecurity.com/
Project Title: Automated Access Control Policy Testing System (A-ACPTS)
NIST Award: 70NANB16H192
Technology Developed: Using proven information modeling formal testing techniques, OpenPMF Security Policy Auditor™ (https://objectsecurity.com/products/openpmf-auditor/) analyzes information about your technical security policies and your IT environments. OpenPMF Security Policy Auditor™ includes access to the OpenPMF Security Policy Auditor™ cloud service, and to ObjectSecurity’s professional services. It is designed to be rapidly customizable to fit to your particular audit/test requirements and IT landscape. The OpenPMF Security Policy Auditor is used in 4 phases: Import Information; Author requirements; 3. Test security policy requirements; 4. Visualize and document results.
Key Words: Policy, auditing, access control, testing
Uses of Technology/Products/Service: OpenPMF Security Policy Auditor (https://objectsecurity.com/products/openpmf-auditor/) gives you consolidated visibility into your technical security policies. It provides guidance where to focus your Cybersecurity efforts, and helps you document Cybersecurity for audit & compliance. Using proven information modeling formal testing techniques, OpenPMF Security Policy Auditor™ analyzes information about your technical security policies and your IT environments. OpenPMF Security Policy Auditor™ includes access to the OpenPMF Security Policy Auditor™ cloud service, and to ObjectSecurity’s professional services. This makes OpenPMF Security Policy Auditor an easy-to-use solution that can involve you as much or little as you prefer. It is designed to be rapidly customizable to fit to your particular audit/test requirements and IT landscape. (1) Easy to use interface (GUI) that makes it easy to import, author, analyze, test and export security policy rules. (2) Avoid the pitfall en huge risk created by manually authoring policies. (3) Detect potential errors, mistakes and vulnerabilities in your policies to prevent hackers form moving around your it. (4) Reliable Return on Investment and low deployment and maintenance costs. (5) Fast and extremely cost-effective evaluation of your access control policies. The OpenPMF Security Policy Auditor is used in 4 phases: 1. Import Information: Import and consolidate security policy information from many sources, such as networks, systems, applications, identity & access systems etc.2. Author requirements: Author your audit/test security policy (Access Control) requirements in generic, intuitive, and rich concepts, using terms you choose.3. Test security policy requirements: Automatically test your test requirements against the imported information using formal methods4. Visualize and document results: Intuitively visualize the test results and create documentation. Alternatively, it can be used with OpenPMF Security Policy Automation.
Benefit to Company: OpenPMF Security Policy Auditor gives you consolidated visibility into your technical security policies. It provides guidance where to focus your Cybersecurity efforts, and helps you document Cybersecurity for audit & compliance. It helps identify security risks.
Technology’s Impact on Company’s Growth: Strategic
How Product was Commercialized: ObjectSecurity embedded the technologies developed during this projects into our existing OpenPMF product, allowing us to rapidly commercialize.
Object Security had several OpenPMF deployments in 2018 where the Auditor is also deployed.