Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

SBIR Success Story: Object Security LLC

1855 First Ave., Ste 103
San Diego, CA 92101

Contact:  Ulrich Lang
Phone:  650-515-3391
E-Mail: Ulrich.lang [at] objectsecurity.com
Website (Optional): https://objectsecurity.com/

Project Title:  Automated Access Control Policy Testing System (A-ACPTS)

NIST Award:  70NANB16H192

Technology Developed:  Using proven information modeling formal testing techniques, OpenPMF Security Policy Auditor™ (https://objectsecurity.com/products/openpmf-auditor/) analyzes information about your technical security policies and your IT environments. OpenPMF Security Policy Auditor™ includes access to the OpenPMF Security Policy Auditor™ cloud service, and to ObjectSecurity’s professional services. It is designed to be rapidly customizable to fit to your particular audit/test requirements and IT landscape. The OpenPMF Security Policy Auditor is used in 4 phases: Import Information; Author requirements; 3. Test security policy requirements; 4. Visualize and document results.

Key Words: Policy, auditing, access control, testing

Uses of Technology/Products/Service:  OpenPMF Security Policy Auditor (https://objectsecurity.com/products/openpmf-auditor/) gives you consolidated visibility into your technical security policies. It provides guidance where to focus your Cybersecurity efforts, and helps you document Cybersecurity for audit & compliance. Using proven information modeling formal testing techniques, OpenPMF Security Policy Auditor™ analyzes information about your technical security policies and your IT environments. OpenPMF Security Policy Auditor™ includes access to the OpenPMF Security Policy Auditor™ cloud service, and to ObjectSecurity’s professional services. This makes OpenPMF Security Policy Auditor an easy-to-use solution that can involve you as much or little as you prefer. It is designed to be rapidly customizable to fit to your particular audit/test requirements and IT landscape. (1) Easy to use interface (GUI) that makes it easy to import, author, analyze, test and export security policy rules. (2) Avoid the pitfall en huge risk created by manually authoring policies. (3) Detect potential errors, mistakes and vulnerabilities in your policies to prevent hackers form moving around your it. (4) Reliable Return on Investment and low deployment and maintenance costs. (5) Fast and extremely cost-effective evaluation of your access control policies. The OpenPMF Security Policy Auditor is used in 4 phases: 1. Import Information: Import and consolidate security policy information from many sources, such as networks, systems, applications, identity & access systems etc.2. Author requirements: Author your audit/test security policy (Access Control) requirements in generic, intuitive, and rich concepts, using terms you choose.3. Test security policy requirements: Automatically test your test requirements against the imported information using formal methods4. Visualize and document results: Intuitively visualize the test results and create documentation. Alternatively, it can be used with OpenPMF Security Policy Automation.

Benefit to Company: OpenPMF Security Policy Auditor gives you consolidated visibility into your technical security policies. It provides guidance where to focus your Cybersecurity efforts, and helps you document Cybersecurity for audit & compliance. It helps identify security risks.

Technology’s Impact on Company’s Growth:  Strategic

How Product was Commercialized: ObjectSecurity embedded the technologies developed during this projects into our existing OpenPMF product, allowing us to rapidly commercialize.

Object Security had several OpenPMF deployments in 2018 where the Auditor is also deployed.

Created March 6, 2018, Updated June 10, 2019