The Department of Defense has changed the name of the list it uses for the procurement of IT products to be used over the DoD network infrastructures. Previously names the Unified Capabilities Approved Products List (UC APL), the new list is henceforth the Department of Defense Information Network Approved Products List (DoDIN APL).
“The Department of Defense Information Network Approved Products List (DODIN APL) is established in accordance with the UC Requirements (UCR 2013) document and mandated by the DOD Instruction (DODI) 8100.04. Its purpose is to maintain a single consolidated list of products that have completed Interoperability (IO) and Cybersecurity certification.”
Notable other changes to the program include:
- The Unified Capabilities Certification Office (UCCO), which managed the UC APL process is now the Approved Products Certification Office (APCO) and will continue to operate as a staff element to oversee the DoDIN APL. “The APCO provides process guidance, coordination, information and support to vendors and government sponsors throughout the entire process, from the registration phase to the attainment of DODIN APL status. Additionally, the APCO manages the DODIN APL Removal List, which consists of products that have been removed from the DODIN APL.”
- Information Assurance (IA) Testing is now Cybersecurity (CS) Testing. There is no change to the process, the same STIG requirements are being tested.
- The findings report that the test center puts out at the completion of testing which was previously called the IA Report is now to be called a Cybersecurity Assessment Report (CAR). Again, the same information will be presented, the change is in name only.
- In suite, the meeting that takes place after the Testing AO receives the vendor’s cybersecurity mitigations is no longer an IA Out-brief, it is now a CS Out-brief. Attendees will remain the same.