CHARLESTON, S.C. – Naval Information Warfare Center (NIWC) Atlantic signed a five-year licensing agreement with Ignyte Platform Inc. for use of the command’s Security Content Automation Protocol (SCAP) Compliance Checker (SCC) trade secret software source code earlier this year.

The agreement allows Ignyte, an integrated cyber risk assurance company, to commercialize compiled binaries of the software. SCC software was initially developed by NIWC Atlantic engineers in 2008 and binary forms of the SCC software were made available for free public use through the Defense Information Systems Agency (DISA) in 2021. The license to Ignyte was issued under the authority of Section 801 of the Fiscal Year 2014 (FY14) National Defense Authorization Act (NDAA).

SCAP Compliance Checker is an application designed to automate security compliance checking using open source SCAP specifications. Due to the critical function the software performs, it is highly requested for use by other government agencies and contractors.

“Currently, SCC is used by over 2000 government employees across 200 plus agencies and is used to audit computers to determine if they are compliant with Department of Defense (DoD) security requirements,” said Jack Vander Pol, SCC team lead with NIWC Atlantic. “The Navy is SCC’s largest end user with over 600 registered users. The software is used by NIWC staff to perform risk management framework (RMF) validation and by system administrators across the U.S. Navy to perform self-assessments.”

The licensing partnership with the Navy will allow the Ignyte team to integrate SCAP with the existing open source ecosystem to bring the capability to a broader set of potential customers that serve the military.

“We can now integrate proven technology into the cyber risk management platform that we offer to our clients, many who already provide services to the federal government,” said Max Aulakh, president of Ignyte. “This strengthens our working relationship with the Navy and Department of Defense and also allows our clients to better support the federal government and meet its security standards.”

NIWC Atlantic’s SCC team will provide initial support to Ignyte as part of the agreement. According to Vander Pol, the NIWC Atlantic team created a custom export of the current version of the software’s source code by removing any sensitive data and documenting the process for Ignyte to compile custom builds of SCC on Windows and Linux. The team will also directly communicate with Ignyte to answer any questions their engineers may have in compiling the SCC trade secret source code to binaries.

The NIWC team works closely with industry partners such as Ignyte to develop and enhance existing capabilities required for the defense industrial base. This integration will accelerate the adoption of Cyber Security Maturity Model, Open Security Control Assessment Language (OSCAL) and Federal Risk and Authorization Management Program (FedRAMP) Program.

Capt. Nicole Nigro, NIWC Atlantic Commanding Officer, signed the software license agreement on behalf of the U.S. Navy on Jan. 18, 2023.

“Agreements like these show how private industry can become instrumental partners in further developing products and technologies that allow companies to easily and more securely work with the federal government,” said Nigro. “We are proud to see the work of our talented engineers expand to have a broader impact in support of the national security mission.”

According to the licensing agreement, any commercial products produced by Ignyte utilizing the licensed source code will need to bear an original name other than the current licensed SCC designator to differentiate it from the NIWC Atlantic software product.

Ignyte purchased a single version of the licensed source code, which cannot be reproduced, for access by an identified group of authorized users. As the software source code is considered trade secret, the company will ensure that the licensed source code is only shared with the authorized users who must be U.S. citizens. Products developed using the licensed source code must be manufactured substantially in the United States.

Find out more about Security Content Automation Protocol Compliance Checker by visiting https://www.niwcatlantic.navy.mil/scap/.
 

---

About Ignyte

Ignyte Assurance PlatformTM is a leader in collaborative security and integrated governance, risk, and compliance (GRC) solutions created for streamlining compliance and audit processes to enhance the organizational cybersecurity posture of both corporate and small-to-medium-size businesses. Its AI-enabled risk management software is designed to help Chief Information Security Officers (CISOs) manage cyber and regulatory risk and meet multiple regulations at once by leveraging language and intent matching. It maximizes resource time, produces real-time reports, automates the evidence collection processes and increases overall trust in the organization’s regulatory compliance response. As a result, it has reportedly improved the efficiency and GRC efforts of organizations such as Allina Health, Cincinnati Children's Hospital Medical Center, St. Joseph Health Hospital, Global Ordnance, Jemco UFCU, and others. Learn more here: https://ignyteplatform.com/