- November 06, 2017
November 6, 2017 - To complement Wind River’s product portfolio, the company introduced Wind River Helix Security Framework, a consultative services offering designed to help customers meet their IoT security needs. The offering is part of Wind River’s Professional Services business.
The Helix Security Framework provides a services offering for both discovering and representing the security needs of IoT devices, as well as the entire IoT system comprised of those devices. The components of the model are based around the CIA Triad, the industry standard model to represent security, which is built around principles of confidentiality, integrity, and availability. Specifically, it offers the following services to help companies integrate security from step one and for every stage of the process:
- Security Assessment: Identification of the device assets, vulnerabilities to those assets, risks, and regulatory requirements (i.e., NIST standards and special publications, Avionics DO-355/356, Medical Device Security Disclosure, and NERC CIP-007-3a). Determination of which security implementations are to be used based on cost, performance and operational environment factors. The Security Assessment documents the security policy of the device. The Security Policy defines the security implementations used to protect the assets and defines the security audit log messages and their responses for the system.
- Information Assurance Foundation: A fully documented and complete source code solution offering that enables hardware-based security implementations that are ported to and tested on the customer’s hardware platform.
- FIPS 140-2 Certification: Integrating and testing the cryptographic module(s) and taking the customer’s configuration through a Level 1 or Level 2 FIPS 140-2 Certification.
Wind River Helix Security Framework is designed to equip companies with strategies and technologies to secure their hardware and software, protect communication between devices and across systems, safeguard them over time, and respond quickly as new threats emerge.