WIND RIVER SECURITY SERVICES

Wind River® Professional Services guides our customers in securing their devices that are based on Wind River world-class operating systems. Our team is highly experienced and successful in the security field that spans critical infrastructure market segments including aerospace, defense, medical, industrial, networking, and transportation.

WIND RIVER HELIX SECURITY FRAMEWORK

Wind River Professional Services has a security offering that includes a compendium of security implementations based on the industry standard confidentiality, integrity, and availability (CIA) triad. The Wind River Helix™ Security Framework is the foundation for all security solutions that Professional Services offers its customers as it defines how a device is secured. An overview of the Wind River Helix Security Framework is shown in Figure 1.

Figure 1. Wind River Helix Security Framework, the foundation for Professional Services security offerings

SECURITY ASSESSMENT

Professional Services works closely with the customer to understand their system and operational requirements while systematically determining the assets, the vulnerabilities to those assets, and required security implementations to protect those assets. Professional Services develops the security assessment in collaboration with the customer to ensure alignment and practicality. The output of the assessment is a comprehensive report containing:

  • Baseline security definitions to ensure commonality of terms used
  • Itemized list of assets and vulnerabilities
  • Security policy defining what is meant to protect each asset of the system
  • Security implementation considerations with specifics on instantiated security implementation as it applies to the overall system and operational environment

 As part of this process, Professional Services identifies areas to aid the customer in the attainment of securing their system.

INFORMATION ASSURANCE FRAMEWORK

The Information Assurance Framework is a fully documented and complete source code delivery offering that enables hardware-based security features that are ported to and tested on the customer’s hardware platform. The Information Assurance Framework functionality spans confidentiality, integrity, and availability security features as shown in Figure 2.

Figure 2. The Information Assurance Framework hardware-enabled security features customized for the customer’s platform

FIPS 140-2 CERTIFICATION

Professional Services will port the latest version of the OpenSSL FIPS Module to the customer’s platform (including support for end-of-life or legacy Wind River products) and take the customer’s configuration through a Level 1 or Level 2 FIPS 140-2 certification. We work closely with OpenSSL Validation Services and the National Voluntary Laboratory Accreditation Program (NVLAP) to ensure a successful certification process.

SECURITY RESPONSE TEAM SERVICES

Professional Services provides delivery of security-related patches for our end-of-life and legacy products. This ensures that, for customers unable to upgrade to the latest version of their Wind River operating system, its security is maintained per the Common Vulnerabilities and Exposures database.

PROFESSIONAL SERVICES

Wind River Professional Services has a strong track record of guiding our customers through the complexities of new technology adoption. Certified to CMMI Level 3 across all of our global development centers, our proven engagement methodology, timely delivery, and in-depth understanding of market and technology dynamics have made Professional Services a valuable implementation partner to our customers. Our security team provides consultation services that help our customers with securing their devices.

Contact us today for more information on how Professional Services can assist your company with security. To find your local Wind River sales contact, visit www.windriver.com/company/contact, call +1-800-545-WIND (9463), or email salesinquiry@windriver.com.

Download PDF
Return to Resource Center