Products and Solutions

ISC offers security products targeted at the protection of sensitive data at-rest or in-transit, as well as tools that facilitate certificate life-cycle management and PKI deployment in an enterprise setting. ISC also offers libraries that aid in the development of security-enabled applications. For more information, click one of the tabs below.

  • Data-at-Rest
  • Data-in-Transit
  • PKI
  • Dev. Tools
  • Export Info

Strong Protection for Sensitive Data-at-Rest

SecretAgent®

ISC's premiere file encryption utility. Provides file and e-mail confidentiality as well as sender and message authentication. For Windows, Windows Mobile, Mac OS X, and all popular UNIX platforms.
     SecretAgent 6.x Product Information (GUI and API tools)
     SecretAgent Command Line Interface (SA6CLI)
     DAS (server-mediated decryption for Communities of Interest) - New!
     Client-side Certificate Management and PKI Services (Certificate Explorer)
     Administering Security Policies (PolicyAgent)

SpyProof!®

The perfect tool to secure data on your local PC or notebook. Creates sharable, AES-encrypted, virtual drives on your local hard disk or on a remote server. Also allows you to secure and distribute sensitive data stored on all types of removable media, including CDs, DVDs, zip disks, SD and compact flash cards, and memory sticks. Currently available for Windows only.
     SpyProof! Product Information
     Administering Security Policies (PolicyAgent)

Strong Protection for Sensitive Data-in-Transit (and Data-at-Rest)

SecretAgent®

ISC's premiere file encryption utility. Provides file and e-mail confidentiality as well as sender and message authentication. For Windows, Windows Mobile, Mac OS X, and all popular UNIX platforms.
     SecretAgent 6.x Product Information (GUI and API tools)
     SecretAgent Command Line Interface (SA6CLI)
     Client-side Certificate Management and PKI Services (Certificate Explorer)
     Administering Security Policies (PolicyAgent)

DAS™

A Java servlet that performs cryptographic operations on behalf of authorized users. DAS may be used for secure collaboration within a community of interest with a dynamic membership roster. It also enables role-based signing and other private key operations. When used with the CSPid virtual smartcard, it can be accessed from within any security-enabled application on any platform.
     DAS Product Information

Credential Management and PKI Support

CertAgent®

ISC's X.509 certificate authority issues RSA, DSA, and ECC version 3 certificates and CRLs. CertAgent supports multiple external LDAP repositories and clustering for load balancing and high-availability. It allows remote administration and manual or automatic processing of certificate requests submitted via browser, or e-mail, or via secure RMI from a remote registration authority. Its HTML/Java RMI-based technology is easy to customize and maintain. For Windows, Linux, and Solaris.
    CertAgent Product Information

Centralized Credential Management Servlet™ / CCMS™

CCMS is an X.509 registration authority with integrated CMP-based enrollment, key escrow, and recovery services. It provides separate administrative and end-user web interfaces.
     CCMS architecture diagram

Bagala™

Bagala is a web service (based on REST over HTTPS) that allows applications to freely download (authenticated) data objects, but only grants upload rights to authorized administrators. Althought the initial release is limited to the client-driven provisioning of proprietary configuration settings for ISC products, the product is capable of storing arbitrary data indexed by a DN (and attribute name) and therefore behaves like a generic data store with strong access controls on writes but not on reads.

Dhuma™

Dhuma is an OCSP server designed to deliver optimal performance, high availability, load balancing, and management simplicity. Fully compliant with IETF Standards, Dhuma can be provisioned with CRLs manually, or via HTTP/HTTPS and LDAP/LDAPS. Dhuma periodically polls specified repositories to obtain CRL updates on a customizable schedule; CRLs are stored in a central database that can be accessed by all Dhuma servers in a cluster.

  • easily-managed web application that runs on commodity hardware
  • highly configurable, providing administrative control over nonce handling, unknown response generation, cache settings, response validity periods, and CRL polling frequency
  • supports software-based signing credentials and HSMs (for improved performance and security)
  • supports clustering for high availability and scalability (i.e., load balancing)
  • designed, developed, and supported by ISC staff located in the U.S.

Tara™

Tara is a utility that facilitates the automated provisioning of servers (and the applications they host) with PKI credentials and trust chains. Leveraging existing ISC web services (Bagala and CCMS), Tara administrators can centrally manage and deploy server and application credentials as well as common trust anchors throughout an enterprise. Once installed on a host, Tara periodically downloads and installs updated trust stores from a central server. Tara also manages the host’s PKI credentials, automatically handling scheduled key rollover events and reconfiguring relying server processes to use updated keying material.

Tara is particularly useful in the automated provisioning of virtual servers as they come online in the cloud. When a new VM host instance is launched, Tara automatically interfaces with Bagala and CCMS to obtain that VM’s credentials and trust chains. When the VM is terminated, Tara informs CCMS that the host’s credentials are no longer in use.

Tara’s flexible plug-in architecture allows admins to deploy management scripts specifically targeted to their particular network and PKI ecosystem. Template scripts for the most popular web service platforms are provided. Tara supports pooled certificates, short-term certificates, and normal certificates with revocation.

Credential Management Utility™ / CMU™

CMU is a scriptable X.509 credential management utility that allows system administrators to automate many common PKI maintenance tasks that end users often find very difficult to perform manually. Currently available only for Windows.
     CMU Product Information

CSPid®

An operating system-agnostic virtual smartcard with an integrated, portable credential store and PKCS#11, Java, and CAPI interfaces that make its keys and cryptographic operations available to all applications (including CAPI- and non-CAPI-aware browsers). Its graphical user interface simplifies the PKI experience for end-users, allowing credentials to be moved effortlessly between workstations and obviating the need to replicate keys across independent applications. Its command line interface allows security officers to automate PKI enrollment, key rollover, and credential backup operations, among other tasks. Providing superior protection for private keys, it overcomes the password change/reset issues that plague IE and Mozilla. Optional DAS support provides access to role-based signing and 'community of interest' decryption services. For Windows, Linux, and Solaris.
     CSPid Product Information

Application Development Tools

Cryptographic Development Kits (CDKs)

For developers wanting to add security to their mission-critical applications, ISC's CDK offers FIPS 140-1 certified implementations of today's standard cryptographic algorithms in the form of linkable libraries. For Windows and all popular UNIX platforms.
     CDK Product Information

SecretAgent APIs

Embed fully SecretAgent-compatible, file- or buffer-based cryptographic operations into your own applications. Provided as a DLL or shared library, SA5API packages are available for Windows and all popular UNIX platforms.
     SecretAgent Application Programming Interface (SA5API)

SecretAgent CLI

This command line executable version of SecretAgent offers nearly all of the features of the standard GUI-based product plus additional capabilities that are more suitable for scripting and use by unattended server processes. Supports pipes to perform all cryptographic operations in memory. Spawning the SA6CLI from within your own application is typically simpler than linking against a SA6API library. For Windows and all popular UNIX platforms.
     SecretAgent Command Line Interface (SA5CLI)

Export Regulations

ISC products are subject to the export control laws administered by the United States Bureau of Industry and Security (BIS). Their Export Administration Regulations provide information on a wide variety of export restrictions and must be consulted if you are planning to export our software.

Generally speaking, ISC may freely export its products under License Exception ENC to all but a handful of embargoed countries and denied parties. Specifically, our products have been assigned the following Licensing Mechanisms:

Product
ECCN
LIC
CCATS
Bagala
pending
CCMS
pending
CDK
5D002
ENC unrestricted
G026249
CertAgent
5D002
ENC unrestricted
G041335
CMU
5D002
ENC unrestricted
G047167
CSPid
5D002 (C.1)
ENC unrestricted
G053671
DAS
5D002
ENC unrestricted
G044868
SecretAgent
5D002
ENC unrestricted
G016161
SecurePhone
5D002
ENC unrestricted
G016653
SecurePhone Lite
5D992
ENC unrestricted
G016653
SpyProof!
5D002
ENC unrestricted
G025241


Entities wishing to export our COTS products, or products incorporating our CDK, are advised to seek their own legal counsel and to consult the BIS Regulations referenced above.

Definitions

ECCN: Export Control Classification Number assigned by BIS in the Commerce Control List (CCL). This is the fundamental designation indicating the level of control for an item.  ISC products fall under one of the following two ECCNs:

  • 5D002 - Information Security - Software (encryption using keys larger than 64 bits)
  • 5D992 - Information Security - Software (encryption using keys less than or equal to 64 bits in length, or data authentication)

LIC:  The license type for all ISC products is "ENC Unrestricted" which indicates that the software is eligible for "ENC" under Sections 740.17(a) and 740.17(b)(3) of the EAR.

CCATS: Commodity Classification Automated Tracking System, the code number assigned by BIS to products that it has classified against the CCL. The CCATS number for each ISC product classified 5D002 is provided because some encryption exports require post-shipment reporting to BIS and this number is a mandatory element of these reports.

Security Solution Checklist
Tabs on this page:

 

DoD ESI