Aims to avoid duplication of effort for govt agencies.
The US National Security Agency has offered up one of its cyber security tools for government departments and the private sector to use freely to help counter threats and raise their security posture.
The systems integrity management platform - SIMP - was released to the code repository GitHub over the weekend.
SIMP helps to keep networked systems compliant with security standards, the NSA said, and should form part of a layered, "defence-in-depth" approach to information security.
NSA said it released the tool to avoid duplication after US government departments and other groups tried to replicate the product in order to meet compliance requirements set by US Defence and intelligence bodies.
"By releasing SIMP, the agency seeks to reduce duplication of effort and promote greater collaboration within the community: the wheel would not have to be reinvented for every organisation," the NSA said in a release.
Currently Red Hat Enterprise Linux versions 6.6 and 7.1 and CentOS versions 6.6 and 7.1-1503-01 are the only supported operating systems for SIMP.
The NSA, which has in recent years faced heat over its mass surveillance and bulk data collection activities as exposed by former contractor Edward Snowden, has increased its efforts to share its technology in recent months.
It recently debuted its 'technology transfer' program, which aims to further the development of new capabilities and technologies within both government and the private sector.
The program allows the NSA to offer internally-developed technology to industry and researchers. It has so far opened up a range of products in eight categories spanning networking, optics, processing, security, and microelectronics, among others [pdf].
Director of the program, Linda Burger, said the open source method of "transferring technology from the federal laboratory to the marketplace is extremely efficient".
“The open source community can leverage the work that NSA has produced, and the government can benefit from that community’s expertise and perspective. It’s a win for everyone – and for the nation itself," she said in a statement.
Despite the secrecy of its intelligence gathering work, the NSA has a history of producing and publishing security-related work, and holds annual competitions that seek to find the best cybersecurity papers.
The spy agency’s trusted systems research group has also produced a hardened, mandatory access control architecture called Security Enhanced Linux that has found its way into several distributions, as well as Google’s Android mobile operating system, FreeBSD, and Oracle’s Solaris.
> produced a hardened, mandatory access control architecture called Security Enhanced Linux
Selinux was published ~17 years ago. They're really trying with the PR, but it would be easier if they actually continued contributions comparable to their budget...
Here is the google cached version: http://webcache.googleusercontent.com/search?q=cache:Iac_dvJ...