ISC offers security products targeted at the protection of sensitive data at-rest or in-transit,
as well as tools that facilitate certificate life-cycle management and PKI deployment in an
enterprise setting. ISC also offers libraries that aid in the development of security-enabled
applications. For more information, click one of the tabs below.
- Data-at-Rest
- Data-in-Transit
- PKI
- Dev. Tools
- Export
Strong Protection for Sensitive Data-at-Rest
SecretAgent®
ISC's premiere file encryption utility. Provides file and e-mail confidentiality as
well as sender and message authentication. For Windows, Windows Mobile, Mac OS X, and
all popular UNIX platforms.
SecretAgent product information (GUI and API
tools)
SA/TE transparent encryption (plug-in extension)
SecretAgent command line interface (SA6CLI)
DAS (cryptographic services for communities of
interest)
Certificate Explorer (client-side certificate
management and PKI services)
Bagala Editor (centralized management of
security policies; formerly named PolicyAgent)
SpyProof!®
The perfect tool to secure data on your local PC or notebook. Creates sharable,
AES-encrypted, virtual drives on your local hard disk or on a remote server. Also allows
you to secure and distribute sensitive data stored on all types of removable media,
including CDs, DVDs, zip disks, SD and compact flash cards, and memory sticks. Currently
available for Windows only.
SpyProof! Product Information
Administering Security Policies (Bagala Editor, formerly name PolicyAgent)
Strong Protection for Sensitive Data-in-Transit (and Data-at-Rest)
SecretAgent®
ISC's premiere file encryption utility. Provides file and e-mail confidentiality as
well as sender and message authentication. For Windows, Windows Mobile, Mac OS X, and
all popular UNIX platforms.
SecretAgent product information (GUI and API
tools)
SecretAgent command line interface (SA6CLI)
Certificate Explorer (client-side certificate
management and PKI services)
PolicyAgent (centralized management of
security policies)
DAS™
A Java servlet that performs cryptographic operations on behalf of authorized users. DAS may be used for secure collaboration within a community of interest with a dynamic membership roster. It also enables role-based signing and other private key operations. When used with the CSPid virtual smartcard, it can be accessed from within any security-enabled application on any platform.
DAS product informationCredential Management and PKI Support
Acala™
Acala is a software HSM emulator that acts as a universal key store as well as a cryptographic service provider. It
- maintains a central repository for private keys and X.509 certificates, and
- provides a secure environment for cryptographic operations.
CertAgent®
ISC's NIAP-validated X.509 certificate authority issues RSA and ECC version 3
certificates and CRLs. CertAgentsupports multiple external LDAP repositories
and clustering for load balancing and high-availability. It allows remote administration
and manual or automatic processing of certificate requests submitted via browser, or
e-mail, or via secure RMI from a remote registration authority. Its HTML/Java RMI-based
technology is easy to customize and maintain. For Windows, Linux, and Solaris.
CertAgent product information
Centralized Credential Management Servlet™ / CCMS™
CCMS is an X.509 registration authority with integrated CMP-based enrollment,
key escrow, and recovery services. It provides separate administrative and end-user web
interfaces.
CCMS architecture diagram
Central Key Generation Library (CKG)®
CKG is a linkable library of routines that can be used to instrument CertAgent
or a third-party X.509 certificate authority. It supports the automation of PKI
enrollment (keypair generation/PKCS#10 submission/certificate retrieval) via CMP, as well as credential
archival activities (with or without private key escrow). Included are methods for
generating RSA keypairs and creating/parsing PKCS#10 certificate requests, PKCS#7/#8/#12
PDUs, certificates, and certificate chains. It can generate and submit enrollment, certificate revocation, and credential recovery requests to a CMP server (e.g., CCMS) via TCP, HTTP, or HTTPS. Critical cryptographic operations may be
performed in software (using ISC's FIPS 140-2 validated CDK) or on an auxiliary HSM (via PKCS#11).
For more details, see the complete API description on the:
CKG support page
Bagala™
Bagala is a web service (based on REST over HTTPS) that allows applications to freely download (authenticated) data objects, but only grants upload rights to authorized administrators. Althought the initial release is limited to the client-driven provisioning of proprietary configuration settings for ISC products, the product is capable of storing arbitrary data indexed by a DN (and attribute name) and therefore behaves like a generic data store with strong access controls on writes but not on reads.
Bagala product informationDhuma™
Dhuma is an OCSP server designed to deliver optimal performance, high availability, load balancing, and management simplicity. Fully compliant with IETF Standards, Dhuma can be provisioned with CRLs manually, or via HTTP/HTTPS and LDAP/LDAPS. Dhuma periodically polls specified repositories to obtain CRL updates on a customizable schedule; CRLs are stored in a central database that can be accessed by all Dhuma servers in a cluster.
- easily-managed web application that runs on commodity hardware
- highly configurable, providing administrative control over nonce handling, unknown response generation, cache settings, response validity periods, and CRL polling frequency
- supports software-based signing credentials and HSMs (for improved performance and security)
- supports clustering for high availability and scalability (i.e., load balancing)
- designed, developed, and supported by ISC staff located in the U.S.
Tara™
Tara facilitates the automated provisioning of servers (and the applications they host) with PKI credentials and trust chains. Leveraging existing ISC web services (Bagala and CCMS), Tara administrators can centrally manage and deploy server and application credentials as well as common trust anchors throughout an enterprise. Once installed on a host, Tara periodically downloads and installs updated trust stores from a central server. Tara also manages the host’s PKI credentials, automatically handling scheduled key rollover events and reconfiguring relying server processes to use updated keying material.
Tara is particularly useful in the automated provisioning of virtual servers as they come online in the cloud. When a new VM host instance is launched, Tara automatically interfaces with Bagala and CCMS to obtain that VM’s credentials and trust chains. When the VM is terminated, Tara informs CCMS that the host’s credentials are no longer in use.
Tara’s flexible plug-in architecture allows admins to deploy management scripts specifically targeted to their particular network and PKI ecosystem. Template scripts for the most popular web service platforms are provided. Tara supports pooled certificates, short-term certificates, and normal certificates with revocation.
Credential Management Utility™ / CMU™
CMU is a scriptable X.509 credential management utility that allows system
administrators to automate many common PKI maintenance tasks that end users often find
very difficult to perform manually. Currently available only for Windows.
CMU product information
CSPid®
An operating system-agnostic virtual smartcard with an integrated, portable
credential store and PKCS#11, Java, and CAPI interfaces that make its keys and
cryptographic operations available to all applications (including CAPI- and
non-CAPI-aware browsers). Its graphical user interface simplifies the PKI experience for
end-users, allowing credentials to be moved effortlessly between workstations and
obviating the need to replicate keys across independent applications. Its command line
interface allows security officers to automate PKI enrollment, key rollover, and
credential backup operations, among other tasks. Providing superior protection for
private keys, it overcomes the password change/reset issues that plague IE and Mozilla.
Optional DAS support provides access to role-based
signing and 'community of interest' decryption services. For Windows, Linux, and
Solaris.
CSPid product
information
Application Development Tools
Cryptographic Development Kits (CDKs)
For developers wanting to add security to their mission-critical applications, ISC's
CDK offers FIPS 140-2 validated implementations of today's standard cryptographic
algorithms in the form of linkable libraries. For Windows and all popular UNIX
platforms.
CDK product information
SecretAgent APIs
Embed fully SecretAgent-compatible, file- or buffer-based cryptographic operations
into your own applications. Provided as a DLL or shared library, SA5API packages are
available for Windows and all popular UNIX platforms.
SecretAgent application programming interface
(SA5API)
SecretAgent CLI
This command line executable version of SecretAgent offers nearly all of the features
of the standard GUI-based product plus additional capabilities that are more suitable
for scripting and use by unattended server processes. Supports pipes to perform all
cryptographic operations in memory. Spawning the SA6CLI from within your own application
is typically simpler than linking against a SA6API library. For Windows and all popular
UNIX platforms.
SecretAgent command line interface(SA5CLI)
Export Regulations
ISC products are subject to the export control laws administered by the United States Bureau of Industry and Security (BIS ). Their Export Administration Regulations provide information on a wide variety of export restrictions and must be consulted if you are planning to export our software.
Generally speaking, ISC may freely export its products under License Exception ENC to all but a handful of embargoed countries and denied parties. Specifically,
our products have been assigned the following Licensing Mechanisms:
|
Product
|
ECCN
|
LIC
|
CCATS
|
|---|---|---|---|
| Bagala |
pending
|
||
| CCMS |
pending
|
||
| CDK |
5D002
|
ENC unrestricted
|
G026249
|
| CertAgent |
5D002
|
ENC unrestricted
|
G041335
|
| CMU |
5D002
|
ENC unrestricted
|
G047167
|
| CSPid |
5D002 (C.1)
|
ENC unrestricted
|
G053671
|
| DAS |
5D002
|
ENC unrestricted
|
G044868
|
| SecretAgent |
5D002
|
ENC unrestricted
|
G016161
|
| SpyProof! |
5D002
|
ENC unrestricted
|
G025241
|
Entities wishing to export our COTS products, or products incorporating our CDK, are
advised to seek their own legal counsel and to consult the BIS Regulations referenced
above.
ECCN: Export Control Classification Number assigned by BIS in the Commerce Control List (CCL). This is the fundamental designation indicating the level of control for an item. ISC products fall under one of the following two ECCNs:
- 5D002 - Information Security - Software (encryption using keys larger than 64 bits)
- 5D992 - Information Security - Software (encryption using keys less than or equal to 64 bits in length, or data authentication)
LIC: The license type for all ISC products is "ENC Unrestricted" which indicates that the software is eligible for "ENC" under Sections 740.17(a) and 740.17(b)(3) of the EAR.
CCATS:Commodity Classification Automated Tracking System, the code number assigned by BIS to products that it has classified against the CCL. The CCATS number for each ISC product classified 5D002 is provided because some encryption exports require post-shipment reporting to BIS and this number is a mandatory element of these reports.
