THE TECHNOLOGIES LISTED BELOW were developed within the National Security Agency (NSA) and are now available to the public via Open Source Software (OSS). The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace. OSS invites cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community’s enhancements to the technology.

Apache Accumulo

A sorted, distributed key/value store that provides robust, scalable data storage and retrieval. It adds cell-based access control and a server-side programming mechanism that can modify key/value pairs at various points in the data management process.

View Repo Page

CASA

Identifies unexpected and prohibited Certificate Authority certificates on Windows systems.

View Repo Page

CONTROL FLOW INTEGRITY RESEARCH

A proposed hardware-based method for stopping known memory corruption exploitation techniques described in the “Hardware Control Flow Integrity for an IT Ecosystem” research paper.

View Repo Page

DCP

A program that reduces the timespan needed for making a forensic copy of hard drives for forensic analysis.

View Repo Page

EOWS

A web enabled prototype tool that implements the Open Checklist Interactive Language (OCIL) capabilities for creating, managing, and responding to questionnaires.

Coming Soon

FEMTO

An indexing and search system for queries on sequences of bytes that offers lightning-fast searches on data of arbitrary formats.

View Repo Page

GOSECURE

An easy to use and portable Virtual Private Network system built with Linux and a Raspberry Pi 3.

View Repo Page

GRASSMARLIN

Provides network situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks to support network security.

View Repo Page

JAVA PATHFINDER MANGO (JPF-MANGO)

A static code analysis tool that uses formal methods for analysis. It is part of NASA Ames Java PathFinder project which is a system used to verify executable Java byte code.

View Repo Page

LEMONGRAPH/
LEMONGRENADE

Log-based transactional graph database engine backed by a single file. The primary use case is to support streaming seed set expansion, iterative correlation, and recursive file processing.

View Lemongraph View Lemongrenade

LOCKLEVEL

A prototype that demonstrates a method for scoring how well Windows systems have implemented some of the top 10 IA mitigation strategies.

View Repo Page

MAPLESYRUP

Assesses the security state of an ARM-based device by examining the system register interface of the processor.

View Repo Page

Apache NIFI

Automates the flow of data between systems. NiFi implements concepts of Flow-Based Programming and solves common data flow problems faced by enterprises.

View Repo Page

ONOP

Radically simplifies the operation of enterprise networks with SDN applications that reside on top of an OpenFlow-capable network controller.

View Repo Page

OPAL

Manages and standardizes existing commercial hard drives.

Coming Soon

OPENATTESTATION

Verifies system integrity by establishing a baseline measurement of a system’s Trusted Platform Module (TPM) and monitors for changes in that measurement. Originally based on NSA’s Host Integrity at Startup (HIS) software.

View Repo Page

OZONE TECHNOLOGY

A modular suite of “plug and play” services and capabilities, allowing organizations to customize the suite to meet their specific environments.

View Repo Page

Apache PIRK

Enables a user to privately and securely obtain information from a dataset to which they have access without revealing, to the dataset owner or an observer, any information regarding the questions asked or the results obtained.

View Repo Page

PRESSUREWAVE

Couples corporate object storage capabilities with a flexible policy language for customization of access control, retention, and storage of data within the same system.

Coming Soon

REDHAWK

A software-defined radio (SDR) framework designed to support the development, deployment, and management of real-time software radio applications.

View Repo Page

SAMI

Measures the degree to which specific aspects of the top 10 IA mitigation strategies have been deployed on Windows systems.

View Repo Page

SCAP SECURITY GUIDE (SSG)

Delivers security guidance, baselines, and associated validation mechanisms using the Security Content Automation Protocol (SCAP) for hardening Red Hat products.

View Repo Page

SECURE HOST BASELINE (SHB)

Group Policy Objects, configuration files, compliance checks, and scripts that support implementing the DoD Secure Host Baseline for Windows 10.

View Repo Page

SECURITY-ENHANCED LINUX (SELINUX)

A mandatory access control mechanism in the Linux kernel that checks for allowed operations after standard discretionary access controls are checked. It can enforce rules on files and processes in a Linux system, and on the actions they perform, based on defined policies. SELinux has been part of the Linux kernel since version 2.6.0.

View on Repo Learn More

SECURITY ENHANCEMENTS FOR ANDROID (SEANDROID)

Confines privileged processes based on security policies by enforcing mandatory access control over all Android processes. SE for Android has been part of Android since Android 4.3.

View Repo Page

SIMON AND SPECK

The Simon and Speck families of lightweight block ciphers.

View Repo Page

SYSTEM INTEGRITY MANAGEMENT PLATFORM (SIMP)

Automates system configuration and compliance of Linux operating systems so they conform to industry best practices.

View Repo Page

TIMELY

Provides secure access to time series data stored in Accumulo.

View Repo Page Learn More

UNFETTER

Provides a mechanism for network defenders, security professionals, and decision makers to quantitatively measure the effectiveness of their security posture.

View Repo Page Learn More

WALKOFF

An Active Cyber Defense development framework enabling orchestration capabilities to be written once and then deployed across WALKOFF-enabled orchestration tools.

View Repo Page Learn More

WATERSLIDE

An architecture for processing metadata designed to take in a set of streaming events from multiple sources, process them through a set of modules, and return meaningful outputs.

View Repo Page

WELM

Retrieves the definitions of Windows Event Log messages embedded in operating system binaries.

Coming Soon