The hoops that companies must jump through in order to sell into the Federal government can be difficult to understand and sometimes misleading. As with any government process, misconceptions surrounding what is required begin to evolve and companies can potentially lose revenue as a result.<\/p>\n

Here are a few of the most common myths and misconception we have encountered over the years as we helped companies navigate the DoD mandated listing process for the DoDIN\u00a0APL (Department of Defense Information Network Approved Products List)<\/span>:<\/p>\n

Myth 1: \u201cI\u2019m already selling into the DoD, I don\u2019t need additional product security hardening.\u201d\u00a0<\/strong><\/p>\n

Per DoD guidelines<\/a><\/span>, procurements are restricted to those solutions specifically listed on the DoDIN APL.\u00a0If your product is not\u00a0currently\u00a0on the list, or you are not actively pursuing a listing, the new restrictions will\u00a0shut you out of any future procurements.<\/p>\n

Although your current customers may have purchased your solution in the past, they are in fact not authorized to do so in the future, and could require you to get listed at any time moving forward without prior\u00a0notice.<\/p>\n

Myth 2: “I already completed JITC\/STIG Testing and or have a CON, I don’t need to do anything further.”<\/strong><\/p>\n

Previously, each military branch would issue a\u00a0Certificate of Net-worthiness (CON) on their own to individual contractors.\u00a0A CON gave you the ability to sell into that specific agency, but that agency alone. Year after year, each branch issued their own CON until finally the DoD collectively agreed to develop one singular list to buy from – and hence the Unified Capabilities Approved Product List was created.<\/p>\n

To be listed on the DoDIN APL, your product must go through Interoperability\u00a0(IO) testing as well as Information Assurance (IA) testing. The Joint Interoperability Test Command (JITC) is the IO certifying authority within The DoD.\u00a0Any previously certified products tested solely by JITC would need to re-list on the DoDIN APL.<\/p>\n

Security Technical Implementation Guide (STIG) testing\u00a0is part of the initial submission for the DoDIN APL listing process. It includes the completion of a questionnaire on product internals, secure protocols, and access. The results\u00a0determine which\u00a0STIGs will be\u00a0applied to your product. Testing is only one portion\u00a0of DoDIN APL listing requirements, and while it can help in a quick RFP\/RFQ response, it is only a first step. Completing the process ensures access to the total DoD procurement engine.<\/p>\n

Myth 3: \u201cThe DoD only purchases from U.S. based companies.\u201d<\/strong><\/p>\n

Companies outside the United States that are attempting to develop solutions for the DoD may do so as long as they are listed on the DoDIN APL. In fact, companies from ten different countries\u00a0outside of the United States have products currently listed on the DoDIN APL.<\/p>\n

LEARN MORE<\/a><\/strong>\u00a0<\/span>about inclusion on the DoDIN APL and how to get started.<\/p>\n

Corsec brings you all the most recent updates to the standards, certifications, and requirements \u2013\u00a0Subscribe<\/a><\/strong><\/span><\/p>\n

<\/a><\/a><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The hoops that companies must jump through in order to sell into the Federal government can be difficult to understand and sometimes misleading. As with any government process, misconceptions surrounding what is required begin to … <\/p>\n

Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":11277,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[63,127,91,9],"tags":[82,83,128,95,39,8],"class_list":["post-9498","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-dodin-apl","category-security","category-uc-apl","tag-certification-process","tag-certification-roi","tag-dodin-apl","tag-security","tag-security-certifications","tag-uc-apl","infinite-scroll-item","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","no-featured-image-padding"],"yoast_head":"\n