SteelBox
SteelBox
Overview

SteelBox™ Secure Voice and Text App

Working remotely? Are your calls and texts secure? CACI's SteelBox is the first secure voice and text app for U.S. Government agencies.  It’s secure. Simple. Seamless. And ready for the enterprise in a matter of hours.

SteelBox is already operational for several government customers. The cloud-based app can be set up for any number of users from a handful to hundreds of thousands. It is available on p.58 (section 2.5.6) of GSA’s IT-70 GS-35F-349CA schedule. Best of all, set up and provisioning can all be performed remotely.
 

Request The Whitepaper

How Does It Work?

CACI partnered with Microsoft Azure and BlackBerry to deliver a government cloud-hosted, FedRAMP-certified, secure mobile tenant environment. Authorized users simply download the SteelBox secure app directly from the app store or have it sent to their device via a government-authorized Mobile Device Management (MDM) solution. Once authenticated, the SteelBox app allows users to make encrypted phone calls and send encrypted messages securely and conveniently.

This software-as-a-service (SaaS) solution is convenient to the user and results in significant savings to the government by eliminating the lifecycle costs of acquiring, delivering, and maintaining government-owned hardware and software.

Technology And Security

The SteelBox servers are hosted in a multi-tenant Microsoft Azure Government Cloud, FedRAMP High, Impact Level 4 environment. The secure servers act as "traffic cops" to route incoming calls and messages to and from end-user smartphones and provides encryption for Controlled Unclassified Information (CUI).

SteelBox security begins at the device level. The SteelBox app will not run on rooted or jailbroken mobile devices. Once the secure activation process has been performed, SteelBox leverages the National Security Agency’s (NSA’s) Commercial National Security Algorithm (CNSA) encryption standard to ensure that each call and message is encrypted with unique AES-256, P-384 elliptic-curve crypto keys. A unique set of keys is established each time a call or message is sent.

A core component of the SteelBox solution is the BlackBerry SecuSUITE software. The SecuSUITE software was developed to meet strict federal security standards and holds multiple certifications, including: 

  • SecuSUITE Client Protection Profiles: 
    • Application Software - Protection Profile for Application Software 
    • VoIP: Extended Package for Voice and Video over IP (VVoIP) 
    • Functional Package for TLS, March 2019
  • SecuGATE-Related Protection Profiles
    • Network Device - Collaborative Protection Profile for Network Devices, March 11, 2019
    • SIP Server - Enterprise Session Controller (ESC), October 25, 2016 (ESCEP10) 
  • National Information Assurance Partnership (NIAP) Compliance
  • Approved by CSfC program under NSA specifications.
  • Complies with CNSA cryptography requirements
  • Supports FIPS 140-2-validated keystore
FRA Requirements

For the first time, Federal CIOs and records management officials can meet Federal Records Act (FRA) requirements for mobile messaging and cell phone metadata without having to engage cellular service providers. Call and message data is archived on a regular basis, and the actual content of messages can be encrypted and archived. All archiving is managed by U.S. Government administrators, in accordance with FRA requirements.

Each government agency has its own tenant in the SteelBox cloud environment. When the government tenant administrator sets up the agency’s unique tenant, the Records Act Compliance module is activated. The government administrator establishes a unique crypto key to encrypt the government message content being recorded for compliance. Only the government administrator for that unique department, command, or agency and/or the records management designee have access to this crypto key.

Contact
Kerry Leo
CACI Capabilities & Technology Integration

EMAIL
Resources
pdf Resources

Stop Working, Start Inventing Your Career