Tetrate, a company leading the enterprise adoption of Istio and Envoy, has been awarded over $3 million in contracts by AFWERX for two new cybersecurity projects with the U.S. Air Force (USAF). Tetrate is already the preferred provider for Platform One, the USAF’s Enterprise DevSecOps platform, where it plays a critical role in strengthening security and ensuring continuous compliance to meet national defense requirements.

Now, Tetrate is adding ambient mode to these enterprise-ready capabilities. The first USAF contract has Tetrate implementing ambient mode optimization using open source Istio, while the second contract has Tetrate implementing Open Security Controls Assessment Language (OSCAL).

Tetrate is Leading Authority on Security for Cloud-Native Applications
Tetrate has been a leading collaborator with NIST in defining security standards for cloud native applications, including Special Publication (SP) 800-207 series on the groundwork for Zero Trust and the SP 800-204 series on security strategies for microservices-based applications.

Tetrate has demonstrated the power of Istio at scale in the most demanding environments. We’ve learned that there is no one-size-fits-all solution.Post this

Most recently, Tetrate collaborated with NIST to produce SP 800-233: Guidance on the Use of Service Mesh Proxy Models for Cloud-Native Applications, which is now available for public review. This new paper offers guidance on the security implications of alternate service mesh proxy models such as ambient mode (sometimes called “sidecarless” service mesh) that have evolved recently to address performance and resource considerations in certain use cases. Read more about the four service mesh proxy models and their risk implications here.

Tetrate enhances USAF Platform One with ambient mode
The complexities of modern warfare heightens the demands for secure, reliable communication that can withstand the rigors of contested environments and sophisticated adversaries. To meet the need for a more resilient communicative framework, USAF selected Tetrate to bring ambient mode into USAF communications networks to drastically reduce communication vulnerability.

With ambient mode, Tetrate enables seamless node-to-node communication that extends operational reach and ensures continuity of command and control, even when conventional networks fail. This is a crucial enhancement that further improves Platform One’s underlying infrastructure efficiency, setting a new standard for the USAF and its operations. By running ambient mode alongside a traditional sidecar proxy mesh, the USAF can optimize resource utilization based on security risk profile. Tetrate’s implementation of ambient mode is more cost effective and will allow more applications to take advantage of service mesh security and availability.

Tetrate to integrate OSCAL for continuous compliance
Tetrate has also been awarded a contract to integrate Open Security Controls Assessment Language (OSCAL), the gold standard in compliance reporting, throughout the Tetrate product suite in use by USAF. OSCAL is an open source assembly language that allows compliance levels to be directly exported into a normalized format that can be consumed across different risk management frameworks (continuous compliance). Tetrate’s fortified software delivery solution ensures seamless compatibility with an array of security instruments, Security Event & Information Management (SEIM) platforms, and the Risk Management Framework (RMF) utilities, notably Enterprise Mission Assurance Support Service (eMASS).

The USAF will benefit from streamlined “authorization to operate” (ATO) processes for Platform One and its various mission-critical applications. Real-time, automated updates will replace sporadic manual attestations, giving the USAF an edge over its competitors.

“Tetrate has demonstrated the power of Istio at scale in the most demanding environments,” said Varun Talwar, co-founder of Tetrate. “We’ve learned that there is no one-size-fits-all solution. Depending on the application and environment, USAF will run apps in sidecar mode, ambient mode or just in application libraries depending on the security and availability properties of the application and environment.”