Telos patents certification process

Telos officials announced last week that the company has been awarded a process patent for its automated security certification and accreditation techniques. The company has five other patents pending at the U.S. Patent and Trademark Office related to the certification and accreditation process.

All federal agencies are required by law to certify and accredit their general support systems and major applications, a time-consuming process for which agencies’ senior executives are held accountable.

The Telos patent covers the process of testing a system or application to ensure that minimum security requirements are met and producing documentary evidence that testing was done properly, said Richard Tracy, Telos’ chief security officer.

Tracy said the process patent also covers the final step in the certification and accreditation process, which is providing evidence that allows people to understand what the residual risks are. He said that all complex systems, even those with tested security controls, have residual vulnerabilities. Agencies must decide what level of vulnerability they are willing to accept.

Process patents are controversial in Europe, where some critics say they shouldn’t be awarded. Telos also has five international patents pending for the same process.

Telos’ June 14 announcement included nothing about licensing its process patent. As for the patent’s value to Telos, Tracy said it gives the company a competitive advantage, adding that “we’ve sort of put a fence around this process.”

Telos has been certifying and accrediting federal systems since about 1989, many of them for Defense Department and intelligence agencies.

The company’s software, Xacta IA Manager, automates the process for complying with requirements such as the Defense Information Assurance Certification and Accreditation Process and the Federal Information Security Management Act.