The US Intelligence National Security Agency (NSA) has released a network security tool. Dubbed Systems Integrity Management Platform (SIMP), designed and distributed to secure the networks of organizations improving the resilience to cyber attacks.
According to an official release from NSA, SIMP makes it easier for organizations to “fortify their networks against cyber threats.” The experts at NSA consider SIMP a critical part of layered, “defense-in-depth” approaches to cybersecurity.
“SIMP is a framework that aims to provide a reasonable combination of security compliance and operational flexibility. The ultimate goal of the project is to provide a complete management environment focused on compliance with the various profiles in the SCAP Security Guide Project and industry best practice.
Though it is fully capable out of the box, the intent of SIMP is to be molded to your target environment in such a way that deviations are easily identifiable to both Operations Teams and Security Officers. At this time, there are no commercial requirements for the use of SIMP outside of the purchase of Red Hat Enterprise Linux licenses as applicable.” states the official description of the SIMP framework.
The Systems Integrity Management Platform (SIMP) could be downloaded from the GitHub repository.
The release of the SIMP framework wants to promote the collaboration within the IT security industry by sharing the information of cyber threats and defensive tools.
“By releasing SIMP, the agency seeks to reduce duplication of effort and promote greater collaboration within the community: The wheel would not have to be reinvented for every organization,” says the NSA.
Currently, SIMP supports operating systems including Red Hat Enterprise Linux (RHEL) Versions 6.6 and 7.1 as well as Community Enterprise Operating System (CentOS) Versions 6.6 and 7.1-1503-01.
Shall Internet users trust NSA tool after Snowden‘s Revelations?
The Skepticism is warranted, however, the availability of tools to a wide audience would facilitate the identification of back door or any other monitoring mechanism.
(Security Affairs – NSA, SIMP)