Governments Unified Capabilities Approved Products List


U.S. Department of Defense Unified Capabilities Approved Product List (UC APL) is the Governments single consolidated list of products that have completed Interoperability (IO) and Information Assurance (IA) certification.

The complete list of products on the UC APL is available at this link

(UC APL is a list maintained by the Defense Information Systems Agency (DISA) that defines what products are authorized to be deployed by the U.S. Department of Defense. DISA provides Enterprise Acquisition Services (EAS) for purchasing telecommunications and information technology (IT) products and services from the worldwide commercial sector to meet Department of Defense (DoD) and authorized non-defense customers' needs.
The Department of Defense must draw from this list when they build their networks.

The mandate that products be approved by DISA is contained in Department of Defense Instruction (DODI 8100.04), signed December 9, 2010 by Teresa Takai, the Department of Defense Chief Information Officer.
DoDI 8100.04 section 4.a defines Unified Capabilities (UC) “as (any single or combination of information media (voice, video, and/or data), whether converged, or non-converged) on DoD networks.” Section 4.b states, “Products that provide or support UC, acquired or operated by the DoD Components, shall be certified for interoperability and information assurance (IA) as set forth in this Instruction.”

 These products have undergone a rigorous, two-part assessment in order to be added to the APL.
The first assessment is focused on information assurance. “Security.
Products must prove that they are designed and built in a way that complies with the Department of Defense security functional requirements and security best practices. The security functional requirements come from a 2,000 page public document called the Unified Capabilities Requirements.
And the security best practices guides are called Security Technical Implementation Guides (STIG)s.

Products usually have to demonstrate other third party security certifications that might include ISO 15408 Common Criteria Certification and National Institute of Standards and Technology Federal Information Processing Standards 140-2, “Security requirements for Cryptographic Modules.”

Additionally, the government conducts a variety of penetration and other security focused tests to ensure that a product is secure enough to be deployed within government networks. 

The second part of testing is called Interoperability testing.  While it includes significant interoperability testing with other vendors, it also includes functional testing to ensure the devices meet the needs of the Department of Defense.
For network devices, this can be things like support of IPv6, rigorous high availability and the ability to prioritize and process different types of traffic like mission critical voice, video, chat and priority data.

 All testing is against requirements that are based on open standards from bodies like the Internet Engineering Task Force (IETF®)  or Institute of Electrical and Electronics Engineers IEEE.

Testing is a full time effort that lasts for weeks and sometimes months.  The labs that conduct this testing house millions of dollars of specialized test equipment and test infrastructure from many different vendors.

 The cost of this testing is tens and sometimes hundreds of thousands of dollars per certification event.

 If you are an organization that cares about security functionality and that products you purchase are able to meet demanding requirements for high availability, performance, etc., but you don’t have the money or perhaps time to conduct a detailed test of your own, you should look at the U.S. Department of Defense’s Unified Capability Approved Product List.

Images and content displayed - which are not the property of wgc
 are courtesy of our friends, family and customers as well as the U.S. Department of Defense.
All rights reserved. Copy and or republication is not authorized without express written permission.
c - 2017



UC APL Frequently Asked Questions