COAT.OS
Military-grade hardened IoT security solution from Rheinmetall
- Maximum security for critical missions:
Protect your systems and platforms from cyber attacks with a comprehensively hardened IoT solution. COAT.OS meets the most important national IT security requirements, including system encryption up to the classification level VS-NfD, RESTREINT UE/EU RESTRICTED or NATO RESTRICTED.
- Transparency and compliance at your fingertips:
With the integrated auditing function, you can create real-time reports for internal and external vulnerability assessments. The exportable data makes it easier to pass audits and provide proof of your IT security.
- Stability and control in every situation:
Use our secure kiosk mode to turn your devices and applications into digital appliances. The integrated system restore function allows you to reset to factory settings at any time. All security-related logs can be accessed at any time.
- Fast operational readiness:
Rapid prototyping of your (system) development allows you to receive prototypes from us within a few days, which you can use to install your systems unattended with all protective measures
included.
AUTOMATED INSTALLATION
The installation of Rheinmetall COAT.OS on the target systems is automated and adapts to the respective system configuration. This specific coordination between software and hardware enables efficient and secure commissioning.
- Optimal functionality: Rheinmetall COAT.OS automatically recognizes the hardware used and adjusts the software characteristics accordingly to ensure optimal functionality on target systems.
- Flexibility through software variants: Depending on the hardware configuration, different software variants can be selected for the target system to be installed automatically. The selection is made either by the user installing the software or automatically by the specified system configuration.
- Automated configuration: Depending on the variant, only the software and configuration intended for the software variant is installed without manual interaction.
- Simplified error analysis: Rheinmetall COAT.OS uses integrated error detection mechanisms during installation so that each installation step is automatically monitored. In the event of an error, the software aborts the installation. This enables exactly repeatable production of the system. Detailed logs are documenting the exact installation process and possible error sources. End users or administrators can view log files or export them for further analysis.This enables quick and targeted problem solving.
KIOSKMODE
Kiosk mode limits access to the applications intended for the end user and prevents other programs from being run. It is not possible to use the system for anything other than these applications and the operating system elements relevant for system use – nor can the end user make any changes security-relevant system settings and configurations. These measures reduce the risk of unauthorized access, improper actions and malicious manipulation.
SECURITY MECHANISMS
Rheinmetall COAT.OS integrates a variety of security settings and tools that ensure the system is protected against internal and external threats, for example:
- Applocker: Applocker operates in whitelisting mode, so that only authorized applications can be run. Unauthorized or potentially harmful programs are blocked, ensuring protection against unwanted applications, malware or viruses.
- Firewall: The firewall is configured by default to allow only the network traffic necessary for the customer’s software to function (Deny-All mode). Unauthorized
- connections are blocked.
- itWatch: The system monitors the use of interfaces (such as USB ports) and blocks unauthorized devices. At the same time, the import and export of files is monitored to prevent unauthorized data transfers.
- Full disk encryption: Full disk encryption using BitLocker or TrustedDisk (for VS-NfD, RESTREINT UE/EU RESTRICTED or NATO RESTRICTED) ensures that unauthorized access to the system and stored data is prevented, especially in the event of physical theft or loss of the device.
SYSTEM ADMINISTRATION
Depending on the requirements, administrative tasks and configurations can be carried out via a specially developed, preinstalled application. It is not necessary for an operating system user member of any administrative group to be logged in to the system.
The application consists of modular building blocks that can be set up or expanded to include the required functions, depending on customer requirements. This enables flexible configuration of the system without compromising security by granting administrator rights.
IT SECURITY CERTIFICATION
Rheinmetall COAT.OS offers an on-demand security check that retrieves all security-relevant settings and the relevant logs and provides them in the form of a report for documentation purposes. This provides a clear overview of the system configuration and makes security incidents traceable. The security report can be accessed by an administrator or a user with the “auditor” role via the auditing function of the preinstalled system administration application and can be used for internal audots and external audits by certification authorities.