NIST/FISMA Security Standards Compliant

  • Best practice for data security
  • Quarterly scan of network systems to ensure ongoing compliance by Tenable Security
  • Daily scan of web systems to ensure ongoing compliance by Network Solutions
  • Quarterly scans and penetration testing of all our systems to ensure ongoing compliance by VeraCode

Physical Security
  • Intel Xeon Server Grade hardware in SAS-70 Type II certified Datacenter
  • Secured site perimeters, Proximity Badge Access, Digital Video Surveillance
  • Hardware RAID controllers on all servers
  • 100% Redundant Cisco Network, Gigabit Backbone, Multi Feed Net Providers
  • CISCO Guard Denial of Service (DOS) Protection
  • Network Intrusion Detection System
  • Enterprise Breach Traffic Analysis and Response

Network Security
  • Encrypted data transfer via HTTPS (128-bit SSL Network Solutions certificate)
  • All sysadmin access is recorded and stored in offsite logs
  • Authentication via encrypted multi-master authentication system (LDAP)
  • IP Lockdown:  Limit web services to specific range of IP addresses
  • Dedicated hardware firewalls on all publicly-facing servers
  • Inter-server communication on private subnet, not routable on the Internet
  • Best practices used in random generation of initial passwords

Data Security
  • Encrypted server access and data transmission (128-bit SSL certificate)
  • Customer data protected by Privacy Policy
  • Backups taken at 10 minute intervals at geographically separate data-center
  • 128-bit encrypted data transmission (SSL)
  • All software maintained with latest security patches
  • All network software compliance validated daily by GFI

Security Management
  • Review our Terms of Service
  • Security Policies are reviewed every six months
  • Authentication via multi-master authentication system (LDAP)
  • Only authorized, security-trained employees can access servers
  • Direct C-level executive responsibility for overall Infrastructure Security

Redundancy
  • All servers include redundant RAID storage devices
  • Node clusters are distributed across multiple data centers
  • Project data is backed up to hot (onsite) and cold (offsite) servers, with files transferred within a secure private sub-net
  • Database servers are completely multi-site redundant, including our SQL and DNS systems

Security Controls
  • Disable user feature - immediately lock down at risk employees
  • Set a maximum password age, forcing users to regularly update their passwords
  • Enforce a minimum of "strong" passwords; passwords rated "medium" or lower can be banned
  • Immediately force a global reset of all passwords in your organization.  Everyone gets locked out until they change their passwords