NIST/FISMA Security Standards Compliant
- Best practice for data security
- Quarterly scan of network systems to ensure ongoing compliance by Tenable Security
- Daily scan of web systems to ensure ongoing compliance by Network Solutions
- Quarterly scans and penetration testing of all our systems to ensure ongoing compliance by VeraCode
Physical Security
- Intel Xeon Server Grade hardware in SAS-70 Type II certified Datacenter
- Secured site perimeters, Proximity Badge Access, Digital Video Surveillance
- Hardware RAID controllers on all servers
- 100% Redundant Cisco Network, Gigabit Backbone, Multi Feed Net Providers
- CISCO Guard Denial of Service (DOS) Protection
- Network Intrusion Detection System
- Enterprise Breach Traffic Analysis and Response
Network Security
- Encrypted data transfer via HTTPS (128-bit SSL Network Solutions certificate)
- All sysadmin access is recorded and stored in offsite logs
- Authentication via encrypted multi-master authentication system (LDAP)
- IP Lockdown: Limit web services to specific range of IP addresses
- Dedicated hardware firewalls on all publicly-facing servers
- Inter-server communication on private subnet, not routable on the Internet
- Best practices used in random generation of initial passwords
Data Security
- Encrypted server access and data transmission (128-bit SSL certificate)
- Customer data protected by Privacy Policy
- Backups taken at 10 minute intervals at geographically separate data-center
- 128-bit encrypted data transmission (SSL)
- All software maintained with latest security patches
- All network software compliance validated daily by GFI
Security Management
- Review our Terms of Service
- Security Policies are reviewed every six months
- Authentication via multi-master authentication system (LDAP)
- Only authorized, security-trained employees can access servers
- Direct C-level executive responsibility for overall Infrastructure Security
Redundancy
- All servers include redundant RAID storage devices
- Node clusters are distributed across multiple data centers
- Project data is backed up to hot (onsite) and cold (offsite) servers, with files transferred within a secure private sub-net
- Database servers are completely multi-site redundant, including our SQL and DNS systems
Security Controls
- Disable user feature - immediately lock down at risk employees
- Set a maximum password age, forcing users to regularly update their passwords
- Enforce a minimum of "strong" passwords; passwords rated "medium" or lower can be banned
- Immediately force a global reset of all passwords in your organization. Everyone gets locked out until they change their passwords