Security and Compliance Assurance
While CMMC Proof is designed to meet or exceed the security requirements set forth by NIST SP 800-171, it is important to note that CMMC Proof may not be used to store or process any U.S. Government information that is classified or subject to export controls (e.g., ITAR, EAR, CUI with NOFORN or RELTO markings). Clients are responsible for ensuring that any information submitted to CMMC Proof meets these requirements.
Uncompromising Data Security
Advanced Encryption:
All customer data within CMMC Proof is encrypted using AES-256, a military-grade encryption standard. Data in transit is secured via Transport Layer Security (TLS) 1.2 or higher, ensuring that your data is protected during transmission across potentially insecure networks.
Secure Development Lifecycle (SDLC):
Security is embedded in every stage of our software development process. CMMC Proof adheres to a rigorous SDLC, incorporating regular code reviews, automated static and dynamic security testing, and vulnerability scanning. Our SDLC practices follow industry-leading standards, including OWASP Top Ten mitigations, to proactively address potential security risks.
Resilient CSP Infrastructure:
CMMC Proof is hosted on a highly resilient cloud infrastructure provided by Microsoft Azure (FedRAMP High certified). This environment is built to withstand and recover from adverse conditions, including data center failures, network disruptions, and other potential threats to availability. The Microsoft Azure infrastructure features redundant power, HVAC systems, and fire suppression, as well as on-site physical security measures such as guards, biometric access controls, and 24/7 surveillance.
Multi-Layered Network Security Architecture:
Our network is segmented into multiple security zones, with sensitive systems like database servers housed in the most secure zones. Each zone is protected by additional security monitoring and access controls, ensuring that only authorized personnel can access critical systems. DMZs are utilized between the internet and internal systems to further isolate and protect sensitive information.
Advanced Intrusion Detection & Threat Intelligence:
Our intrusion detection systems are designed to detect and respond to suspicious activities in real-time, with automated alerts enabling swift action. Additionally, CMMC Proof is integrated with several threat intelligence sharing programs, allowing us to monitor and counteract emerging cyber threats as they develop.
24/7 Security Monitoring:
Our dedicated security team is on standby around the clock, continuously monitoring for potential vulnerabilities. In the event of a security incident, our team is prepared to respond immediately, ensuring that any threats are swiftly and effectively mitigated.
Reliability and Continuity Built In
-
Redundancy & High Availability: CMMC Proof is engineered with redundancy and high availability in mind. Our platform employs service clustering, failover mechanisms, and comprehensive backup regimes to eliminate single points of failure and ensure continuous service availability.
-
Disaster Recovery: CMMC Proof’s Disaster Recovery (DR) capabilities are designed to keep your operations running smoothly, even in the face of catastrophic events. Our DR program includes regular testing, robust recovery plans, and proactive measures to minimize downtime.
Application Security
-
Strong Authentication: Access to CMMC Proof is safeguarded with strong passphrase protection and multifactor authentication (MFA). SSH keys and credentials are stored securely and rotated regularly to minimize the risk of unauthorized access.
-
Regular Penetration Testing & Vulnerability Management: To ensure that our defenses remain robust, CMMC Proof undergoes regular penetration testing conducted by independent third-party security experts. Additionally, our platform is subjected to continuous vulnerability scanning as part of our Secure Development Lifecycle (SDLC), with any identified risks promptly addressed.