Cyber Security - Cloud
CIS Software is protected. First and foremost, CIS is hosted at Liquid Web in Texas, United States. Liquid Web™ combines industry-leading global security expertise with the latest technologies to deliver around-the-clock advanced threat protection and SOC incident response services for your business.
Our data server aligns with NIST 800-53, SOC2, PCI-DSS and ISO 270001 certifications. Many customers ask us about NIST 800-171, but this requirement is in reference to the protecting the confidentiality of controlled unclassified information (CUI). It is important to note that data is a customer responsibility as CIS and Liquid Web is the processor of customer data and the customer is the administrator on the CIS Software for their organization.
Liquid Web also provides a data privacy page: Privacy Policy
Liquid Web has earned certifications including:
Our server with Liquid Web is equipped with Threat Stack Oversight Intrusion Detection System. This adds an additional layer of security to our Liquid Web server with an advanced Intrusion Detection System. Threat Stack Oversight provides real-time monitoring across critical systems on our server, identification of potential threats and suspicious behavior, and rapid-response investigation and remediation anytime an anomaly is detected.
Our server also uses an ESET File Security provides advanced protection by paying particular attention to launched, opened or modified files. Once detected ESET disinfects, deletes or quarantines all infected files, instantaneously keeping your data safe.
Of course our servers are protected behind a Windows Firewall and we have a Server Secure™ system that turns our operating system and control panel into a well-tuned security machine. Exclusively available at Liquid Web, Server Secure takes the guesswork out of optimizing security settings.
In addition to server back-ups on our server and with two RAID drives, we also employ Acronis Cyber Back-ups. The key features are:
Off-Server Backup Storage
Fully Encrypted Backups
At Least 2X Faster Recovery
Near-Zero Impact on Server Resources
Shortest Backup Window Possible
Cyber Security - CIS Application
In addition to the cloud cyber security, we have built the following cyber security features into CIS Software:
(i) Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including their information systems).
(ii) Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
(iii) Verify and control/limit connections to and use of external information systems.
(iv) Control information posted or processed on publicly accessible information systems.
(v) Identify information system users, processes acting on behalf of users, or devices.
(vi) Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
(vii) Sanitize or destroy information system media containing Federal Contract Information before disposal or release for reuse.
(viii) Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.
(ix) Escort visitors and monitor visitor activity; maintain audit logs of physical access; and control and manage physical access devices. (Note: We keep last login date for all users, but we do not log all activity, ie., how many pages the user visited, in which sequence and how long they stayed on each screen)
(x) Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
(xi) Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
(xii) Identify, report, and correct information and information system flaws in a timely manner.
(xiii) Provide protection from malicious code at appropriate locations within organizational information systems.
(xiv) Update malicious code protection mechanisms when new releases are available.
(xv) We do not perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed because CIS is used by internal users and there is no external data downloaded, therefore there is no need to scan.