Laserfiche WebLink
SOLICITATION # CH16012 <br />FireEye <br />FireEye has mature and well documented security and privacy programs. The programs include <br />third party certifications for SSAE 16 SOC 2, and FedRAMP certifications, Model clauses, Privacy <br />and Security Standards among others. The data that FireEye receives is only in conjunction with <br />the malware analysis. <br />Our data protection standards includes prevention of exposure to unauthorized personnel and <br />managing and reviewing all access to systems (not just for admin) quarterly or when employees <br />have a role change. FireEye has standards for hardware and software such as gold images for all <br />operating systems and hardened systems, these are managed and distributed centrally. It also <br />includes supported and managed configurations of hardware and software on mobile devices and <br />acceptable use policy for all FireE a resources. <br />VirtueStream <br />Customers are responsible for the protection and confidentiality of data within their application <br />and/or system which resides on the Virtustream IaaS. Virtustream customers are logically <br />separated via VLAN and VRF technologies which ensure that different customers' data is not <br />accessible and cannot be altered. Customers are responsible for controlling access to their data. <br />Virtustream does not have direct access to customer data within their customer zone. Virtustream <br />employees who are assigned to IaaS must pass a Virtustream background investigation. In <br />addition, Virtustream employees assigned to the IAAS must adhere to any requirement by <br />customers to pass federal, state, or local background investigations if they are to provide managed <br />services to the customer zone. <br />Virtustream offers an encryption at rest and encryption in transit managed service. This provides <br />an additional level of protection for customer's data within their VLAN, <br />All Virtustream employees with access to the IaaS are required to have hard drive encryption on <br />their laptops. Virtustream performs quarterly privileged user access reviews. <br />8.6.5 Offeror must provide a detailed list of the third -party attestations, reports, security credentials (e.g., <br />Fed Ramp), and certifications relating to data security, integrity, and other controls. <br />CA <br />APM <br />AWS EC2 datacenters annually undergo SOC 3 audits. <br />MAA <br />CA MAA is certified for SOC 2 Type 1 Security Audit. <br />CA Agile <br />N/A - we are working towards a NIST 800-53r4 certification but that is not yet <br />complete. <br />ASM <br />Rackspace datacenters annually undergo various certification including SOC 3 audits. <br />The application currently does not hold a Soc 2 attestation. <br />Goo le <br />SOC 1 SSAE 16 SOC 2 SOC 3 ISO 27001 ISO 27018 FedRAMP <br />AODocs <br />AODocs is certified SOC2 Type 2 <br />Virtru <br />Vulnerability Scan and Penetration Testing by Cigital and FedRamp In Process sponsored by US <br />Department of Interior <br />Salesforce <br />Salesforce has comprehensive privacy and security assessments and certifications performed by <br />multiple third parties. The following audits and their frequencies are performed: <br />ISO 27001 - Annually (3 year certification) <br />PCI-DSS - Annually <br />FedRAMP - Annually <br />SOC 1 (SSAE16/ISAE 3402, previously SAS 70) - Twice a year <br />SOC 2 & SOC 3 - Twice a year <br />Copies of our SOC reports can be provided to your Agency upon request and under NDA. <br />carahsoft 69 carahsoft <br />