JAMIS Adheres To The Highest Industry Security Standards
JAMIS is one of the premier providers of software solutions tailored to the government contracting industry. This means that we take security very seriously. Whether it be JAMIS Prime ERP's source code, the risk management system we have in place, or the cloud servers that we host our applications on, we scrutinize every detail and ensure that we go above and beyond to help our customers meet all industry requirements and compliance standards.
With approximately 30 percent of all breaches occurring as a result of a vulnerability at the application layer, software purchasers are demanding more insight into the security of the software they are buying. CA Veracode Verified empowers JAMIS to demonstrate its commitment to creating secure software.
Organizations that have their secure development practice validated, and their application accepted into the Standard Tier, have demonstrated that the following security gates have been implemented into their software development practice:
- Assesses first-party code with static analysis
- Documents that the application does not allow flaws in first-party code
- Provides developers with remediation guidance when new flaws are introduced
NIST SP 800-171 (DFARS 252.204-7012)
JAMIS has applied the required risk management framework including conducting the activities of security categorization, security control selection and implementation, security control assessment, system authorization, and security control monitoring, and has taken the necessary steps in meeting data security standards and regulations of NIST SP 800-171 and DFARS 252.204-7012 for our customers.
Defense contractors routinely process, store and transmit sensitive federal information to assist federal agencies in carrying out their core missions and business operations. Federal information is also shared with state and local governments, universities and independent research organizations.
To keep this information secure, Executive Order 13556 established the Controlled Unclassified Information (CUI) Program to standardize the way the executive branch handles unclassified information that requires protection, such as personally identifiable information.
JAMIS has performed all of the mandatory procedures to meet the requirements of the Federal Information Security Modernization Act (FISMA) and meet or exceed the information security requirements established for executive agencies by the Office of Management and Budget (OMB) in Circular A-130, Appendix III, Security of Federal Automated Information Resources.
SSAE-16 SOC 1 and SOC 2
In the Spring of 2016, the AICPA’s Auditing Standards Board (ASB) completed the clarity project, the result of which was the issuance of SSAE 18, “Concepts common to all Attestation Engagements”. As the SOC 1 is an attestation engagement, the SSAE 18 standard will apply to SOC 1’s and supersedes the SSAE 16 standard. The SSAE 18 standard will go into effect for reports dated after May 1, 2017. It is important to note that the SSAE 16 standard was specific to service organizations and the SSAE 18 is for all attestation engagements which essentially means that referring to a SOC 1 as an SSAE 16 examination will go away and will not be replaced by the term SSAE 18 examination but will be referred to simply as the SOC 1.
As a Software-as-a-Service provider, JAMIS performs a formal annual risk assessment to ensure we meet all of the requirements to comply with this standard.
The Prime application has both role-based security and data restriction groups built-in. This allows for the security you need for your organizations critical data, as well as a personalized experience for your end users.
Prime allows you to set role-based rights by:
- Suite: Finance, Distribution, Configuration, etc.
- Module: General Ledger, Accounts Payable, etc.
- Screen: Any Prime screen
- Field: Any Prime field
- Field-value levels: Row-level security
JAMIS Prime enables a seamless user authentication experience for your users. Right out of the box, you can easily enable Microsoft’s Active Directory, Azure Active Directory, Microsoft Live ID, or Google’s OAuth 2.0 client IDs. You may also use other 3rd-Party solutions as well with a little more work, such as OneLogin.com.