JAMIS Adheres To The Highest Industry Security Standards

JAMIS is one of the premier providers of software solutions tailored to the government contracting industry.  This means that we take security very seriously.  Whether it be JAMIS Prime ERP's source code, the risk management system we have in place, or the cloud servers that we host our applications on, we scrutinize every detail and ensure that we go above and beyond to help our customers meet all industry requirements and compliance standards.

The U.S. Department of Defense (DOD) has recently announced the creation of a new Cybersecurity Maturity Model Certification (CMMC) program. The idea behind this new initiative is to provide a single unified standard under control by a neutral third party that all DoD Contractors will be required to meet in order to submit proposals for future new business. The CMMC will have maturity levels 1 - 5 that range from “Basic Cybersecurity Hygiene” to “Advanced”, with CMMC Level 1 being the easiest to obtain. All DoD Contractors will be required to pass an assessment/audit to officially obtain their required CMMC Level acknowledgement.

Update as of September 29, 2020: The vast majority of the rule focuses on DoD’s increased requirements for confirming that contractors are currently in compliance with all 110 security controls in NIST SP 800-171. Learn More >

With approximately 30 percent of all breaches occurring as a result of a vulnerability at the application layer, software purchasers are demanding more insight into the security of the software they are buying. CA Veracode Verified empowers JAMIS to demonstrate its commitment to creating secure software. Organizations that have their secure development practice validated, and their application accepted into the Standard Tier, have demonstrated that the following security gates have been implemented into their software development practice:

- Assesses first-party code with static analysis
- Documents that the application does not allow flaws in first-party code
- Provides developers with remediation guidance when new flaws are introduced

JAMIS Listing in the Veracode Verified Directory: https://www.veracode.com/verified/directory

Explainer Video on Veracode: View Video

The JAMIS Cloud Services Team has applied the required risk management framework including conducting the activities of security categorization, security control selection and implementation, security control assessment, system authorization, and security control monitoring, and has taken the necessary steps in meeting data security standards and regulations of NIST SP 800-171 and DFARS 252.204-7012 for our customers.

Defense contractors routinely process, store and transmit sensitive federal information to assist federal agencies in carrying out their core missions and business operations. Federal information is also shared with state and local governments, universities and independent research organizations.

To keep this information secure, Executive Order 13556 established the Controlled Unclassified Information (CUI) Program to standardize the way the executive branch handles unclassified information that requires protection, such as personally identifiable information.

JAMIS has performed all of the mandatory procedures to meet the requirements of the DFARS guidelines and meet or exceed the information security requirements established for Department of Defense (DoD) contractors.

SSAE (Statements on Standards for Attestation Engagements) SOC (Service Organization Control) reports were created by the AICPA (American Institute of Certified Public Accountants) in order to set compliance standards and keep pace with the rapid growth of cloud computing and businesses outsourcing their services to third-party providers.

The SSAE 18 SOC 1 report focuses on a service provider’s processes and controls that could impact their client’s internal control over their financial reporting (ICFR).  The SOC 2 is a separate report that focuses on controls at a service provider relevant to security, availability, processing integrity, confidentiality, and privacy of a system. It ensures that your data is kept private and secure while in storage and in transit and that it is available for you to access at any time.

The SOC 1 and SOC 2 reports come in two forms: Type I and Type II. Type I reports evaluate whether proper controls are in place at a specific point in time. Type II reports are done over a period of time to verify operational efficiency and effectiveness of the controls.