JAMIS Adheres To The Highest Industry Security Standards

JAMIS is one of the premier providers of software solutions tailored to the government contracting industry.  This means that we take security very seriously.  Whether it be JAMIS Prime ERP's source code, the risk management system we have in place, or the cloud servers that we host our applications on, we scrutinize every detail and ensure that we go above and beyond to help our customers meet all industry requirements and compliance standards.

The U.S. Department of Defense (DOD) recently initiated the Cybersecurity Maturity Model Certification (CMMC) program. The idea behind this initiative is to merge several cybersecurity control standards, including NIST SP 800-171, into a single, unified standard. The DOD will put CMMC requirements into its contracts, and the CMMC Accreditation Body (CMMC-AB) is the third-party entity that issues the accreditations to assessors. All DoD Contractors will be required to pass an assessment/audit to officially obtain their required CMMC Level acknowledgement.

JAMIS is actively incorporating the CMMC framework into our security and compliance posture the JAMIS Cloud, and has planned support for CMMC Level 3.

With approximately 30 percent of all breaches occurring as a result of a vulnerability at the application layer, software purchasers are demanding more insight into the security of the software they are buying. CA Veracode Verified empowers JAMIS to demonstrate its commitment to creating secure software. Organizations that have their secure development practice validated, and their application accepted into the Standard Tier, have demonstrated that the following security gates have been implemented into their software development practice:

- Assesses first-party code with static analysis
- Documents that the application does not allow flaws in first-party code
- Provides developers with remediation guidance when new flaws are introduced

JAMIS Listing in the Veracode Verified Directory: https://www.veracode.com/verified/directory

Explainer Video on Veracode: View Video

The JAMIS Cloud Services Team has applied the required risk management framework including conducting the activities of security categorization, security control selection and implementation, security control assessment, system authorization, and security control monitoring, and has taken the necessary steps in meeting data security standards and regulations of NIST SP 800-171 and DFARS 252.204-7012 for our customers.

Defense contractors routinely process, store and transmit sensitive federal information to assist federal agencies in carrying out their core missions and business operations. Federal information is also shared with state and local governments, universities and independent research organizations.

To keep this information secure, Executive Order 13556 established the Controlled Unclassified Information (CUI) Program to standardize the way the executive branch handles unclassified information that requires protection, such as personally identifiable information.

JAMIS has performed all of the mandatory procedures to meet the requirements of the DFARS guidelines and meet or exceed the information security requirements established for Department of Defense (DoD) contractors.

 

SSAE (Statements on Standards for Attestation Engagements) SOC (Service Organization Control) reports were created by the AICPA (American Institute of Certified Public Accountants) in order to set compliance standards and keep pace with the rapid growth of cloud computing and businesses outsourcing their services to third-party providers.

The SSAE 18 SOC 1 report focuses on a service provider’s processes and controls that could impact their client’s internal control over their financial reporting (ICFR).  The SOC 2 is a separate report that focuses on controls at a service provider relevant to security, availability, processing integrity, confidentiality, and privacy of a system. It ensures that your data is kept private and secure while in storage and in transit and that it is available for you to access at any time.

The SOC 1 and SOC 2 reports come in two forms: Type I and Type II. Type I reports evaluate whether proper controls are in place at a specific point in time. Type II reports are done over a period of time to verify operational efficiency and effectiveness of the controls.