SECURITY
Learn More
Related Posts
- JAMIS’ Customer, Cask Government Services; One of Only Four Authorized as a CMMC Third Party Assessor Organization (C3PAO) by the CMMC-AB
- JAMIS Customer Edwards Performance Solutions is the First Licensed Partner Publisher to Have Their Training Curriculum Accepted by the CMMC-AB
- JAMIS Harnesses Power of Cyber Security Experts to Form CMMC Readiness Group
Webinars
ERP Security, the CMMC, and Navigating the Modern Landscape
Watch On-Demand Video
JAMIS Provides Enterprise-Grade Data Protection for GovCon
JAMIS is committed to providing the most secure code on the market, and that is why we are happy to disclose how we take care of our code. In addition, JAMIS Prime is the first ERP in the GovCon space to deliver built-in multi-factor authentication, increasing your protections against cyber criminals.
JAMIS believes in ensuring our team is doing the right thing with the security of your data and delivering a world class solution. Part of this commitment means having an independent expert validate our Security and Compliance posture.
JAMIS Security and Compliance:
Cybersecurity Maturity Model Certification (CMMC)
The U.S. Department of Defense (DOD) recently updated the Cybersecurity Maturity Model Certification (CMMC) program with a version 2.0. The idea behind this initiative is to merge several cybersecurity control standards, including NIST SP 800-171, into a single, unified standard. The DOD will ultimately place CMMC requirements into its contracts, and the CMMC Accreditation Body (CMMC-AB) is the third-party entity that issues the accreditations to assessors. Once CMMC 2.0 is codified through rulemaking, the Department will require companies to adhere to the revised CMMC framework according to requirements set forth in regulation.
JAMIS is actively incorporating the CMMC 2.0 framework as it becomes available into its JAMIS Cloud compliance and security posture.
NIST SP 800-171 (DFARS 252.204-7012)
The JAMIS Cloud Services Team has applied the required risk management framework including conducting the activities of security categorization, security control selection and implementation, security control assessment, system authorization, and security control monitoring, and has taken the necessary steps in meeting data security standards and regulations of NIST SP 800-171 and DFARS 252.204-7012 for our customers.
Defense contractors routinely process, store and transmit sensitive federal information to assist federal agencies in carrying out their core missions and business operations. Federal information is also shared with state and local governments, universities and independent research organizations.
To keep this information secure, Executive Order 13556 established the Controlled Unclassified Information (CUI) Program to standardize the way the executive branch handles unclassified information that requires protection, such as personally identifiable information.
JAMIS has performed all of the mandatory procedures to meet the requirements of the DFARS guidelines and meet or exceed the information security requirements established for Department of Defense (DoD) contractors.
SSAE-18 SOC 1 and SOC 2
SSAE (Statements on Standards for Attestation Engagements) SOC (Service Organization Control) reports were created by the AICPA (American Institute of Certified Public Accountants) in order to set compliance standards and keep pace with the rapid growth of cloud computing and businesses outsourcing their services to third-party providers.
The SSAE 18 SOC 1 report focuses on a service provider’s processes and controls that could impact their client’s internal control over their financial reporting (ICFR). The SOC 2 is a separate report that focuses on controls at a service provider relevant to security, availability, processing integrity, confidentiality, and privacy of a system. It ensures that your data is kept private and secure while in storage and in transit and that it is available for you to access at any time.
The SOC 1 and SOC 2 reports come in two forms: Type I and Type II. Type I reports evaluate whether proper controls are in place at a specific point in time. Type II reports are done over a period of time to verify operational efficiency and effectiveness of the controls.
Multi-Factor Authentication
The U.S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) will require that companies implement Multi-factor Authentication (MFA) to protect “controlled unclassified information” (CUI). JAMIS Prime version 7.0 is the only GovCon ERP offering native Multi-Factor Authentication as a turnkey solution. We think it’s essential that your organization take the necessary steps to keep your data safe and secure. With JAMIS, you only have to enable the feature, without the hassle of implementing a 3rd party tool.
Secure Code
With approximately 30 percent of all breaches occurring as a result of a vulnerability at the application layer, software purchasers are demanding more insight into the security of the software they are buying. CA Veracode Verified empowers JAMIS to demonstrate its commitment to creating secure software. Organizations that have their secure development practice validated, and their application accepted into the Standard Tier, have demonstrated that the following security gates have been implemented into their software development practice:
- Assesses first-party code with static analysis
- Documents that the application does not allow flaws in first-party code
- Provides developers with remediation guidance when new flaws are introduced
JAMIS Listing in the Veracode Verified Directory: https://www.veracode.com/verified/directory
Explainer Video on Veracode: View Video