Search Icon VIEW DEMO

Contact Us VIEW DEMO

MENUMENU
  • Products
    • JAMIS Prime ERPProduct Overview
      • Finance/Project AccountingCost Accounting For Government Contractors
      • Time and Expense ManagementTimesheets, Time Off Management, and Expense Reporting
      • Customer Relationship Management (CRM)Opportunity Lifecycle Management
      • Asset ManagementFixed Assets, Depreciation, and Government Property Management
    • Hide ItProduct Overview
      • Contract ManagementContract Lifecycle Management
      • Business Planning SuiteBid & Proposal, Budgeting, and Forecasting
      • Distribution ManagementRequisitions, Purchasing, and Inventory Management
      • Dashboards & Business IntelligenceReal-time Reporting, Inquiries, & Dashboards
    • JAMIS HumanicProduct Overview
      • Human Capital ManagementHR, Recruiting, Onboarding, Benefits, Compensation, and Learning
      • Payroll ManagementDomestic & International Payroll, & Outsourced Tax Services
  • Services
    • Implementation Services & Consulting
    • Customer Support
    • JAMIS Open University
    • JAMIS Cloud Service
    • System Customization
  • Resources
    • Why JAMIS?
    • Security
    • DCAA Compliance
    • Benefits By Role
    • Mobile Capabilities
    • Prime Insights Blog
  • Events
    • GovCon Webinar Series
    • JAMIS Summit
  • Company
    • About JAMIS
    • Company News
    • Management Team
    • Partners & Affiliates
    • Careers
    • Office Locations
    • Contact Us
  • Contact Us

Security

JAMIS Adheres To The Highest Industry Security Standards

JAMIS is one of the premier providers of software solutions tailored to the government contracting industry.  This means that we take security very seriously.  Whether it be JAMIS Prime ERP's source code, the risk management system we have in place, or the cloud servers that we host our applications on, we scrutinize every detail and ensure that we go above and beyond to help our customers meet all industry requirements and compliance standards.

Cybersecurity Maturity Model Certification (CMMC) Readiness

The U.S. Department of Defense (DOD) has recently announced the creation of a new Cybersecurity Maturity Model Certification (CMMC) program. The idea behind this new initiative is to provide a single unified standard under control by a neutral third party that all DoD Contractors will be required to meet in order to submit proposals for future new business. The CMMC will have maturity levels 1 - 5 that range from “Basic Cybersecurity Hygiene” to “Advanced”, with CMMC Level 1 being the easiest to obtain. All DoD Contractors will be required to pass an assessment/audit to officially obtain their required CMMC Level acknowledgement.

Update as of September 29, 2020: The vast majority of the rule focuses on DoD’s increased requirements for confirming that contractors are currently in compliance with all 110 security controls in NIST SP 800-171. Learn More >

 

Secure Software

With approximately 30 percent of all breaches occurring as a result of a vulnerability at the application layer, software purchasers are demanding more insight into the security of the software they are buying. CA Veracode Verified empowers JAMIS to demonstrate its commitment to creating secure software. Organizations that have their secure development practice validated, and their application accepted into the Standard Tier, have demonstrated that the following security gates have been implemented into their software development practice:

- Assesses first-party code with static analysis
- Documents that the application does not allow flaws in first-party code
- Provides developers with remediation guidance when new flaws are introduced

JAMIS Listing in the Veracode Verified Directory: https://www.veracode.com/verified/directory

Explainer Video on Veracode: View Video

NIST SP 800-171 (DFARS 252.204-7012)

The JAMIS Cloud Services Team has applied the required risk management framework including conducting the activities of security categorization, security control selection and implementation, security control assessment, system authorization, and security control monitoring, and has taken the necessary steps in meeting data security standards and regulations of NIST SP 800-171 and DFARS 252.204-7012 for our customers.

Defense contractors routinely process, store and transmit sensitive federal information to assist federal agencies in carrying out their core missions and business operations. Federal information is also shared with state and local governments, universities and independent research organizations.

To keep this information secure, Executive Order 13556 established the Controlled Unclassified Information (CUI) Program to standardize the way the executive branch handles unclassified information that requires protection, such as personally identifiable information.

JAMIS has performed all of the mandatory procedures to meet the requirements of the DFARS guidelines and meet or exceed the information security requirements established for Department of Defense (DoD) contractors.

 

SSAE-18 SOC 1 and SOC 2

SSAE (Statements on Standards for Attestation Engagements) SOC (Service Organization Control) reports were created by the AICPA (American Institute of Certified Public Accountants) in order to set compliance standards and keep pace with the rapid growth of cloud computing and businesses outsourcing their services to third-party providers.

The SSAE 18 SOC 1 report focuses on a service provider’s processes and controls that could impact their client’s internal control over their financial reporting (ICFR).  The SOC 2 is a separate report that focuses on controls at a service provider relevant to security, availability, processing integrity, confidentiality, and privacy of a system. It ensures that your data is kept private and secure while in storage and in transit and that it is available for you to access at any time.

The SOC 1 and SOC 2 reports come in two forms: Type I and Type II. Type I reports evaluate whether proper controls are in place at a specific point in time. Type II reports are done over a period of time to verify operational efficiency and effectiveness of the controls.

Multi-Factor Authentication

 

The U.S. Department of Defense’s new Cybersecurity Maturity Model Certification (CMMC) mandates that companies with a Level 3 CMMC requirement or higher to implement Multi-factor Authentication (MFA) to protect “controlled unclassified information” (CUI). JAMIS Prime version 7.0 is the only GovCon ERP offering native Multi-Factor Authentication as a turnkey solution.  We think it’s essential that your organization take the necessary steps to keep your data safe and secure. With JAMIS, you only have to enable the feature, without the hassle of implementing a 3rd party tool.

 

 

Copyright © 2020 JAMIS Software Corporation. All rights reserved. Legal | Sitemap
JAMIS Headquarters | 4909 Murphy Canyon Rd., Suite 460, San Diego, CA 92123
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Reject
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.