When organizations need to communicate sensitive information across traditional network boundaries, reaching those that may reside geographically or technically remote, they come to NC4 to address these challenges.
NC4 has several Software as a Service (SaaS) solutions that give public and private sector organizations a common, web-based platform for highly secure communication and secure collaboration. Our solutions bring diverse organizations flexible, compartmented environments configured with effective collaborative tools and functionality for exchanging critical information. Continuously striving to operate at a higher level of security, trust, service, technology and performance, NC4 focuses on eliminating the barriers to secure, collaborative information sharing. One of NC4's key success factors is the combination of collaboration with highly secure, mission-focused applications.
Security is the backbone of all of NC4's secure communication and collaboration solutions. Raising the security bar to the highest level, NC4 has a highly secure operating environment that is built to rigorous U.S. Government standards for a Sensitive Compartment Information Facility (SCIF). NC4 solutions support diverse authentication methods, including identity federation, Two-factor and Public Key Infrastructure (PKI) through strict registration protocols, authorized management, a human revalidation processes, and solution activity monitoring and reporting. Moreover, NC4 maintains a full-cycle security approach to ensure security from the inside out and outside in. This includes:
To ensure the security and integrity of its systems, NC4’s cloud computing environment implements formidable physical security controls. Even the most highly sophisticated software, encryption, and authentication will not provide the full cycle of security if the system itself is not physically secure.
SCIF Level Facilities: Data processing operations are conducted in Secure Operating Centers (SOCs) that meet or exceed the standards for U.S. Government Sensitive Compartmentalized Information Facilities (SCIF). These strict standards include perimeter protection, auditing, access control and intrusion alarms.
Top Security Professionals: NC4 employs leading security experts as well as technical experts to assure the most disciplined security procedures.
Secure Administrative Procedures: NC4 adheres to stringent administrative security procedures that meet or exceed Government requirements for sensitive data. These security procedures include documented policy, policy reviews, auditing and compliance oversight and reporting.
Cleared Staff: All NC4 staff with access to customer systems maintain U.S. Government Security clearances. Employees receive ongoing security education and training.
User/Administrator Awareness and Training: Often the most overlooked and important component of information security is training users. NC4's user base is trained to understand the solution environment, thereby ensuring compliance with current security policies.
A system is only as good as its weakest link. Therefore, all NC4 technology decisions focus on User Control to create a customizable, single sign-on interface for each client. Every solution incorporates a minimum of 128 bit-encrypted access to the applications (up to 256 bit-encryption). All the best authentication methods are supported, augmented by registration protocols, audited authorization management, human revalidation processes, activity monitoring, and reporting. NC4 solutions include the most advanced authentication techniques and are consistent with current government homeland security regulations.
PKI, RSA SecurID, Anakam (Equifax) “soft token” options − the option of integrating web-based biometric authentication can be provided as part of the customization process to meet the client's security requirements.
Hard enforcement of lockouts− after a specified number of failed logins, the user is locked out of the system to prevent a brute force attack. The unsuccessful user is not notified that their account is locked so as not to alert a potential intruder that they are being monitored. NC4's Support Center receives notification when a user is locked out of the system and appropriate action is taken, whether assisting the user in getting into the system or notifying a security administrator that unauthorized login is being attempted.
Enforced strong passwords − the systems can enforce strong passwords that meet or exceed U.S. Government standards. Password requirements are customized in accordance with the client's needs.
Human in the loop − the Support Center is available to assist users with logon problems, system questions and username/password resets. Users must verify the security information they supplied during registration in order to have their account credentials reset. The Support Center does not send out authentication information via email or other non-secure channels that may be intercepted by an unwanted third party.
The proprietary hardened systems architecture is proactively managed on a 24x7 basis. NC4's cloud computing environment utilizes advanced systems architecture designed to defeat the most sophisticated intrusion techniques. These designs were developed utilizing the U.S. Government's Computer Emergency Response Team's (CERT) extensive database of successful intrusions on supposedly secure systems. CERT is located at the Carnegie Mellon's Software Engineering Institute and is one of the front line resources in managing data security. The NC4 cloud computing architecture includes:
Multiple, in-line firewalls are enabled to accept only one protocol in (HTTPS) through only one open port. Each firewall uses a different technology such as packet filtering, proxy, stateful inspection, etc. Furthermore, each firewall is provided through a different manufacturer to defeat attacks that exploit known weakness by any one vendor.
Strong Encryption and Certification generate the strongest possible encryption, requiring an exponentially higher level of resource to crack. It is currently beyond the capability of any threat. Additionally, the crypto systems are easily upgradeable; so, as encryption attacks become a greater threat, it is a simple matter to increase the key length to thwart these attempts.
State Theft Protection a common attack in any system is the attempt of a user to change the level of permissions within the system, thereby gaining access to data or resources not normally provided. NC4's cloud computing application and state management strategy prevent users from changing the level of permissions they have within the system. In addition, on each user request, information is compared to the last known state of the user to determine if this is the same person, or someone in a different location trying to impersonate them. The system audits anomalies and reports them to administrators for action.
Proactive Monitoring utilizes multiple intrusion detection systems (IDS), front and back end monitoring, code integrity scanning, log file analysis, network status monitoring and application monitoring for the detection and tracing of suspicious probes back to their source.
Information Protection uses compartmentalization to separate workspaces and enforce need-to-know controls to further protect access to information inside an established workspace.
NC4 solutions incorporate a core set of tools to include robust functionality, an intuitive interface and the capability to compartmentalize data by individual users, organizations or customized groups. These tools enable our clients to manage projects, collaborate on areas of interest and to disseminate information quickly and easily to other participants. Core functionality includes:
Secure Messaging – secured email, requiring authentication to access and read messages, with internal and external notifications
Compartmented Library – a secure document repository, allowing for revision controls
Online Briefings – secure sharing of presentations in a common meeting space with moderation and interactive chat
Data Survey Wizard – a user configurable survey tool to collect information from users
Member Directory – user contact directory
Calendars – meeting and event scheduling
Forum Discussions – interactive blog and information repository
Wiki/Blogs – real-time collaboration and reference tools
RSS Feeds (Web 2.0) – ability to feed external information to the solution interface
*Specific for NC4’s ESP solution
In addition to the core tools, NC4 can also create customized applications designed specifically for each client. These applications are often built by NC4 from customer specifications and are typically hosted by NC4 in the NC4 Homeland Security Cloud. A few of these applications include:
Foreign National Management and Tracking System – visitor tracking and approvals through workflow management
Adverse Reaction Drug Reporting System –drug study/drug trial monitoring and tracking
Case Management System – tracking of suspicious activities, investigations and incidents
Centralized Scheduling System – course creation and scheduling, student evaluation tracking
Equipment Utilization Database – equipment database with reservation and purchase agent
The CyberCop portal was designed to provide an ultra-secure web-based environment to promote and facilitate the sharing of sensitive information among a cohesive network of law enforcement, first responders, homeland defense and law enforcement related professionals from all levels of government, including international, federal, state, local and the private sector.
The CyberCop portal is in use by over 10,000 law enforcement, emergency responders, computer forensic and technical professionals for coordination, case handling, warrant dissemination, document sharing and lessons learned. This initiative is partially funded by the Department of Homeland Security and is managed by organizational administrators from the High-tech Crime Consortium, the InfraGard National Member Alliance, the High Technology Crime Investigation Association, the Federal Law Enforcement Training Center and others.
This secure portal is committed to providing a safe and secure environment where ideas can be freely exchanged to aid individual efforts and to foster cooperative efforts in the fight against crime, terrorism and the security of the nation.
Extranet for Security Professionals (XSP)
The XSP portal "Bridges the Gap" between government and industry security professionals in the Aerospace, Defense and Intelligence community to securely exchange information, best practices, lessons learned, policy documents and other sensitive information. The XSP portal also hosts several security associations such as the Contractor SAP/SAR Working Group (CSSWG), Industrial Security Working Group (ISWG), and the OPSEC (Operations Security) Society. Over 600 government and private sector organizations utilize the portal to coordinate activities and to collaborate on security issues.
Pentagon Force Protection Agency (PFPA)
The Pentagon Force Protection Agency (PFPA), which was established by the Department of Defense after the attack on the Pentagon on September 11, 2001, serves as an out of band system that can support the Pentagon in case an event renders their existing infrastructure inaccessible. It allows law enforcement and emergency responders in the National Capital Region to quickly and securely disseminate threat information to the appropriate parties.
Department of Energy (DOE)
The Foreign National Visitor Tracking Portal allows DOE to track all of the incoming foreign national scientists who visit DOE facilities to participate in research and development projects.
Office of Personnel Management (OPM)
In support of its e-Clearance initiative, the Office of Personnel Management (OPM) engages most of the U.S. government agencies to obtain new requests for clearance investigations and to allow agencies to monitor the status of investigations. The OPM portal provides encrypted access to existing OPM databases and permits clients to use a friendly web interface to manage the clearance request process. In addition to tying together the systems using a common, secure interface, the system allows OPM to maintain its legacy systems.
Department of Homeland Security - United States -
Computer Emergency Readiness Team (US-CERT)
The US-CERT solution provides a venue for US-CERT’s public and private sector partnership for the purpose of enhancing the prevention of and response to cyber threats and vulnerabilities. US-CERT uses NC4 solutions for collaboration with its partners and also utilizes custom applications that provide direct access to tools that report on Internet health.
NC4 solutions deliver significant beneﬁts:
Globally-accessible – Anyone with a current browser and an Internet connection can establish a highly secure session to retrieve, share and collaborate on critical information issues. Users can access a solution’s collaborative tools from almost anywhere – from an office network, a home connection or even through most Internet-accessible Blackberrys or Personal Digital Assistants (PDAs) – with no additional software or hardware beyond a current web browser.
Proven Security – NC4 emphasizes security throughout all of its technology practices and strives to ensure that security does not compete with functionality. We approach security by constantly and continuously modifying the hardware, software, network environment, security tools and monitoring capabilities in accordance with a rigid configuration management process to ensure that the highest possible capability is being provided to each and every client. Stringent physical security, strong user security and hardened system architecture contribute to this approach.
Cost Savings – Clients can leverage the cost savings benefits and the expertise of a focused, trusted security SaaS provider without having to hire additional in-house talent. This model complements an existing network infrastructure and provides for more reliable budget and resource planning. It leverages the ubiquity of the Internet without compromising security and simultaneously eliminates client system administration costs and additional staffing requirements.
Quick Provisioning – NC4 SaaS solutions are architected so they can be provisioned quickly and effectively to meet our customer needs. This reduces requirement-to-operations time, allowing customer projects and needs to be fulfilled in a timely manner, improving customer satisfaction, and mitigating development cycles and overall costs.
Full-service Support Center – NC4 provides a dedicated Support Center managing support requests. The Support Center is staffed with knowledgeable personnel skilled in handlingall NC4 solution questions. In addition, clients may take advantage of the online tracking system on the NC4 Support site (https://support.nc4.us) which allows them to conveniently submit support requests and monitor resolution progress. NC4 consistently receives high ratings on the Support Center for prompt service, excellent communication during an event or activity and personable staff member performance.