ITAR Compliant Data Exchange

Similar documents
MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Okta/Dropbox Active Directory Integration Guide

Security Policy JUNE 1, SalesNOW. Security Policy v v

FileCloud Security FAQ

NETWRIX EVENT LOG MANAGER

IIS, FTP Server and Windows

How To Use Egnyte

Secure Data Hosting. Your data is our top priority.

SECURITY DOCUMENT. BetterTranslationTechnology

Print4 Solutions fully comply with all HIPAA regulations

USC Marshall School of Business ShareFile_With_Outlook_Client_v2.docx 6/12/13 1 of 9

SETTING UP REMOTE ACCESS ON EYEMAX PC BASED DVR.

Group Management Server User Guide

Tableau Online Security in the Cloud

System Administration Training

User Guide. Version R91. English

FileMaker Server 13. Getting Started Guide

System Administration Training Guide. S100 Installation and Site Management

Advanced Configuration Steps

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Synchronization Agent Configuration Guide

Polycom CMA System Upgrade Guide

User's Guide. Product Version: Publication Date: 7/25/2011

Software Update Bulletin

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

owncloud Architecture Overview

USERS MANUAL FOR OWL A DOCUMENT REPOSITORY SYSTEM

Configuration Guide. BES12 Cloud

Introweb Remote Backup Client for Mac OS X User Manual. Version 3.20

QUANTIFY INSTALLATION GUIDE

MultiSite Manager. User Guide

NETWRIX USER ACTIVITY VIDEO REPORTER

Architecture, Implementations, Integrations, and Technical Overview

owncloud Architecture Overview

Xerox DocuShare Security Features. Security White Paper

Installation and Setup: Setup Wizard Account Information

Live Guide System Architecture and Security TECHNICAL ARTICLE

Security Controls for the Autodesk 360 Managed Services

TeamViewer 9 Manual Management Console

PRiSM Security. Configuration and considerations

FileMaker Server 15. Getting Started Guide

Adobe Digital Publishing Security FAQ

Getting Started With SAM Director SAM Director User Guide

Introduction to Directory Services

by New Media Solutions 37 Walnut Street Wellesley, MA p f Avitage IT Infrastructure Security Document

Intunex Oy Skillhive Service Description 1 / 6

Secure Installation and Operation of Your Xerox Multi-Function Device. Version 1.0 August 6, 2012

Introduction to the Mobile Access Gateway

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

Use of Exchange Mail and Diary Service Code of Practice

How To Secure Your Data Center From Hackers

Xerox Digital Alternatives Security and Evaluation Guide. May 2015 Version 1.1

qliqdirect Active Directory Guide

Mobile Device Management Version 8. Last updated:

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

Password Reset PRO INSTALLATION GUIDE

OutDisk 4.0 FTP FTP for Users using Microsoft Windows and/or Microsoft Outlook. 5/1/ Encryptomatic LLC

Tableau Server Security. Version 8.0

Security Information & Policies

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

FileMaker Security Guide The Key to Securing Your Apps

Blue Jeans Network Security Features

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Administration Guide. WatchDox Server. Version 4.8.0

ShareFile Security Overview

Sysax Multi Server User manual

Famly ApS: Overview of Security Processes

10 Ways to Avoid Ethics Dangers in the Cloud

Projectmates User Guide for Montclair State University Facilities Construction Projects

Media Shuttle s Defense-in- Depth Security Strategy

fåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé

NEFSIS DEDICATED SERVER

SECUR IN MIRTH CONNECT. Best Practices and Vulnerabilities of Mirth Connect. Author: Jeff Campbell Technical Consultant, Galen Healthcare Solutions

Cloud Services MDM. ios User Guide

SaaS Security for Confirmit Horizons

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Soonr Workplace Enterprise Plan Overview

Security Overview Enterprise-Class Secure Mobile File Sharing

McAfee Endpoint Encryption for PC 7.0

Projectplace: A Secure Project Collaboration Solution

Installing and configuring Microsoft Reporting Services

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Installation Guide. SafeNet Authentication Service

Audit Management Reference

Product Manual. MDM On Premise Installation Version 8.1. Last Updated: 06/07/15

NETWRIX EVENT LOG MANAGER

MS 10972A Administering the Web Server (IIS) Role of Windows Server

Installation Guide for contineo

Copyright 2013, 3CX Ltd.

Getting Started With Halo for Windows

HP A-IMC Firewall Manager


CTERA Agent for Mac OS-X

NetWrix SQL Server Change Reporter

PI Cloud Connect Overview

WatchDox Administrator's Guide. Application Version 3.7.5

GE Measurement & Control. Remote Comms System. Installation and User Reference Guide

Sonian Getting Started Guide October 2008

NSi Mobile Installation Guide. Version 6.2

Transcription:

ITAR Compliant Data Exchange Managing ITAR Data Across Collaborative Project Teams

WebSpace Customers Aerospace & Defense Manufacturing High Tech & Contract Manufacturing Automotive Manufacturing Medical/ Pharmaceutical Services/ Oil & Gas/Other 2

ITAR & EAR Regulations The International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR) were established by the U.S. Dept. of State to control the export of defense related technology and services. Specifically, all information and material related to ITAR Controlled Technology must be safeguarded from access by non U.S. persons unless a special license or exemption is obtained from the Dept. of State. WebSpace was architected from its inception (with funding from DARPA and input from the NSA) to provide a Private Cloud environment for secure, ITAR compliant content management and multi company collaboration. 3

WebSpace Platform = Private Cloud Solution Each WebSpace server is dedicated to a single host company and their designated trading partners Security model and hosting infrastructure specifically designed by leading aerospace and automotive manufacturers to support multi company project teams. Improves program execution while helping maintain ITAR compliance thru rapid deployment of secure, online project repositories. Low administrative overhead and economical subscription based licensing model. dl Outstanding track record of reliability and support 4

Core Platform Functionality Secure multi company project areas for cross firewall file sharing Document lifecycle management with enforced electronic approvals Action Item Manager Discussion forums Robust Reporting Full Text Search Engine with Security Filtering Flexible Administration Features Workflow driven eforms 5

3 Tier Architecture Data Center (or Customer Intranet) Firewall 1 Firewall 2 DMZ Internet DatabaseTier Application Tier Web Tier Port 1521 or 1443 Port 6802 HTTPS over Port 443 Remote Users Oracle or MS SQL Server Application Server with Java Servlet Engine called Resin Apache or IIS Web Server Active Directory Server (On premises installations only.) J2EE Application Supports all modern browsers You Host or We Host You Decide 6

Physical Security Data Center $100M SAS 70 Type II Certified Co Location Facility owned by AT&T with state of the art security, fire suppression, and backup power systems. On Internet backbone with fiber connections to all major telecom providers Strict physical access controls to facility, with no access to cages by non U.S. persons. 24/7 server monitoring and intrusion detection Nightly incremental tape backups and weekly full backups. Encrypted backup tapes moved to off site Iron Mountain storage facility every 30 days. Dedicated hardware and storage for our enterprise clients. Complete segregation of your dt data is provided. d Easy to move your data dt in house at any time. 7

Authentication Username and password authentication Password options include: Minimum and Maximum Password Ages Password length and format requirements Account lockouts after a configurable number of failed login attempts Automatic account deactivation i after a configurable duration of inactivity i i Optional Forgot Password function with configurable Password Hint options Ability to force re authentication upon approval of a workflow assignment. Customers who install WebSpace on premises can sync WebSpace user directory with Active Directory and optionally enable single sign on with their AD server. WebSpace also supports mixed mode authentication whereby internal users are authenticated against Active Directory and external users are authenticated via WebSpace WebSpace can also be customized for customers that require 2 factor authentication (i.e. username/password + FIPS 140 2 certified hardware token or biometric device). 8

Data Transmission WebSpace guarantees the integrity of all data, content and messages during transmission & storage. Cyclic Redundancy Checking (CRC), Digital Certificates and 1024 bit SSL encryption protects data and insures it hasn t been corrupted during transmission. 9

Email Notifications Users are alerted to new documents, document revisions, task assignments and discussion threads via email notifications. Emails sent from the WebSpace server never contain attachments, only links to reference documents. Anyone following such a link is first prompted to authenticate prior to gaining access to the document. All email notifications from server are logged Customer specific legal/disclaimer text can be added to both the email notifications and the login page to alert recipients of ITAR regulations. Upon first login, users must accept a Click through Agreement which can be modified to include customer specific terms of use. 10

User Management User Management on the WebSpace server can be: 1. Centralized and handled by one or more Server Admins who create separate companies on the server and add users to them. 2. Delegated across multiple Company Admins who can only administer users within their own company. User management is clearly l segregated tdfrom permissions i management in WebSpace. Server Administrators designate who can create and manage secure project areas containing ITAR and non ITAR data. The creator of a secure project area is called the Project Owner. The Project Owner retains sole control over what users are granted membership to their project area and what access rights each user has. (Even Server Admins do not gain access unless explicitly invited.) 11

Restricted User Safeguard Server Administrators can flag non U.S. persons as Restricted Users and ban them from Restricted Projects containing ITAR data Restricted users can not be inadvertently invited to Restricted Projects by Project Owners. This provides a secondary safeguard (beyonduser access permissions within a project area) to prevent ITAR violations. 12

Company Visibility Settings Server Administrators can also establish whether users from certain companies have visibility to each other within a secure Project Area. When users from different companies are members of the same secure project area, it is not always appropriate for them to be aware of one another. In competitive bidding or other situations, protecting user identities is paramount. Company visibility settings can keep suppliers and customers anonymous within competitive projects. 13

Permissions Management Content access permissions can be granted to individuals or roles within a secure project area, and can be established all the way down to the individual document level if desired. Default permissions are set at the top level of a project and are then inherited by folders and sub folders within that project. Setting user permissions to None at the top level of a project insures that access rights must be explicitly set at the individual folder level (a best practice in ITAR data environments). A Permissions view on every folder, document, task list, and eform within the project quickly identifies what users and/or roles have access to that the selected object. This view includes each user s company affiliation. A Project Permissions Report allows Project Owners to quickly identify what information a user can see across all objects in the project. Report allows display of explicit permissions, inherited permissions, or both. 14

This Project Permissions Report makes it easy to determine what content users or roles have access to within the project. 15

Secure Linking A Secure Link function allows a document to be shared without changing its permission settings or the permissions of its parent folder. Simply paste a link to a document in another folder, and that link will point users to the latest revision of the source document without letting them see anything else in the parent folder. Worth Noting The Links view of a document lists all the links to the document that have been placed elsewhere on the server. One or all of the existing links can be deleted from this view. 16

Auditing All user activity on the server is audited In the event that inadvertent access is granted to ITAR data or documents within a secure project area, robust audit reports allow admins to determine who actually accessed, viewed, and/or downloaded the information (and when). 17

Audit Scenarios Verify when and who inadvertently uploaded a document to the wrong project or folder. Verify whether a non U.S. person actually accessed and viewed a document during a time when it was mistakenly made available to them. Verify which secure projects areas certain users have been granted membership to. Verify what permissions users or roles have within given project areas. Verify what users have actually logged into the server from various companies during a given time frame and determine what IP address they came from. Verify how many distinct users have logged into the server during a given time period and what companies they are associated with. Verify how many active user accounts are currently enabled for each company on the server, and when each user last logged on. 18

Search Result Security Filtering A powerful full text search engine indexes documents immediately upon upload. Search results are filtered based on a user s project memberships and document permissions. (Users see only results they have the right to view or download.) 19

Workflow Driven eforms WebSpace can configure easy to use eforms with associated workflows to automate the review and approval of data export requests, system access requests, or other processes. All requests processed through WebSpace can be reported on, allowing real time visibility bl into pending approvals. Reporting also provides historical verification of all completed requests. 20

Task Manager A powerful Task Manager within each secure project area allows tasks/action items to be assigned and managed across your distributed project team. Tightly integrated with the document repository, tasks can contain linked reference attachments and can be used to collect critical document deliverables by assigned due dates. Tasks can be created manually or can be imported from a template, and each task can have one or more approvers who must approve the task prior to completion. A dashboard view shows real time task status information and allows for rapid task editing in a spreadsheet like user interface. 21

Exporting Projects Upon the termination of a project or program managed in WebSpace, it s important to be able to export your project data in a neutral format. For a professional services fee, WebSpace project meta data can be exported in a.xml file along with all project documents in an associated.zip file and shipped to customer on DVD or USB drive. Included on DVD or USB drive is a basic data browser that allows you to search and browse the XML project data file outside the system. Fee based on current hourly professional services rate. If needed, the exported XML project file can be imported back into the production server at a later date. Note: Any project export file re imported back into WebSpace will be stripped of its previous membership list and access permissions. Users will need to be re invited to the project after import and granted the appropriate access rights. 22

ITAR Best Practices 2 Approaches Option 1 Option 2 Flag all Non U.S. Persons on your server as Restricted Users. Store/share ITAR data only within Restricted WebSpace Project areas. Restricted WbS WebSpace Projects are completely ltl off limits it to Restricted t dusers. Simple to administer, but prevents you from having a mix of U.S. and non U.S. persons in the same Project. No risk of granting the wrong document access rights to a Non U.S. Person within a Project. In lieu of using the Restricted user flag, Server Admin(s) should group all Non U.S. persons in the WebSpace User Directory within special Departments/Organizations under each Company listing. Each WebSpace Project Owner should then create a U.S. Persons and a Non U.S. Persons role within their Project. To grant someone project membership, they should be added to one of these two roles from the WebSpace User Directory. Project Owners should use these roles to establish folder access permissions within their Project. This approach requires a few more administration steps, but it allows for a mix of U.S. citizens/greencard holders and non U.S. citizens/greencard holders in the same Project while maintaining proper access control. 23

ITAR Best Practices (Option 1) Restricted Projects/Users WebSpace Server Server Admin: Sets up Companies, Departments, and Users. All Non U.S. Persons are flagged as Restricted users by the server Admin. Once flagged as Restricted they can never be added to a Restricted project area on the server. Company A Company B Company C Organization/Department User 1 Unrestricted User 2 Unrestricted Organization/Dept. within Company A Organization/Department User 3 Unrestricted User 4 Restricted Organization/Dept. within Company B Organization/Department User 5 Unrestricted User 6 Restricted Organization/Dept. within Company C Project Members: Project X (Restricted Project Area) Company A Company B Company C User 1 User 2 User 3 User 5 Project Owner: Creates Restricted project area with folder structure to contain ITAR data. Project Owner is prevented from inviting any users to their project who have been flagged as Restricted by the Server Admin. ITAR Docs User 1 User 2 (Read Write) (Read Only) User 3 (Read Write) User 5 (No Permission) 24

ITAR Best Practices (Option 2) Unrestricted Projects WebSpace Server Server Admin: Sets up companies and users and groups all users in each company within Organizations/Departments. These groupings are used to segregate individuals based on their U.S. citizenship/greencardstatus. Company A Company Admins: The Server Admin can assign company specific admins to assist with user management. Company C Organization/Department Organization/Department Organization/Department U.S. Persons Non U.S. Persons U.S. Persons Non U.S. Persons U.S. Persons Non U.S. Persons User 1 User 4 User 5 User 7 User 8 User 10 User 2 User 6 User 9 User 11 Project Members: ITAR Docs Project X (Unrestricted Project Area) U.S. Persons Project Role User 1 User 5 User 4 U.S. Persons Role (Read Write) Non U.S. Persons Project Role Non U.S. Persons Role (No Permission) User 7 User 11 Project Owner: Creates Unrestricted project area and invites both U.S. and Non U.S. Persons to their project by browsing companies setup by Server Admin. Uses Project Roles to control access rights to specific folders containing ITAR data. Non ITAR Docs U.S. Persons Role (Read Write) Non U.S. Persons Role (Read Write) 25

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information