ACVITS on Data Safety and Security.

Protecting the customer’s data is a collaborative effort by the customer, Amazon AWS services, and OOAC LLC.  We have strictly followed the security policies from the Amazon AWS’s best in class enterprise security standard to protect our customer’s data.  Some of the highlighted security settings are listed below.

Captcha

ACVITS login page has a Captcha response test challenge to determine whether the user is human. After three invalid logins, the system automatically locks the user account for a short interval. As a security best practice the Captcha setting is designed to defend from bad Bot attacks.

Password Policy

The US Department of Defense (DoD), STIG password policy recommends 12 to 16 characters length password, a case-sensitive 8-character mix of uppercase letters, lower case letters, numbers, and special characters (DoDI 8500.2). This minimum complexity is reiterated by CJCSM 6510.01, C-A, Section 4.  ACVITS minimum password length is 12 characters and can extend to 50 characters.

Data Encryption at Rest

ACVITS files at rest are encrypted using 256-bit Advanced Encryption Standard (AES).

Data Encryption at Transit

Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protects data in transit between the application interface and your AWS instance.

Topology Diagram

The diagram shows the secure network with a security group, IAM Policy within a VPC subnet.

Two-Step Verification

ACVITS’s two-step verification is enforced whenever a user account is modified, thus protecting user identification information.

Session Timeout

The Automatic session timeout based on customer’s session time out policy.

Durability and Availability

ACVITS uses Amazon AWS S3 storage of 99.999999999%  durability, objects are stored across multiple Availability Zones at different parts of the country.  The storage S3 comes with low latency and high throughput performance.

Automatic Backup

ACVITS runs an automatic database backup and stores backup files in S3 storage for 14 days.

Stateful Security

ACVITS comes with stateful security group with HTTP and HTTPS ports open to the world.  During the product install, the customer sets the SSH port to a private IP address only available from the customer’s network.  The SSH access to the server is only possible from the defined private IP address and with a key pair created by the customer.

Easy to Migrate

ACVITS allows the content administrator to download the files in native format.  This feature gives the customer, the control and an ability to move out of the system.

Simple Subscription Model 

ACVITS Pay-As-You-Go (PAYG) license model offers the freedom to exit from the subscription with no penalty.

Our cardinal principle is that all contents are important, should be encrypted, authentic, audited and available within the customer’s chosen network.