Information Assurance Compliance
Risk management and protection
Daqscribe implements internal QA processes as part of its Information assurance (IA) framework to protect against and manage risk related to the use, storage, and transmission of data. IA practices are conducted through the Security Compliance Framework and Cybersecurity Compliance.
Security compliance framework
Daqscribe maintains an information security framework through a series of documented agreed and understood policies, procedures, and processes that define how information is managed in business, to lower risk and vulnerability, and increase confidence in information security.
Cybersecurity Compliance Services
Frameworks for cybersecurity will typically provide recommendations on implementing and managing the various aspects of a security program, access control, authentication, encryption, monitoring, reporting, incident response, and risk management.
US Government Standards. Daqscribe’s internal IA practices are designed and tested to meet stringent industry standards. These standards include:
Security Technical Implementation Guide. STIGS protect against hacks to sensitive and highly confidential government assets. As part of its IA commitment to its government customers (Aerospace + Defense), Daqscribe systems can be built to comply with STIG standards and follow the rules set up by the government for installing IT systems.
SED – FIPS
Self-Encrypting Drives – Federal Information Processing Standards. Other US Government standards utilized by Daqscribe are FIPS, in particular FIPS 140-2. FIPS 140-2 applies to any product that might store or transmit sensitive data. This standard ensures that a product uses sound security practices, such as strong encryption algorithms and methods. It also specifies how individuals (or other processes) must be authorized in order to utilize the product, and how modules or components must be designed to securely interact with other systems. FIPS 140-2 uses Level 2 security, requiring role-based authentication (not individual user authentication), as well as the ability to detect tampering by using physical locks and tamper-evident seals.