HERNDON, VA, February 28, 2017 – Exostar, whose cloud-based solutions help companies in aerospace and defense, life sciences, and healthcare mitigate risk and solve their identity and access challenges, today announced it has augmented its enterprise collaboration solution to provide off-the-shelf compliance with the latest Government cybersecurity standards. Defense contractors and their subcontractors, suppliers, partners, and customers can use the multi-tenant, Software-as-a-Service solution to share documents containing covered defense information (CDI) with one another in accordance with Department of Defense (DoD) directives for local and network access.
These directives are an essential element of the 110 security controls identified in the recently-revised National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, which is incorporated by reference into the DoD’s Defense Federal Acquisition Regulations Supplement (DFARS) provision 252.204-7012. The provision defines how contractors and their geographically-distributed, multi-tiered supply chains must safeguard CDI from compromise. Failure to meet the provision by its deadline later this year will affect current and future contract awards.
Exostar’s defense community of over 130,000 organizations immediately can take advantage of a seamless, straightforward, cost-effective path to compliance. Current and future community members benefit from features that deliver a compelling user experience and align with the NIST/DFARS cybersecurity requirements, including:
- Web-based Single Sign-On (SSO) access through Exostar’s identity and access management platform, following completion of onboarding, identity proofing, and credentialing processes conducted by Exostar.
- Multi-Factor Authentication (MFA), where individuals must present trusted credentials for verification each time they initiate a session within the enterprise collaboration solution or each time they access a local copy of a document . Individuals who fail to present a valid credential when challenged are denied access on-the-spot.
- Digital Rights Management (DRM) that encrypts documents at-rest on the local device, only decrypting and opening them following a real-time check of document policies and user permissions. When documents are updated or access permissions are modified, the changes are enforced immediately and cascade to every copy of the document regardless of where it is stored, supporting stringent access, version, and distribution control.
“Encryption of documents at-rest in databases and in-transit between parties is insufficient in a sophisticated cyber threat landscape. The DFARS provision and NIST SP 800-171 standard reflect the need for protection to extend beyond systems and networks to local devices such as laptops, tablets, mobile phones, and USBs,” said Doug Russell, Exostar’s Vice President of Business Solutions. “Defense contractors large and small need an intuitive, high-performance, compliant solution to meet their internal and external collaboration needs, and that’s precisely what we deliver.”
Leading domestic and global defense contractors including Northrop Grumman, Huntington Ingalls Industries, Airbus North America, Rolls-Royce, and BAE Systems have relied on Exostar’s proven enterprise collaboration solution for nearly a decade. Today, the solution is hosted in US and UK data centers, supporting the secure intra- and inter-enterprise collaboration endeavors of over 50,000 users in 60 countries worldwide.