5
Protecting Controlled Unclassified Information (CUI) The clock is ticking on the latest cloud compliance mandate: NIST Special Publication 800-171, otherwise known as DFARS (Defense Federal Acquisition Regulation Supplement). Any organization or contractor that holds or processes unclassified Department of Defense (DoD) data must ensure that they comply with this new DFARS clause. Organizations working with the DoD are already used to applying stringent controls to systems that manage classified data, but with DFARS guidance this now extends to unclassified systems that are owned, operated by a contractor that process, store, or transmit covered defense information. is can have wide-reaching consequences for the contractor who now must extend the security controls across a larger number of systems than in the past. is mandate is designed to protect sensitive government information from being destroyed, compromised, or stolen while residing in or transiting through Information and Communication Technology (ICT) systems as it’s shared between federal agencies and vendors. is mandate applies to organizations that create, process, store or transmit CUI, or that provide security protection for these components. NIST is a very important piece of document and email security compliance in a time when cyberattacks are becoming more and more prevalent. GigaCloud for DoD Supply Chain Delivers Secure Collaboration on Virtually any Device e GigaTrust TM GigaCloud for DOD Supply Chain for secure endpoint email and document collaboration provides numerous features and functions to enterprise and government users. With GigaCloud for DOD Supply Chain, a redundant infrastructure is provided to persistently protect content (at rest, in transit, and in use) no matter how or where the content travels or is stored. GigaCloud for DOD Supply Chain is FIPS 140–2 compliant. Documents are protected with a 256-bit AES key. All communication between applications and the GigaCloud server are encrypted using a 2048-bit RSA key. GigaCloud for DOD Supply Chain includes a suite of patented security content management services that provides the benefits of encryption plus the ability for authors to control the use of assets—even aſter they have been delivered and opened. It meets enterprise document security requirements for external cloud-based file sync, sharing integration services including Dropbox, OneDrive and Google Drive, secure document management systems such as SharePoint®. GigaCloud TM for DoD Supply Chain SOLUTION OVERVIEW December 31, 2017 is the final deadline by which to prove compliance — so action is recommended as soon as possible.

GigaCloudTM for DoD Supply Chain

  • Upload
    others

  • View
    0

  • Download
    0

Embed Size (px)

Citation preview

Page 1: GigaCloudTM for DoD Supply Chain

Protecting Controlled Unclassified Information (CUI)

The clock is ticking on the latest cloud compliance mandate: NIST Special Publication 800-171, otherwise known as DFARS (Defense Federal Acquisition Regulation Supplement). Any organization or contractor that holds or processes unclassified Department of Defense (DoD) data must ensure that they comply with this new DFARS clause.

Organizations working with the DoD are already used to applying stringent controls to systems that manage classified data, but with DFARS guidance this now extends to unclassified systems that are owned, operated by a contractor that process, store, or transmit covered defense information. This can have wide-reaching consequences for the contractor who now must extend the security controls across a larger number of systems than in the past.

This mandate is designed to protect sensitive government information from being destroyed, compromised, or stolen while residing in or transiting through Information and Communication Technology (ICT) systems as it’s shared between federal agencies and vendors. This mandate applies to organizations that create, process, store or transmit CUI, or that provide security protection for these components.

NIST is a very important piece of document and email security compliance in a time when cyberattacks are becoming more and more prevalent.

GigaCloud for DoD Supply Chain Delivers Secure Collaboration on Virtually any Device

The GigaTrustTM GigaCloud for DOD Supply Chain for secure endpoint email and document collaboration provides numerous features and functions to enterprise and government users. With GigaCloud for DOD Supply Chain, a redundant infrastructure is provided to persistently protect content (at rest, in transit, and in use) no matter how or where the content travels or is stored. GigaCloud for DOD Supply Chain is FIPS 140–2 compliant. Documents are protected with a 256-bit AES key. All communication between applications and the GigaCloud server are encrypted using a 2048-bit RSA key.

GigaCloud for DOD Supply Chain includes a suite of patented security content management services that provides the benefits of encryption plus the ability for authors to control the use of assets—even after they have been delivered and opened. It meets enterprise document security requirements for external cloud-based file sync, sharing integration services including Dropbox, OneDrive and Google Drive, secure document management systems such as SharePoint®.

GigaCloudTM for DoD Supply Chain

SOLUTION OVERVIEW

December 31, 2017

is the final deadline

by which to prove

compliance —

so action is

recommended as

soon as possible.

Page 2: GigaCloudTM for DoD Supply Chain

GIGACLOUD FOR DoD SUPPLY CHAIN

• 2 •

GigaCloud for DoD Supply Chain Features

Anyone-to-Anyone secure messaging — IMAP and Exchange email support

Document Protection (Office, PDF and more)

Endpoint Security (tablets, smartphones, PCs)

Secure Collaboration (Protected emails, cloud storage services, thumb drives)

Users are provided with set of predefined policies/templates that make the service simple and easy to use

Customize policies/templates for protection and consumption of documents suitable to your organization and environment down to the individual user level

Document tracking, reporting and compliance

Revoke document permissions instantaneously

Data analytics allowing administrators to monitor usage in real time to identify potentially suspicious activity

Easy subscriber provisioning allows sharing protected documents with both internal and external users

Internal users can send protected content to external users once the external user has been invited by a GigaCloud administrator — this oversight prevents unauthorized content leakage by users attempting to sneak sensitive content out by protecting it

Service Available for:

Mobile (Android, iOS) Protect/View/Edit Microsoft documents and emails. Protect and View PDF, text and images files. Provides a similar desktop experience with full file fidelity.

Windows Client Protect/View/Edit Office documents and emails in native Office applications. Protect/View PDF documents in Adobe Reader/Acrobat, and other non-Microsoft file formats in native applications. Provides policy management, rules and automatic protection at the user level.

GigaCloud for DoD Supply Chain Endpoint Security Components

GigaCloud for DoD Supply Chain is available for both mobile and desktop users.

GigaCloud Service

Page 3: GigaCloudTM for DoD Supply Chain

GIGATRUST

• 3 •

Data OverWatch

GigaCloud for DoD Supply Chain includes our Data OverWatch service. It is a cloud-based set of capabilities that provide measurement, auditing, tracking and analytics of data content. Specifically, the analytics shows ROI and user adoption, and enables users to better manage people, devices, content and policy. It allows them to know what is protected and where that content resides, and all the retained information is configurable and location sensitive. Data OverWatch “events” provide information about user, device, content and policy. Events are captured from applications interacting with the secure content and extensive analytics data is captured for each event.

Data OverWatch enables:

• Tracking and usage reporting of sensitive emails and documents.

• Automatic protection of emails and attachments based on content or destination.

• Revocation of sensitive emails and documents, even after distribution and use.

• In Use protection, not just In Transit, enabling the limitation of functions such as Print, Edit, Reply, Reply All, Forward, Copy/Paste, Screen Capture.

• Email and document expiration dates and prevention of usage until start dates.

• Each DoD supply chain vendor to have control of their sensitive emails and documents, separate from the controls provided to other supply chain vendors.

• Security Audit of policy changes.

• Alert notification of events (example: if one user opens an unusual number of documents, system will send an email to security/administrator).

• Data OverWatch events provide information about user, device, content and policy, and enables customers to better manage people, devices, content and policy.

nowsomeoverwatchbydocument

CUI Document / Email Activity Summary for UserUser Activity Summary with Selectable Filters

Page 4: GigaCloudTM for DoD Supply Chain

GIGACLOUD FOR DoD SUPPLY CHAIN

• 4 •

Enterprise Administrator Rights

One of the mandates of the NIST controls is to have content protection that tracks the usage of the CUI data, as well as audits what was viewed and by whom. As part of the GigaCloud for DoD Supply Chain service, an Enterprise Administrator can set policies for protection and consumption of documents suitable to their organization. The data analytics features of GigaCloud for DOD Supply Chain allow the Enterprise Administrator to monitor usage and to set up alerts for any suspicious activity. They are also able to produce reports for management review and regulatory compliance needs.

The supplier’s Enterprise Administrator sets up the new tenant account with an enterprise customer domain name in GigaCloud. The designated Enterprise Administrator will be given rights to manage their account.

The supplier’s Enterprise Administrator then creates enterprise user accounts quickly and easily in a GigaCloud DoD Supply Chain directory. The enterprise account is then ready for operation using default security policies, which can be modified by the Enterprise Administrator. The Enterprise Administrator can push out the GigaCloud DoD Supply Chain Desktop Client software to its users with SMS or another similar service. The GigaCloud Android and iOS Apps are available for download from Google Play and Apple’s App Store. The Enterprise Administrator can also distribute the Apps directly to its enterprise users.

SampleGigaCloudReports

Thereare3differentsetsofsamplesinthisdocument.

FirstareActualReports,whicharerecordedwhendocumentsareOPENED,orAttemptedtoOpen.TheyarebasedonRMSEULactivity

SecondareOverWatchreports,whicharecollectedbytheGigaTrustClient,notjustwhenopeningdocuments.

LastlyareAlerts,whicharegeneratedinrealtimeandcansendemailswheneventsoccur.

FirstaretheGigaCloudReports,notincludingOverwatch

Hereisasamplegeneraldocumentactivity

Nowalittlemoreoftheabovereport

andnotjustreports,herearesomealertsamples,whichcanbeautomaticallyemailtosecurityorasneeded

NowforsomesystemactivitysummarySummary System Activity

CUI Event Monitoring / Tracking / Alerts

CUI Document Activity Detail with Selectable Filters

Page 5: GigaCloudTM for DoD Supply Chain

GIGATRUST

• 5 •

About GigaTrust

GigaTrust is a leading SaaS provider of endpoint email security and document in-use protection for on-premise private cloud or private cloud-based deployments for Windows, Android and iOS devices. GigaTrust is the largest and oldest provider that enhances and extends Microsoft’s Rights Management Services (RMS) content security solution. Customers rely on GigaTrust’s innovative next-generation content security technologies, combined with ease of use and deployment, to enable intellectual property protection and confidentiality.

GigaTrust Headquarters 607 Herndon Parkway, Suite 302 Herndon, VA 20170 1.866.868.7878 [email protected] www.gigatrust.com

©2017 GigaTrust. Printed in the United States. All marks are the property of their respective owners. C1041-08917-02

The company’s flagship offering, GigaCloudTM, delivers secure email and document collaboration services anytime, anywhere, on virtually any device and any platform with real-time data analytics, reporting and administrative tools. It applies and enforces security permissions down to the digital content level, protecting content from misuse throughout the entire lifecycle — while in transit, at rest and, most importantly in use. For more information about GigaTrust, visit www.gigatrust.com.

Desktop Client

Protection for both Microsoft and non-Microsoft file types

GigaCloud for DoD Supply Chain for Desktop Client controls access to your data using our GigaCloud for DoD Supply Chain configuration when sending an Office document, PDF, JPG or other supported non-Office file format.

Desktop Client enables the opening of protected Office documents and supported non-Office rights-managed content directly on a desktop, tablet or smartphone device. This protection can also extend to other file-server sharing systems where emails are stored with attachments in different file formats. GigaCloud for DoD Supply Chain blocks over 250 screen capture/remote sharing programs from being launched with its blacklist support enabled for Office applications and non-Microsoft file formats. With GigaCloud for DoD Supply Chain Desktop Client, admin-istrators can establish rules that automatically apply policies, track users and documents through the reporting function and revoke access instantly if a file is delivered into the wrong hands.

Desktop Client Requirements

• Software Requirements– Microsoft Office 2010 and above/O365– Windows 10 (x86, x64)– Windows 8.1 (x86, x64)– Windows 7 SP1 (x86, x64)

• Supported Applications– Microsoft Office Pro Plus 2010 and above/O365– Adobe Reader (v10.1.x, v11.0.04, DC)– Adobe Acrobat (v10.1.x, v11.x, DC)– Microsoft Notepad– Microsoft Paint– Microsoft Office Document Imaging

• Supported File Formats

– Microsoft Office Suite — Word, PowerPoint, Excel– PDF — Adobe and Microsoft Format– TXT, BMP, GIF, JPG, JPEG, PNG, TIF, TIFF,

MDI, DOC, XLS, PPT

Android and iOS Apps

The Android and iOS Apps bridge the gap between these mobile devices and secure content collaboration. Now your mobile user base can have persistent content protection and the convenience of mobility to send and receive protected content. Information sharing is greatly improved now that rights-protected content is accessible on mobile devices.

Unlike secure point-to-point messaging solutions that only protect content in transit, GigaCloud for DoD Supply Chain for Android and iOS protects content at rest, in transit and in use, allowing users to securely deliver and persistently protect emails and attachments while they are being read on the device. Android and iOS users can apply protection to outgoing email responses and messages, as well. If email permissions allow forwarding, attachments remain protected whether they are accessed on the desktop or on another mobile device.

Mobile Device Requirements

• Software Requirements– For Android — v4.4 and above– For iOS — v5.0 and above

• Supported File Formats– Microsoft Office Suite — Word, PowerPoint, Excel– PDF — Adobe and Microsoft Format – TXT, BMP, GIF, JPG, JPEG,

PNG, TIF, TIFF, MDI, DOC, XLS, PPT


Supply Chain Management Supply Chain Management

Supply Chain Management Supply Chain Management

Documents
Supply Chain Doctors The Supply Chain Doctors Supply Chain Management Kimball Bullington, Ph.D.

Supply Chain Doctors The Supply Chain Doctors Supply Chain Management Kimball Bullington, Ph.D.

Documents
Gao report DOD counterfeit parts supply chain risks

Gao report DOD counterfeit parts supply chain risks

Government & Nonprofit
“Supply Chain Resilience & supply chain strategy” - CIPS Event uploads... · “Supply Chain Resilience & supply chain strategy ... Centre for Logistics & Supply Chain Management,

“Supply Chain Resilience & supply chain strategy” - CIPS Event uploads... · “Supply Chain Resilience & supply chain strategy ... Centre for Logistics & Supply Chain Management,

Documents
Integrating PBL into DoD Supply Chain Management

Integrating PBL into DoD Supply Chain Management

Documents
Chapter 10 Supply Chain Strategy. Supply-Chain Management Measuring Supply-Chain Performance Supply Chain Decisions Cycle and Push-Pull View of Supply

Chapter 10 Supply Chain Strategy. Supply-Chain Management Measuring Supply-Chain Performance Supply Chain Decisions Cycle and Push-Pull View of Supply

Documents
LMI Research Institute: Additive Manufacturing and the DoD ... · LMI Research Institute: Additive Manufacturing and the DoD Supply Chain April 30, 2014 . Manager, LMI Research Institute

LMI Research Institute: Additive Manufacturing and the DoD ... · LMI Research Institute: Additive Manufacturing and the DoD Supply Chain April 30, 2014 . Manager, LMI Research Institute

Documents
SUPPLY CHAIN VISIBILITY, SUPPLY CHAIN VELOCITY, SUPPLY ...eajournals.org/wp-content/uploads/Supply-Chain... · European Journal of Logistics, Purchasing and Supply Chain Management

SUPPLY CHAIN VISIBILITY, SUPPLY CHAIN VELOCITY, SUPPLY ...eajournals.org/wp-content/uploads/Supply-Chain... · European Journal of Logistics, Purchasing and Supply Chain Management

Documents
Supply Chain Finance (II) Supply Chain Finance Innovation ... Chain Finance... · Supply Chain Finance (II) Supply Chain Finance Innovation in Manufacturing Industry The Li & Fung

Supply Chain Finance (II) Supply Chain Finance Innovation ... Chain Finance... · Supply Chain Finance (II) Supply Chain Finance Innovation in Manufacturing Industry The Li & Fung

Documents
SUPPLY CHAIN OPTIMIZATIONL: JET FUEL SUPPLY CHAIN

SUPPLY CHAIN OPTIMIZATIONL: JET FUEL SUPPLY CHAIN

Technology
Supply Chain Management. 10-2 Lecture Outline Supply Chain Management Information Technology: A Supply Chain Enabler Supply Chain Integration

Supply Chain Management. 10-2 Lecture Outline Supply Chain Management Information Technology: A Supply Chain Enabler Supply Chain Integration

Documents
Supply Chain Leader Supply Chain Leader

Supply Chain Leader Supply Chain Leader

Documents
supply chain functionality supply chain functionality

supply chain functionality supply chain functionality

Documents
Naval Audit Service - Home - Secretariat redacted for websi… · (DoD) Instruction 4140.1-R dated 23 May 2003, “DoD Supply Chain Material Management Regulation,” the DoD Small

Naval Audit Service - Home - Secretariat redacted for websi… · (DoD) Instruction 4140.1-R dated 23 May 2003, “DoD Supply Chain Material Management Regulation,” the DoD Small

Documents
Supply-Chain Operations Reference Discussionweb.wilkes.edu/jennifer.edmonds/MBA_513/SCOR.pdf · Supply-Chain Operations Reference (SCOR) By: Matt, Scott, ... • The DOD put the metrics

Supply-Chain Operations Reference Discussionweb.wilkes.edu/jennifer.edmonds/MBA_513/SCOR.pdf · Supply-Chain Operations Reference (SCOR) By: Matt, Scott, ... • The DOD put the metrics

Documents
OSD Assessment of the Performance of the DoD Supply Chain

OSD Assessment of the Performance of the DoD Supply Chain

Documents
Supply Chain Strategies & e-Business Supply Chain

Supply Chain Strategies & e-Business Supply Chain

Documents
Supply Chain Security/Supply Chain Preparedness

Supply Chain Security/Supply Chain Preparedness

Documents
DOD MANUAL 4140.01, VOLUME - esd.whs.mil · DOD MANUAL 4140.01, VOLUME 2 . DOD SUPPLY CHAIN MATERIEL MANAGEMENT PROCEDURES: DEMAND AND SUPPLY PLANNING. Originating Component: Office

DOD MANUAL 4140.01, VOLUME - esd.whs.mil · DOD MANUAL 4140.01, VOLUME 2 . DOD SUPPLY CHAIN MATERIEL MANAGEMENT PROCEDURES: DEMAND AND SUPPLY PLANNING. Originating Component: Office

Documents
Integrating Supply Chain and Development Chain 1 Slides 8 Integrating Supply Chain and Development Chain Global Supply Chain Management

Integrating Supply Chain and Development Chain 1 Slides 8 Integrating Supply Chain and Development Chain Global Supply Chain Management

Documents
Supply Chain Management Handbook - ASQrube.asq.org/asd/...chain-improvement-supply-chain-management-ha… · Supply Chain Management Handbook The Supply Chain Management Handbook

Supply Chain Management Handbook - ASQrube.asq.org/asd/...chain-improvement-supply-chain-management-ha… · Supply Chain Management Handbook The Supply Chain Management Handbook

Documents
DEFENSE LOGISTICS MANAGEMENT SYSTEM … LOGISTICS MANAGEMENT SYSTEM . VOLUME 3 . ... “DoD Supply Chain Materiel Management Policy,” December 14, ... Chapter 2 Retail Supply …

DEFENSE LOGISTICS MANAGEMENT SYSTEM … LOGISTICS MANAGEMENT SYSTEM . VOLUME 3 . ... “DoD Supply Chain Materiel Management Policy,” December 14, ... Chapter 2 Retail Supply …

Documents
A Classification of Supply Chain Problems · A Classification of Supply Chain Problems ... Supply chain

A Classification of Supply Chain Problems · A Classification of Supply Chain Problems ... Supply chain

Documents
1 Applying Lean Thinking to the DoD Consumable Spares Supply Chain... 27 August 2003 Colonel Milton…

1 Applying Lean Thinking to the DoD Consumable Spares Supply Chain... 27 August 2003 Colonel Milton…

Documents
Supply Chain Management Supply Chain Management Toolkit.html

Supply Chain Management Supply Chain Management Toolkit.html

Documents
Supply Chain Management - Introduction 2018 LOA University · Supply Chain Management: Processes, Partnerships, Performance ... and services, improve DoD supply chain performance,

Supply Chain Management - Introduction 2018 LOA University · Supply Chain Management: Processes, Partnerships, Performance ... and services, improve DoD supply chain performance,

Documents
GAO-16-236; Counterfeit Parts: DOD Needs to Improve ...DOD Needs to Improve Reporting and Oversight to Reduce Supply Chain Risk . Why GAO Did This Study . The DOD supply chain is vulnerable

GAO-16-236; Counterfeit Parts: DOD Needs to Improve ...DOD Needs to Improve Reporting and Oversight to Reduce Supply Chain Risk . Why GAO Did This Study . The DOD supply chain is vulnerable

Documents
Procurement & Infrastructure Cluster Supply Chain Supply ... · Supply Chain Supply Chain Management Unit Management Unit Deputy Head (Supply Chain Management) Ensures effective control,

Procurement & Infrastructure Cluster Supply Chain Supply ... · Supply Chain Supply Chain Management Unit Management Unit Deputy Head (Supply Chain Management) Ensures effective control,

Documents
Modulhandbuch Supply Chain Management Supply Chain ...Modulhandbuch Supply Chain Management erzeugt am 05.04.2019,16:27 Supply Chain Management Pflichtfächer (Übersicht) Modulbezeichnung

Modulhandbuch Supply Chain Management Supply Chain ...Modulhandbuch Supply Chain Management erzeugt am 05.04.2019,16:27 Supply Chain Management Pflichtfächer (Übersicht) Modulbezeichnung

Documents
SUPPLY CHAIN MANAGEMENT - parno.staff.gunadarma.ac.idparno.staff.gunadarma.ac.id/Downloads/files/65300/KSIL_03_Supply+Chain... · supply chain. Tujuan utama setiap supply chain adalah

SUPPLY CHAIN MANAGEMENT - parno.staff.gunadarma.ac.idparno.staff.gunadarma.ac.id/Downloads/files/65300/KSIL_03_Supply+Chain... · supply chain. Tujuan utama setiap supply chain adalah

Documents