Your Security is Our Top Priority

                                     

Encrypting our data:

Desktops, laptops and servers are encrypted where privacy data is stored; removable media such as thumb drives, CDs and DVDs are strictly limited to approved personnel, and all data written to those devices is encrypted; and backup tapes containing privacy data are encrypted.

Securing our locations:

Employees wear radio frequency identification (RFID) security badges to access buildings and interior secured areas on the main campus; and internal and external video cameras are monitored 24/7.

Strictly governing passwords and access:

Passwords are changed at regular intervals, and “strong” passwords are required; we review accounts regularly for appropriate access; access is immediately revoked on all employee terminations or separations; and two-factor authentication is in place for all privileged users.

Conducting checks:

We perform background checks on all employees and contractors prior to being granted access to systems.

Protecting our systems:

Anti-virus is installed and updated on all desktops, laptops and servers; internal and external firewalls segregate Internet-facing traffic from internal, and they segregate internal users from direct access to servers; Intrusion Prevention Systems (IPS) are installed at critical “choke points” on the network; egress filtering reduces the threat of command and control malware infections; and email gateways identify and encrypt messages that contain privacy information.

Testing our security:

We regularly try to penetrate and exploit our systems to make sure everything is functioning as it should and no weaknesses exist
 

These safeguards and more comply with guidelines issued by The National Institute of Standards and Technology (NIST) 800-53 Special Publication on Recommended Security Controls for Federal Information Systems and Organizations, the Center for Internet Security (CIS) Benchmarks, and the Department of Defense (DoD) Security Technical Implementation Guides (STIG).