Superb Internet | Government Services Information
close
Domain Name / Customer ID:

Password:

Forgot Password

All material © 1996 - 2024 Superb Internet Technologies Inc. // version-1.50.33
 
 

FISMA COMPLIANCE-READY SERVICES

Superb Internet offers FISMA Compliance-Ready hosting services to our government customers. Government agencies have complete freedom to customize their hosting environment to safe-guard their sensitive information on Superb Internet’s FISMA Compliance-Ready hosting platform.

Physical Layer:

At the physical layer, our customers’ systems are hosted in our SSAE-18 Audited and ISO 27001:2013 Certified & Registered data centers that are N+1 redundant for all critical infrastructure (electrical and HVAC) with strict temperature and humidity controls. The data centers are operated and monitored 24x7x365 by systems technicians and network engineers. Multi-factors authentication is required to assess facilities and all premises and external perimeter are monitored by surveillance system. All secure access points require card key or biometric access, and thorough surveillance is in place throughout the facilities and around the external perimeter.

Network Layer:

At the network layer we focus on protecting customer systems from malicious and known attacks, such as XSS, SQL injections, and DDoS attacks by deploying the following network security tools:

  • Redundant stateful inspection firewalls
  • Multiple DDoS mitigation devices
  • Multiple WAFs (Web Application Firewalls) to prevent XSS, CQL injections, and thousands of malicious requests and attacks
  • Network IDS
  • Complete customer-to-customer isolation
  • Managed system-level backups as an additional service
  • Customer compliance scanning as an additional service
  • Web application scanning as an additional service
  • SSL-encrypted VPN

System Layer:

We deploy the following security products and methodologies to harden customer systems and protect against unauthorized, malicious and known attacks such as unauthorized access, trojans, and malware infections:

  • Antivirus protection
  • MS SQL encryption (if required)
  • Fully hardened server images customized per server role
  • Managed operation system security updates
  • Host-based IDS as an additional service
  • Two-factor Authentication for remote access

Operational and Management Layer:

We have strict documented policy and procedures and customer portal to support customers’ ongoing FISMA compliance audit requirements as follows:

  • Documented policy and procedures
  • Separation of duties enforced
  • Least privileges enforced
  • Change Management procedures
  • Patch management policy
  • Incident response policy
  • Sensitive media handling policy
  • Secure customer portal
  • Customer ticketing system

SSAE18 SOC2 Type II TYPE II AUDITED FACILITIES, NETWORK & OPERATIONS

Our data centers and coast-to-coast IP backbone are continuously independently audited under SSAE18 SOC2 Type II Type II (formerly SAS-70). By achieving complete SSAE-18 compliance (audit reports with zero exceptions are available upon customer request), we have demonstrated that effective control objectives, and control activities are in place throughout the organization. Our SSAE-18 compliant operations allow enterprise organizations to achieve compliance and to incorporate our SSAE-18 audit report in their audited financial statements, if so required by their auditors. Here are some examples of SSAE-18 compliance controls our secure hosting environment supplements:

  • Facilities and asset management
  • Logical access and access control
  • Network and information security
  • Computer operations
  • Backup and recovery
  • Change and incident management
  • Organizational and administrative controls
  • Security policies, reporting, and monitoring
  • Physical and logical security

SSAE-18 compliant cloud/hosting features:

  • SSL offload capability
  • Enterprise-level, application level protection
  • Hardware firewalls
  • IP and port restricted access
  • Multiple levels of segregated access
  • Managed backups and retention
  • Advanced monitoring
  • Multi-level intrusion detection & prevention (IDS/IPS)

PCI-DSS COMPLIANCE-READY SERVICES

When companies collect customers’ payment card information, PCI-DSS compliance and certification is required by all merchant card processors, in order to ensure the security and integrity of customers’ credit card data. All of our facilities, services and processes are PCI-DSS compliant, developed specifically not just to keep your customers’ payment card data, but the entire hosting environment, facilities and network, secure. By handling sensitive personal data in a responsible way, we help enterprises that accept, store, and/or process credit cards to achieve and maintain 100% compliance with PCI-DSS 2.0 standards. Our secure cloud platform and hybrid cloud capability (i.e., to use a public cloud in conjunction with a private cloud or isolated dedicated highly secure servers) gives e-Commerce retailers an affordable, compliant way to segment public website files from confidential database files and restrict access from the Internet and unauthorized personnel. In addition, we are there every time your hosting environment needs a “checkup” by assisting with network scans as prescribed per your QSA. If you subscribe to our fully managed service, we will also provide log data and audit trails on your behalf when your need to respond to any forensic inquiry. Our PCI 2.0 compliance-ready hosting services provide a protective, scheduled hosting environment for each secure cloud or server. The intrinsic qualities of our secure cloud hosting environment fulfill the PCI DSS requirements. Partnering with us to achieve PCI compliance can significantly reduce the costs and time it takes to obtain a Report on Compliance. Some of our security features and services available that help to ensure PCI 2.0 compliance:

  • Thorough Access Control and Physical Security
  • 24x7x365 Data Center on-site Staffing & Monitoring
  • Physical environment has restricted access and man traps
  • Surveillance monitoring with video retention
  • Log Maintenance and Process Management
  • Log storage and customizable retention
  • Systems Monitoring and Testing
  • IDS (Intrusion Detection Systems)
  • Real-time security event notifications
  • Network security scans
  • IP logging
  • Two-factor authentication
  • SSL certificates with extended ID validation
  • Hardened Solutions
  • Antivirus protection
  • Network-Wide Firewalls
  • Web application firewalls
  • Continuous patching and maintenance
  • Web servers separated (logically and physically) from database servers
  • Port control – unnecessary ports are closed
  • Strong encryption during data transfer and transmission
  • Redundant power and cooling
  • 100% Uptime Network & Facilities

ITIL CERTIFICATION-READY SERVICES

ITIL service management is the de-facto global standard in the area of IT service management. ITIL is a comprehensive, non-proprietary, and publicly available set of guidelines for best practices in information technology service management. Our ITIL management processes and professionally trained staff ensure that we manage business risks and minimize service disruptions, as well as help your enterprise with the following:

  • Maximize your return on IT & infrastructure investment
  • Build and maintain positive business relationships with customers and improve customer satisfaction
  • Ensure your customers can access services on-demand, when and where needed
  • Support business change at the speed your business needs while ensuring a stable and low-risk environment
  • Help you to quantify and clearly demonstrate the true value of the services you provide
  • Ensure the business and your customers are not affected by unexpected service failures

HIPAA COMPLIANCE-READY SERVICES

Our HIPAA compliance-ready solutions provide secure cloud and data center hosting practices to help healthcare providers achieve HIPAA compliance. One of our specialties is helping healthcare enterprises achieve and maintain HIPAA (Health Insurance Portability and Accountability Act) security requirements. Our secure hosting practices provide a safe, compliant hosting environment for critical web applications within healthcare providers’ networks. We handle the data center facility and network aspects of compliance requirements and let medical practitioners focus on what they do best, providing excellent patient care. Enterprise-grade private cloud provides the best of both worlds: a highly cost efficient virtualized environment, coupled with full physical isolation. Added features such as application level firewall protection help doctors, service providers, and private healthcare businesses adhere to HIPAA regulations. Our multi-layered security platform, combined with an enterprise-grade hosting environment, helps protect your PHI data and allows your hardware, software, databases, and security, working to ensure that you have HIPAA compliant hosting. We work with billing companies and insurance providers, as well as medical, vision, and dental care providers every day to achieve compliance. Professional services organizations, such as law offices and accounting firms working with healthcare providers, benefit from our HIPAA compliant hosting practices as well. All of our clients in the healthcare industry have found that outsourcing electronic aspects of HIPAA compliance to a secure hosting company allows them to focus their time and fiscal resources on other aspects of HIPAA requirements, such as patient document and record handling.

Some of our HIPPA compliant services:

  • Commercial, business web application hosting for healthcare professionals
  • Internet/Hosting infrastructure for medical SaaS (software-as-a-service) providers
  • HIPAA-compliant colocation, dedicated and private cloud hosting environments
  • Intranet and extranet hosting in virtual private environments
  • Hosting for medical billing systems and web-based patient management systems

Our HIPPA focused security solutions:

  • Web Application Level Protection
  • Helps detect and contain undesirable traffic on public networks
  • Helps prevent malware invasions like viruses, worms and trojans
  • Helps stop hacker attempts like SQL injections and XSS (Cross-site scripting) attacks
  • Customizable security rules ensure WAF is calibrated to protect your unique vulnerabilities
  • Application Level Monitoring and Intrusion Detection
  • Alerts administrators and manager every time files, directories, or hardware are accessed and by whom
  • Helps prevent malware invasions like viruses, worms and trojans
  • Helps stop hacker attempts like SQL injections and XSS (Cross-site scripting) attacks
  • Customizable security rules ensure WAF is calibrated to protect your unique vulnerabilities
  • Application Level Monitoring and Intrusion Detection
  • Alerts administrators and manager every time files, directories, or hardware are accessed and by whom enterprise level hardware
  • Forces password expiration & enforces password strength
  • Automates SSH & RTD timeouts
  • HIPAA Compliant System Architecture
  • Separate web and database environments
  • Exclusive environment for development, separate from production environment
  • Password expiration & ensured password strength
  • Automatic SSH & RTD timeouts
  • Log retention
  • Provides a valuable, detailed audit trail during a forensic investigation
  • Managed Patching, Version Control, and Security Updates
  • Upgrades operating system automatically, and applications on request
  • Provides support for Linux and Windows OSes
  • Alerts administrators when security vulnerabilities are detected
  • Physical and Logical Security
  • Includes stringent data destruction policies
  • Controls data movement inside and outside of our facilities
  • Records any changes to the hosting environment
  • Secures the data center environment with man-traps, surveillance, and controlled access
  • Vulnerability Scanning
  • Tests all services, virtual domains, ports, and IP addresses for 10,000-plus known vulnerabilities every day delivers a detailed notification every time a vulnerability is found

ISO 27001:2013 CERTIFIED & REGISTERED FACILITIES, NETWORK & OPERATIONS

Our data centers, coast-to-coast IP backbone and operations are ISO 27001:2013 Certified & Registered by ANAB and UKAS accredited Registrar, NQA, under the stringent standards and supervision of the International Standards Organization, thus demonstrating our complete and unwavering adherence to these strict global standards for our quality & information security management systems. These international world-standard certifications ensure all our solutions and operations have Quality Management System (QMS) processes and controls in place, and that everything is covered by a thorough Information Security Management System (ISMS). ISO 27001:2013 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27. It is a specification for an Information Security Management System (ISMS). An ISMS is a systematic approach to managing sensitive systems and information so that they remain secure. It includes people, processes, networks and IT systems by applying a comprehensive, detailed security and risk management process throughout. It helps us keep all systems and information assets, such as financial information, intellectual property, and other data, secure, through a rigorous, company and all locations and disciplines wide security program, which undergoes ongoing internal and external detailed audits. Organizations that meet the standard have been thoroughly (on-site and at all locations) audited by the Registrar’s auditors and certification committee, whose audit, in turn, is audited by the UKAS, who ultimately make the decision whether to certify the said organization. The accreditation provides our customers with verifiable, independent third-party, multi-step audited assurance of thorough ISMS applied to all of our operations. We aim to enhance our customer satisfaction through effective and thorough application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements. The Registrar’s audit, in turn, is audited by ANAB, who makes the final decision whether to award Certification & Registration. All of our operations (headquarters and all three data centers, and our coast-to-coast IP backbone) and services are ISO 27001:2013 Certified & Registered.

You are invited to review our ISO 27001:2013 Certificates of Registration:

For more information on the ISO 27001:2013 standard, please visit its here.