Академический Документы
Профессиональный Документы
Культура Документы
OV E R V I E W
presented by
November 2009
© Copyright 2009 NC4 All rights reserved
NC4 Homeland Security Cloud™
CONTENTS
Executive Summary 3
Conclusion 8
Solutions for Secure Communication and NC4 provides cloud-based global situational
Collaboration awareness solutions for many federal, state and
local government agencies as well as hundreds
The NC4 Homeland Security Cloud includes secure of large corporations in multiple industries. NC4
communication and collaboration solutions that operates two 24 x 7 Incident Monitoring centers to
support a wide variety of missions for numerous collect, filter and summarize incident information
federal agencies including the Department from thousands of (primarily local) government
of Homeland Security, Department of Energy, and media sources. This information is geo-coded
NASA, and many others. These solutions provide and categorized and sent out as real-time incident
cloud-based collaboration tools including alerts based on customer specific profiles. In the
secure messaging, chat, wiki, discussion forums, first half of 2009, NC4 has monitored over 20,000
document management and mission-focused unique incidents and delivered over 5 million
custom applications. NC4 also maintains a system incident alerts. These alerts are often used by
that provides a secure front end interface that organizations as “trip wires” which initiate further
allows users to interact with government clearance analysis, actions or emergency response using
databases and satisfy reporting mandates related other NC4 cloud-based solutions.
Situational awareness services for the NC4 Homeland Security Cloud™ are provided by two fully redundant incident
monitoring centers staffed 24 x 7.
All NC4 operations personnel have been through a HSC Infrastructure – Inter-community and
preliminary background investigation before being Cross Community Connections
offered an employment position. Individuals that
have physical access to our SOC also hold a U.S. The NC4 Homeland Security Cloud supports the
Government Secret Clearance sponsored by one of XML data exchange standards being promulgated
our federal customers. by the federal agencies for interoperability
between systems. This includes the Common
In addition to the physical and personnel Alerting Protocol (CAP), Emergency Data Exchange
security controls in place at this facility, there Language (EDXL) and National Information
are also numerous cyber security controls. NC4 ’s Exchange Model (NIEM) standards. Compliance
technology has a strong pedigree of cyber security with these standards will allow information sharing
leadership through its beginning at the Defense between disparate systems more easily and
Advanced Research Projects Agency (DARPA) and without major changes to the applications.
its continuation through the Software Engineering
Institute of Carnegie Mellon University before the Another key requirement for information sharing
commercialization of its technology. NC4 provides between the NC4 Homeland Security Cloud and
a full cycle security solution enforcing best of other federal government applications is federated
breed cyber security practices. These practices identity management. NC4 supports the Global
also include secure coding and code screening Federated Identity and Privilege Management
for vulnerabilities throughout the development (GFIPM) framework that provides a standards-based
process including full security scans of all code approach for implementing federated identity.
before it is put into production. This allows users of NC4 Homeland Security Cloud
applications to identify and authenticate with
Additional security features of the NC4 Homeland other government systems participating in the
Security Cloud include the following: federation. NC4 is currently part of the GFIPM
• Support for two-factor authentication Security Interoperability Demonstration pilot
mechanisms including RSA SecurID and project sponsored by DHS and the Department of
Anakam Justice.
• “Need to know” visibility and access models
for secure, flexible access control HSC Infrastructure – Situational Awareness
• Comprehensive user activity audit
NC4 Situational Awareness solutions are supported
capabilities for non-repudiation
by proprietary technology to harvest information
from thousands of cloud-based information
The security features of the NC4 Homeland
sources. This includes the capability for automated
Security Cloud have enabled NC4 to achieve
monitoring of Internet-based information sources.
multiple certifications and accreditations through
compliance with federal security standards
A key part of the HSC infrastructure for Situational
including FISMA, NIST 800-53, Title 21 Part 11,
Awareness is NC4 -developed technology which
28 CFR part 23 and HIPAA compliance. NC4 has
is used to target relevant incident alerts to the
received certifications from multiple federal
appropriate recipients only. To accomplish this
agencies for the safe hosting of Controlled
level of relevancy, NC4 developed Geo-Relevancy
Unclassified Information (CUI), Sensitive But
Management (GRM). GRM refers to the ability to
Unclassified (SBU), For Official Use Only (FOUO),
provide automated correlation of incidents with
Law Enforcement Sensitive (LES) and medical
potential impact based on the proximity of the
personally identifiable information. NC4 is audited
incident to your registered locations. GRM allows
on an annual basis by federal agency and private
a virtual perimeter to be defined around a location
sector representatives.
and for a proactive notification to be triggered HSC Infrastructure – Mapping and GIS
whenever an incident that meets the profile
criteria is reported within the perimeter. Geographical Information Systems (GIS) and
mapping are essential components of homeland
HSC Infrastructure for Situational Awareness security solutions. The NC4 Homeland Security
leverages the Oracle Real Application Cloud includes integrated support for GIS services
Clusters (RAC) technology for load balancing including ESRI ArcGIS and ArcIMS and mapping
and automated failover between our two services from both Microsoft and Google.
geographically separated centers.
Conclusion
HSC Infrastructure – Information, Document
and Process Management As corporations and government agencies further
explore the intrinsic benefits of cloud computing,
NC4 Homeland Security Cloud applications they must exercise due diligence in examining
include capabilities in information and document their cloud-based applications vendor’s ability
management that are optimized for homeland to provide security and privacy of the cloud
security missions. This includes an integrated, infrastructure into which they are entrusting their
searchable document repository with workflow information. We invite you to contact us to learn
approval and expiration date mechanisms and the more about the NC4 Homeland Security Cloud and
ability to apply metadata and tags to all content. how it provides all the advantages of the cloud
computing model while also providing the highest
The HSC infrastructure also includes the capability level of security for sensitive mission critical
for non-technical users to create custom forms applications.
using a Web 2.0 drag-and-drop user interface.
Rich, dynamic forms can be created with
integrated workflow and business rules.