RegDOX Solutions

The Secure Data Room solution provider for Corporate, EAR, HIPAA, DFARS and ITAR compliance in the cloud.

CALL US NOW: +1.800.517.3171
ADDRESS: One Tara Boulevard, Suite 300, Nashua, NH 03062

Oxebridge Launches Secure Remote Audits Powered by RegDOX

By

NASHUA, N.H. June 25, 2020–(Oxebridge Quality Resources) Following up on its publication of Oxebridge Q017, the world’s first international standard on secure “Remote Auditing Methods”, Oxebridge has now begun implementing ITAR-compliant, secure remote auditing for its own clients, using the RegDOX secure sharing portal.

RegDOX allows users to share ITAR controlled information in a secure environment that ensures information is not leaked, misused or jeopardized. During ISO 9001 or other such audits, sensitive or controlled information is often shared with auditors, including ITAR controlled data, requiring careful handling of such information.

Not only do audits performed within RegDOX comply with the International Traffic in Arms Regulation (ITAR) and Export Administration Regulations (EAR), they also comply with NIST 800-171 and related Defense Federal Acquisition Regulation Supplement (DFARS) regulations. RegDOX received an official advisory notice from the US Dept. of State Directorate of Defense Trade Controls (DDTC) that its application complies fully with ITAR regulations.

The current COVID-19 pandemic has forced certification bodies and consultants, such as Oxebridge, who provide contract internal auditing to move to “remote” audits. Typically these use non-secure platforms such as Zoom, GoToMeeting, Google Meet, Cisco WebEx, or SharePoint. In almost all cases, the platforms do not provide ITAR and related compliance, risking felony violations for anyone sharing ITAR controlled information while utilizing them.

Oxebridge has pressed key organizations such as ISO, UKAS and the International Accreditation Forum (IAF) to adopt the Oxebridge Q017 approaches, which include using secure platforms such as RegDOX for document sharing and Signal for secure voice and messaging. The bodies have nevertheless continued to promote performing audits via Zoom, which has been plagued with security lapses and intentional sharing of data with the government of China.

“We are implementing RegDOX to accomplish two milestones,” said Christopher Paris, Oxebridge’s founder. “First, to show that secure remote audits can be accomplished without exposing clients to felonies. And second, to put our money where our mouth is, and perform audits for our clients in the way we’d want others to audit them.”

Oxebridge has likewise implemented a blockchain-enabled solution for its upcoming database of Q001 certifications, after having pressed ISO to do the same for worldwide certifications under its standards. ISO and the IAF have instead opted for a less-secure, non-blockchain traditional database that is open to hacking and has no verifiable data audit trail.

While the RegDOX platform will be mandatory for clients undergoing AS9100 internal audits by Oxebridge, it will also be made available to all clients, regardless of the standard used. Oxebridge is absorbing the costs of using RegDOX, and clients will not be required to buy any licenses or pay additional service fees. Clients will receive temporary, one-time login credentials to the Oxebridge RegDOX portal to be used during such audits. Once inside the portal, clients will be able to share ITAR or other controlled information as audit evidence, without fear of loss or theft. Every view, manipulation and transaction of the data is fully recorded, auditable and performed in a secure environment.

Oxebridge is exploring the use of RegDOX as a requirement for any accredited body offering Oxebridge Q0o1 Certification audits. TI is not yet decided if the certification bodies will be required to use their own RegDOX instance, or if Oxebridge will provide a universal one for use by the bodies and their clients.

CREDIT: Christopher Paris, Oxebridge Quality Resources

RegDOX Solutions Inc. Introduces Managed Services – Customized Administration and Unlimited Storage

By

NASHUA, N.H. June 18, 2020–(iCrowd Newswire)–RegDOX Solutions Inc., the leading company for securing and exchanging documents and files in the cloud while complying with US Federal cybersecurity mandates (ITAR/EAR/DFARS) for Controlled Unclassified Information (CUI), today announced the launch of the RegDOX® Managed Services for customized administration and unlimited Storage.

There are a number of cloud-based cybersecurity applications. Leading the list is RegDOX’s ITAR and DFARS compliant Data Room system that enables efficient and complete protection of federally regulated confidential electronic files. As with the best, RegDOX’s system can be best leveraged when it is administered with expertise and fully integrated with a company’s entire cybersecurity strategy.

As the provider of its leading application to meet this regulatory need, RegDOX works closely with its customers to enable administrator proficiency. RegDOX’s customers likewise work diligently to maintain that training and knowledge transfer to ensure ongoing compliance with cybersecurity standards.

Many customers however have requested that RegDOX’s cybersecurity experts move beyond training internal administrators to providing customized administration.

In addition to this call for more direct involvement in providing account administration of their RegDOX application, many of those customers have also requested that all storage limitations within the application be removed. Just as they do not want to be limited in their use by their own administrators not maintaining an understanding of the application, they do not want to be penalized as they bring more content in the system to obtain its protections and collaboration features.

Through its new and unique Managed Services option, RegDOX is saying yes to both these requests – our experts can administer each customer’s Data Room account and we can provide unlimited storage for no additional cost.

This new RegDOX Managed Services has two primary features:

  • RegDOX providing all account administration of customers’ RegDOX licensed application.
  • Customers having unlimited storage without any storage charges.

As William O’Brien, RegDOX’s President and COO, described this new option for its customers, “RegDOX Managed Services will enhance the use of the RegDOX cloud-based ITAR/DFARS cybersecurity solution while reducing customers’ direct and indirect costs. No longer will it be necessary to limit use of the application to reduce storage costs. Likewise, we as the experts in the RegDOX system can ensure users are getting all the system has to offer.”

Companies considering a cloud-based solution to meet their ITAR and DFARS obligations to confidentially store and collaborate using Controlled Unclassified Information (CUI) should contact RegDOX to become compliant while avoiding unnecessary storage costs and administrative overhead.

About RegDOX Solutions Inc.

Operating since 2007, RegDOX Solutions Inc. is a market-leading provider of highly intuitive SaaS solutions enabling customers to securely manage and collaborate on confidential documents and information, whether inside or outside of their IT environments. RegDOX® products and services include storage and data management services, as well as DFARS assessment services.

Call RegDOX at 1.800.517.3171, email us at or go to https://www.regdox.com/regdox-managed-services/ to learn more.

RegDOX Solutions Inc. Introduces Flexible and Cost-Effective Long-Term Cloud Storage Solution for CUI

By

NASHUA, N.H. May 18, 2020–(BUSINESS WIRE)–RegDOX Solutions Inc., the leading company for securing and exchanging documents and files in the cloud while complying with US Federal cybersecurity mandates (ITAR/EAR/DFARS) for Controlled Unclassified Information (CUI), today announced the launch of the RegDOX® Long-Term Storage solution for archiving CUI in the cloud while enabling persistent compliance with those regulatory requirements.

Whether CUI includes customer or vendor information, employee records, financial data, or any other sensitive business documents and files, companies need to safeguard their data with specifically defined confidentiality needs. RegDOX’s patented technology for long-term, permission-based cloud storage of CUI allows both large corporations and SMEs to easily retain CUI for mandated retention periods in a very cost-effective and readily accessible secure environment.

RegDOX’s ITAR and DFARS clients have requested that we provide long-term, compliant storage of CUI. With the RegDOX® Long-Term Storage Solution we are able to meet this need for required retention periods while achieving our shared goals of low cost, immediate accessibility, and immediately available reports of continued CUI compliance,” stated William O’Brien, President and Chief Operating Officer of RegDOX Solutions Inc.

He further said, “We are pleased to provide the RegDOX® Long-Term Storage Solution as an additional element of the most comprehensive industry offering of cloud solutions for CUI.

About RegDOX Solutions Inc.

Operating since 2007, RegDOX Solutions Inc. is a market-leading provider of highly intuitive SaaS solutions enabling customers to securely manage and collaborate on confidential documents and information, whether inside or outside of their IT environments. RegDOX® products and services include storage and data management services, as well as DFARS assessment services.

 

Contacts

Aarti Khurana

www.RegDOX.com
+1 603.651.0633

Regulatory Alert: Traps for the Unwary – DoD’s Cloud Computing Security Requirements (CC SRG)

By

It is important that all directly or indirectly involved in Federal contracting or securing ITAR Technical Data keep informed of the DOD’s cybersecurity requirements for not just their own IT networks but all their vendors providing online storage and collaboration services.

The Cloud Computing Security Requirements Guide (CC SRG) is included among many compliance standards for cloud services, such as various National Institute of Science and Technology (NIST) publication, those governing FedRAMP certification, and others.  As RegDOX explains in a whitepaper it is releasing today, despite the fact that the CC SRG is a DoD publication, it would be a mistake to assume that the CC SRG affects only those directly involved in DoD contracting.

This whitepaper created by RegDOX begins with a brief review of the relevant provisions of the CC SRG and how its requirements could reach beyond just the limited, though large group of companies that are identifiable as DoD contractors.

While the CC SRG initially appears to restrict its scope “to DoD provided cloud services and those provided by a contractor on behalf of the Department”, no commercial cloud service provider or offeror of a cloud solution should conclude from this language that it does not need to adhere to the CC SRG. Click here to download the whitepaper and get more information on why this is the case.

RegDOX’s solution is NIST (SP) 800-171 and CC SRG Impact Level 4-compliant. RegDOX system is also unique in having been found to be ITAR-compliant in an advisory opinion by the DDTC – Directorate of Defense Trade Controls (U.S. State Department). Your customers can have the efficiency of best in class content management while ensuring compliance.

We would welcome the opportunity to support this process.

 

About RegDOX Solutions Inc.
Operating since 2007, RegDOX is a market-leading provider of highly intuitive SaaS solutions enabling customers to securely manage and collaborate on confidential documents and information, whether inside or outside of their IT environments. RegDOX® products and services include storage and data management.

The military’s contractor cyber standards are officially here

By

The Pentagon issued the final standards under the Cybersecurity Maturity Model Certification (CMMC) on Friday  Jan 31, 2020.

Version 1.0 marks the first step towards implementing the new cybersecurity standards into all Department of Defense contracts.  

The model, consisting of five levels of security standards, will be phased into requests for information starting this summer. The vast majority of contractors that work with unclassified information will need to meet only level one of the framework — the least secure but least costly level on the scale. From there, the more sensitive the information contractors handle, the higher the level of certification they will need to receive under CMMC, up to level five. All levels will be certified by independent assessors who will conduct in-person checks. 

“Today represents an import milestone but we still have a lot of work to do,” Undersecretary for Acquisition and Sustainment Ellen Lord said at a press conference.

The model was born out of a realization that “checklist” security and self-assessment, the current standard set out by National Institute of Standards and Technology rule 800, was failing. Hacks of defense contractors have leaked national security secrets up and down the supply chain. Contractor cybersecurity was seen as a weak link by adversaries and routinely exploited. 

“CMMC is a really admirable and progressive attempt,” said Simone Petrella, CEO of CyberVista, a cybersecurity workforce development company. “It is something that really could be transformative and powerful.”

The official release of the standard means contractors will now need to pay a CMMC-certified assessor to physically inspect their operations to ensure they comply with one of the five levels. In the future, once CMMC begins appearing in RFIs and actual solicitations, if a contractor doesn’t meet the contract’s requisite level under the framework, they won’t be able to bid for the work.

While Petrella praised the general model for moving away from self-attested security, she flagged potential problems in how accessors get trained and actually certify contractors.

One hurdle is the size of the industrial base. Thousands of contractors in a complex supply chain will need to be physically assessed to meet security standards that may be new to companies that have not prioritized cyber hygiene in the past. Exacerbating that issue is the shortage of trained cybersecurity workers with the knowledge needed to asses advanced security standards. 

At a press briefing Friday morning, Lord acknowledged the burden that could fall on small- and mid-sized businesses.

“We need small and medium businesses in our defense industrial base and we need to retain them,” Lord said.

The CMMC assessors that will physically inspect contractors will be trained and overseen by a nonprofit board comprised of industry and academic partners. The board incorporated in November and as of this week had few answers as to how it will get the assessment workforce ready.

Lord stressed the department will take a “crawl, walk, run” approach to implementing the rules.

Katie Arrington, DOD’s CISO for acquisition and sustainment, projected 1,500 companies will be certified by the end of 2021.

Arrington has been working publicize CMMC with a national listening tour. But a recent survey found only a quarter of surveyed defense contractors could identify what the acronym stood for. A potential lack of understanding in the industrial base could spell trouble for the process as it tries to get off the ground.

 

CREDIT: Jackson Barnett, FedScoop

Cybersecurity Maturity Model Certification (CMMC) Version 0.7 Arrives!

By

The Cybersecurity Maturity Model Certification (CMMC) Draft Version 0.7 is live and available here.

Version 0.7 includes Level 4-5 practices and modifies some maturity processes and Level 1-3 practices.

This draft is another step closer to the final version — CMMC 1.0.

The CMMC will be a new contractual requirement for all DoD contractors.  The new certification requirement is intended to push defense contractors to strengthen their cybersecurity programs and standards. It will not be a self-attestation model, but rather a third-party certification and compliance model.

More in-depth analysis of the 190-page document will follow.

Clarifications –

In addition to CMMC Version 0.7, the DoD has released the following clarification:

  • The CMMC level of certification required for each procurement will be specified in the RFI and RFP upon release. Contractors will be required to meet the certification level at time of award. The Prime contractors must flow down the appropriate CMMC requirement to sub-contractors. Unless a higher level is specified, all contractors and sub-contractors must meet at a minimum CMMC Level 1.
  • Phase 1 of CMMC only applies to the contractor’s networks and does not apply to their products.

See the “Updates” tab of the CMMC website.

Timeline –

Draft Version 0.4 was released for public comment in September 2019.

Draft Version 0.6 was released on Friday, November 8, 2019.

Draft Version 0.7, dated December 6, 2019, was posted on the CMMC website on December 13, 2019.

Version 1.0 of the CMMC framework is expected to be available in January 2020. In June 2020, industry should begin to see the CMMC requirements as part of Requests for Information.

More Information –

For more information on the Cybersecurity Maturity Model Certification program, the latest draft, and news on the formation of a CMMC Accreditation Body, visit the DoD’s official CMMC website.

 

 

 

CREDIT: Colleen H. Johnson, Sera-Brynn

Cybersecurity Maturity Model Certification (CMMC) Version 0.6 Arrives

By

The Cybersecurity Maturity Model Certification (CMMC) Draft Version 0.6 is live and available here.

Draft version 0.6 includes CMMC Levels 1 – 3. Of note, “CMMC Levels 4-5 are not included in this release because public comments are still being addressed.” The updates to CMMC Levels 4 – 5 are expected to be provided in the next public release.

This draft is one step closer to the final version — CMMC 1.0.

The CMMC will be a new contractual requirement for all DoD contractors. The new certification requirement is intended to push defense contractors to strengthen their cybersecurity programs and standards. It will not be a self-attestation model, but rather a third-party certification and compliance model.

More in-depth analysis will follow!

Timeline

Draft version 0.4 was released for public comment in September 2019.

Draft Version 0.6 was released on Friday, November 8, 2019.

According to the CMMC website, “Version 1.0 of the CMMC framework will be available in January 2020 to support training requirements. In June 2020, industry should begin to see the CMMC requirements as part of Requests for Information.”

More Information

For more information on the Cybersecurity Maturity Model Certification program and the upcoming November 19, 2019 CMMC Accreditation Body Kickoff Meeting in Arlington, Virginia, visit the CMMC website.

 

 

 

CREDIT: Colleen H. Johnson, Sera-Brynn

Fresh Draft of DOD Contractor Cybersecurity Standards Coming Next Month

By

The Department of Defense will publish the second draft of its newly created Cybersecurity Maturity Model Certification early next month.

Undersecretary for Acquisition and Sustainment Ellen Lord said in a press conference that version 0.6 of the CMMC will be released for comment the first week of November.

“We are looking to roll CMMC out in a strategic manner, and will focus on our critical programs and technologies,” Lord said.

DOD issued version 0.4 of the framework, the first publicly released, last month. CMMC is meant to secure the defense supply chain by requiring contractors of all sizes to meet cybersecurity standards set out as a basic requirement in contracting language.

Already, DOD has received more than “2,000 comments, which are being reviewed and used to help tailor the final model,” Lord said.

The official framework, version 1.0, will drop January 2020, Lord said. Then, the first requests for information to include the CMMC language will come June 2020, with the final request for proposals later that fall, she said.

“We in the DOD will continue to work with the defense industrial base to ensure that the supply chain and the interested parties are informed, prepared and properly positioned,” Lord said.

DOD is also searching for a nonprofit entity to serve as the accreditation body for the CMMC program.

Trusted Capital Marketplace drone event next month

Next month, Lord’s team will also host the first event around its new Trusted Capital Marketplace — what she called a ” public-private partnership that will convene trusted sources of private capital with innovative companies critical to defense industrial base and national security.”

The Nov. 13 event, co-sponsored by Texas A&M University, will focus on small unmanned aerial systems (UAS) and counter-UAS technologies.

The university, Lord said, will host a website taking submission applications to join the event, which will have “about 75 slots open for industry, and then slots open for capital providers” given out on a “first-come, first-serve basis.”

During the press conference, Lord also detailed the Pentagon’s current use of waivers for military services to use DJI brand drones that are otherwise banned by the department over cybersecurity concerns and allegations of links to the Chinese government. She said, yes, the services do grant waivers, but the DJI drones are not used in the field.

“The reason that we write some waivers for these is to have them used on ranges, in highly controlled conditions to test our counter-UAS capability so those are used as targets,” she said. “We are not authorizing utilization of Chinese drones out in the field.  We are using them for targets.”

 

CREDIT: Billy Mitchell, FedScoop

Information Rights Management (IRM) 101: Data Privacy Mechanism

By

One of the features that helps ensure ITAR compliance within the cloud is known as Information Rights Management (IRM). IRM is a tool by which Controlled Unclassified Information (CUI) and other confidential or sensitive information are protected in a variety of ways. You may be familiar with Digital Rights Management (DRM), which is integrated within files to protect media such as movies or music.

IRM, however, deals with information and documents, and the management aspect refers to the ways by which they can be controlled. IRM can control the way a document is viewed and edited according to parameters set by an administrator.

One of the most basic ways IRM works is through information encryption. Through the utilization of a key or password, certain recipients may be authorized to access specific data. The next way, which is more common, is through permissions management. This could cause a specific document to be ‘locked’, which would prevent downloading, copying and pasting the material, screenshots, printing or editing.

With the RegDOX Secure Data Room solution, your documents and files are protected through IRM and a robust set of features as well. Documents within the cloud can be uniquely watermarked, which would provide information about the user, as well as the date and time. Documents can be secured through a ‘read only mode’, as well as an expiry date for offline documents. Most importantly, however, is that offline documents are protected through 256-bit encryption, preventing unauthorized access.

 

About RegDOX Solutions Inc.

RegDOX Solution’s first-to-market ITAR and NIST 800-171 (DFARS) compliant online storage and collaboration product has redefined how export-controlled and CUI documents and electronic files can be handled within regulatory requirements. This was recognized by the formal opinion of compliance provided by the US State Department’s Directorate of Defense Trade Control (DDTC). RegDOX’s unique capabilities were confirmed on August 20, 2019 when the US Patent and Trademark Office issued a patent covering RegDOX’s system to store and manage export-controlled documents in the cloud. (Patent No. 10,389,716). The RegDOX® ITAR/EAR solution provides ground-breaking and unsurpassed technology enabling the efficiency and flexibility of a cloud solution to allow multiple users located at numerous locations to collaborate using controlled data while remaining fully in compliance with the strict regulatory and licensing requirements of the ITAR and DFARS.

www.RegDOX.com

2019 – Cyber Security Summit: New York

By

RegDOX Solutions Inc. is proud to be a silver sponsor at New York’s Cyber Security Summit USA on Oct 3rd 2019. Don’t miss the chance to check out a demo of our technology platform RegDOX a “patented” online storage and collaboration solution that has redefined how export control documents and electronic files can be handled within regulatory requirements. 

Join us at the summit, booth #7 to know more about RegDOX Solutions.

 

EVENT : Cyber Security Summit: New York 2019

WHEN: Thursday, Oct 3rd 2019 from 7:45 AM – 6:00 PM EDT

WHERE: New York, NY

Registration Link : https://bit.ly/2oyfRM5

 

About RegDOX Solutions Inc.

Operating since 2007, RegDOX Solutions Inc. is a market-leading provider of highly intuitive SaaS solutions. RegDOX’s first-to-market ITAR and NIST 800-171 (DFARS) compliant online storage and collaboration product has redefined how export-controlled and CUI documents and electronic files can be handled within regulatory requirements. This was recognized by the formal opinion of compliance provided by the US State Department’s Directorate of Defense Trade Control (DDTC). RegDOX’s unique capabilities were confirmed on August 20, 2019 when the US Patent and Trademark Office issued a patent covering RegDOX’s system to store and manage export-controlled documents in the cloud. (Patent No. 10,389,716). The RegDOX® ITAR/EAR solution provides ground-breaking and unsurpassed technology enabling the efficiency and flexibility of a cloud solution to allow multiple users located at numerous locations to collaborate using controlled data while remaining fully in compliance with the strict regulatory and licensing requirements of the ITAR and DFARS.

www.RegDOX.com

Share this page.