Cardinal is an industry leader in secure IP services. As a government contractor, our systems must annually pass a Federal Information System Management Act (FISMA) audit based on National Institute of Standards and Technology (NIST) requirements.
In addition, we voluntarily undergo semi-annual third party SSAE-16 audits. A report from this audit is available to current and potential clients. Our services are hosted from a Tier III data center and our data backups are transported to a secure offsite facility by a reputable tape vaulting service.
Cardinal is 100% U.S. owned and operated. All of our staff members are employees who have passed rigorous background checks.
Looking for additional information regarding Cardinal’s security standards? Our security team would be happy to assist you. Please contact us with any questions, or to request a copy of our current SSAE-16 audit report.
Standard Security Controls
| Management Security | ||
|---|---|---|
| ✓ | Security Assessment and Authorization | Multiple annual security audits |
| ✓ | Planning | Documented system security plan |
| ✓ | Risk Assessment | Automated vulnerability and configuration compliance scanning |
| ✓ | Security Assessment and Authorization | Multiple annual security audits |
| Operational Security | ||
| ✓ | Awareness and Training | Required security awareness training for all employees |
| ✓ | Configuration Management | Enforced system security baseline configurations |
| ✓ | Contingency Planning | Disaster recovery plan, cyber incident insurance |
| ✓ | Incident Response | Incident response training and testing |
| ✓ | Maintenance | Scheduled system maintenance tasks performed by approved personnel |
| ✓ | Media Protection | Secure offsite backup data vaulting |
| ✓ | Personnel Security | Rigorous background checks required for all employees |
| ✓ | Physical and Environmental Protection | Tier III data center |
| ✓ | System and Information Integrity | Malicious code protection, virus and spam protection, scheduled software patch updates | Technical Security |
| ✓ | Access Control | Role and permission based system access control restrictions, separation of duties |
| ✓ | Audit and Accountability | Extensive system event logging, monitoring, and auditing |
| ✓ | Identification and Authentication | 2-factor authentication |
| ✓ | System and Communication Protection | Intrusion prevention system and encrypted data communications |
Patent Searches