Networking and Monitoring
- Unique VPN profiles maintained to limit access to minimum locations necessary
- All production systems continuously monitored by a system with SMTP and SMS alerting capabilities
- Custom and automated checks performed within the system to monitor specific elements
- Web portal available for DIG staff to perform real-time status checks
- DIG’s system itself monitored externally by a data center NOC to ensure that all systems remain available
Data Availability and Backups
- Data maintained on systems using redundant disk arrays and redundant power supplies
- Systems backed up to tape nightly (AES 256 bit, hardware-based encryption)
- Backups monitored and verified with monthly restore capability testing
- Tapes rotated offsite to ensure availability in the event of a physical disaster
Authentication, Authorization, and Auditing
- Maintained via active directory infrastructure or AAA servers withing production infrastructures
- Unique usernames and passwords required
- Access limited to least privilege
- Audit logs from servers, firewalls, IDS, etc. reviewed each week by IS team
Secure File Transfer
- Data transfers into or out of DIG’s infrastructures use session layer encrypted tunnels via SFTP or HTTPS
- Access to these systems requires unique usernames and passwords
- Optional file-level encryption through in-house or proprietary PKI infrastructures
Physical Security
- Unmarked facility manned 24/7
- Monitored by external and internal video surveillance
- Perimeter access via card swipe/PIN combination and/or escorted and assisted by a facility engineer
- Interior access to data center controlled via card swipe/PIN combination into a mantrap with final ingress requiring a card/biometric swipe combination
- Each rack secured via combination lock on front and rear doors
Additional Security Features
- Redundant power with generator backups
- Monitored by external and internal video surveillance
- Multi-vendor, redundant commodity Internet bandwidth
- Redundant cooling
- Fire suppression controlled by pre-action delay dry system with warning and alerting infrastructure