The AtHoc IWSAlerts Software-as-a-Service (SaaS) offering is now accredited to be compliant with the National Institute of Standards and Technology (NIST) SP 800-53 Rev3 controls FIPS-199 moderate classification for federal government information technology security requirements for public cloud applications. AtHoc becomes one of the first unified Internet Protocol-based EMNS vendors to achieve this level of SaaS security classification.
AtHoc IWSAlerts secure public cloud offering provides a leap forward in SaaS security, allowing organizations of any size to exploit the potential of the public cloud for emergency mass notification. The offering enables large-scale organizations to reach hundreds of thousands of personnel and account for their safety in minutes. The offering incorporates inherent redundancy through a hot-failover mechanism. It also provides system-level separation between government customers and non-government customers. All data centers are SAS70 Type II certified.
AtHoc’s unique flexible architecture supports more than 2 million government (including military) personnel, deployed via the following architectures:
* Secure Private Cloud Application – for highly secure large organizations using their internal networks
* Secure Public Cloud Application – for small to large organizations from the public cloud
* On-Premise at local sites – supporting unique local needs
* Hybrid – combination of all the above for customers requiring optimization of security, integration capability and lower costs
“AtHoc is proud to be one of the first EMNS vendors to achieve this NIST SP 800-53 certified SaaS service and is excited to be able to offer this new level of security certification to our customers,” said Aviv Siegel, CTO of AtHoc. “Our SaaS offering is available as a service from a remote hosting facility. It will speed deployment for EMNS and eliminate the need for on-site hardware, providing ultimate flexibility for operating a secure emergency notification system across any enterprise, while fully addressing government requirements for security and privacy.”
An accredited and independent third party conducted a thorough audit of AtHoc’s configuration, hosting data centers, security provisions, documentation, processes and security scans. The certification involved review of AtHoc IWSAlerts technical configuration including intrusion detection tools; and its organizational and documented processes (including configuration management, contingency plans, security incident management and others) against all NIST SP 800-53 Rev3 security and privacy controls. The AtHoc system has been recommended for certification and accredited for three years, with annual reviews.