Compliance

Accessibility

Veritas prioritizes accessibility in its digital offerings, ensuring alignment with the Web Content Accessibility Guidelines (WCAG) set forth by the World Wide Web Consortium. While achieving universal accessibility can present challenges, Veritas undertakes regular evaluations of its platforms. By addressing any identified issues promptly, Veritas showcases its unwavering commitment to providing an inclusive user experience for everyone.

AWS GovCloud

AWS GovCloud (US) is designed for government customers and their partners, offering a secure cloud solution environment. It ensures compliance with several stringent standards and regulatory frameworks, including:

• FedRAMP High Baseline
• Department of Justice’s Criminal Justice Information Systems (CJIS) Security Policy
• U.S. International Traffic in Arms Regulations (ITAR)
• Export Administration Regulations (EAR)
• Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) for Impact Levels 2, 4, and 5
• FIPS 140-2
• IRS-1075

This ensures that users can operate within a compliant, secure, and flexible cloud infrastructure tailored to the unique needs of government entities.

Azure Government

Microsoft Azure Government has been developed to meet the rigorous compliance standards required by U.S. government entities. It has secured approvals and authorizations from critical frameworks, such as:

• Federal Risk and Authorization Management Program (FedRAMP)
• Department of Defense (DoD) Cloud Security Requirements Guide (SRG) for Impact Levels 2, 4, and 5

For its specific U.S. government regions—Arizona, Texas, and Virginia—Azure Government has earned:

• FedRAMP High Provisional Authorization to Operate (P-ATO) from the Joint Authorization Board (JAB)
• DoD IL2, IL4, and IL5 Provisional Authorizations (PA) issued by the Defense Information Systems Agency (DISA), and IL5 Provisional Authorizations issued by the Defense Information Systems Agency (DISA)

Common Criteria

The Common Criteria for IT Security Evaluation, together with its counterpart, the Common Methodology for IT Security Evaluation, serves as the foundational element of the international Common Criteria Recognition Arrangement. This ensures that:

• Products undergo evaluation by independent, licensed labs to verify specific security feature
• Documents guide the certification process detailing the application of the criteria and methods for different tech types
• Certificates validating an evaluated product’s security attributes can be distributed by numerous Certificate Authorizing Schemes, all based on the evaluation results
• All CCRA signatories recognize these certificates

DISA STIG

The Defense Information Systems Agency’s (DISA) Security Technical Implementation Guides (STIGs) serve as configuration benchmarks intended to optimize security across both hardware and software. Their primary goal is to protect the Department of Defense’s IT infrastructure.

FedRAMP

• Managing data on internal hardware is often complicated, time consuming and expensive; but the cloud if not managed correctly is a potential security risk
• Federal Risk and Authorization Management Program (FedRAMP) created “a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services"
• bluesource has worked with Veritas to create a secure cloud solution that complies with the strict FedRAMP guidelines to create a secure environment within Microsoft Azure for federal agencies to access Enterprise Vault, the eDiscovery Platform, and Merge1 as SaaS solutions
• Government organizations can meet “Cloud Smart” requirements, improve their FITARA score, and observe immediate cost savings without hiring any additional staff
• The customer will own the Veritas software license just like on-prem; bluesource will quote the Hardware and Management Fees for it to be fully hosted and managed as per FedRAMP’s strict requirements
• To receive a quote or for more information, bluesource can be reached by email at sales@bluesource.net

FIPS 140-2

The Federal Information Processing Standard (FIPS) 140-2 outlines security expectations for cryptographic modules. It covers a spectrum of applications and surroundings through four progressive qualitative stages. Key areas include design specifications, ports, interfaces, roles, physical security, operational environment, cryptographic key management, electromagnetic considerations, self-tests, design assurance, and attack mitigation.

SOC 2

SOC 2 assessments provide independent, third-party examination documents that highlight how an organization upholds essential compliance controls and aims. Developed in line with the Auditing Standards Board of the AICPA’s Trust Services Criteria, these evaluations focus on an organization’s information systems in relation to aspects like security, availability, integrity, confidentiality, and privacy.

WORM Compliance

Policies set by the Financial Industry Regulatory Authority dictate that data must be securely retained, encrypted, and immutably stored on Write Once Ready Many (WORM) media. Such data must be retrievable, with organizations capable of providing comprehensive audit trails for data usage and deletion.