"Cyber Security is not something we take lightly or wrap around products on their way out the door. "
~ Director Strategic Business Development
Cyber security is an integral part of our design, supply chain, build and servicing practice. It is ingrained in our daily operations and not something we take lightly or wrap around products on their way out the door. It is integral to our protection of sensitive information. We’re continually working on improvements that will keep sensitive information secure and make products and the data they carry safe from intentional meddling as well as incidental interference. As a result, our customers are better able to manage threats of theft, maintain availability and functional integrity.
We optimize security compliance for both industry standards and Defense Counterintelligence and Security Agency (DCSA) requirements. Our aim is to excel in our duty to comply with DFARs 252.204-7012 for protecting Covered Defense Information (CDI) and FISMA for protecting the confidentiality, integrity and availability of our products against evolving cyber threats. Our approach and commitment produces secure outcomes that are readily implemented by customers.
Risk Management Framework
We have extensive experience with Risk Management Framework, both as a partner to our customers in achieving Authority to Operate (ATO) and as lead to support servicing for our customers. We have developed cyber packages with documentation, procedures and policy to assist with customer efforts to achieve ATO. Our commitment to our customers is to provide the information and support they need to operate our equipment in the most secure environments.
DFARs 252.204-7012 (NIST 800-171 Security Controls ~ 2017)
This applies to all systems containing Covered Defense Information (CDI). ZDS Inc. is fully compliant to SP800-171 that is derived from SP800-53.
Process & Documentation
We develop and maintain complete documentation of all security implementations with a functional description of the control implementation (including planned inputs, expected behavior, and expected outputs). We actively use our documentation and structured process to understand risk, assess controls and take actions to mitigate risks. .