Security of TechDoc

The TechDoc System has an extensive list of security features. Some of the highlights include:

  • Meets Government Agency requirements for storing ITAR and EAR data. ITAR stands for US International Traffic in Arms Regulations and EAR stands for Export Administration Regulations.
  • Meets NASA's NPR 2810.1A which is the NASA standard that covers procedures and guidelines for implementing security for Information Technology Systems. TechDoc supports all information categories of NPR 2810.1A including MSN (Mission Critical). This includes capabilities like a password exclusion dictionary, password length and content restrictions, break-in detection and reporting, password lifetimes, account lifetimes, etc.
  • Supports Two Factor Authentication, such as RSA's SecurID®; which requires the user to have something (the SecurID token) and requires the user to know something (the username and pin associated to the token).
  • Supports a plug-in architecture for log in authenticators. Each user may be assigned to any available authentication service recognized by the server.
  • Supports document information categories, such as ITAR, EAR, Commercial/Financial, Proprietary, Non-Sensitive, etc. Each category can be set to place different restrictions on documents within that category, such as should documents of this category be allowed on this server, should documents of this category be encrypted on this server, should the text of a document in this category be indexed by the search engine, etc.
  • Supports encryption of documents while stored on the system.
  • Supports encrypted transmission via HTTPS, including use of PKI, client certificates, greater than 2048-bit certificates, etc.
  • Supports an internal firewall to limit access based on the client's IP address. This permits capabilities like allowing users to fetch documents from anywhere but they can only log in to make changes from a computer at their work site.
  • Maintains an audit trail of changes, log ins, log outs, document fetches, etc.