Security
PGBA has developed a mature security program to ensure the Confidentiality, Integrity and Availability of assets. A System Security Plan (SSP) and Risk Assessment (ISRA) define controls within the PGBA environment. We have adapted aspects of the Information Technology Infrastructure Library (ITIL), the Carnegie-Mellon Capability Maturity Model Integration (CMMI), National Institute of Standards and Technology (NIST), Payment Card Industry Security Standards (PCI) and Department of Defense Security Technical Implementation Guides (STIG). In an effort to stay current with evolving standards, PGBA is working with independent assessors and ISACA to prepare for the Cybersecurity Maturity Model Framework (CMMC).
Safeguards for a Strong, Compliant Culture
PGBA employs a defense-in-depth approach to security. Security, Quality and Privacy are built on a set of key principles:
- Employee/Contingent Worker Privacy and Security Training.
- Background Checks for all personnel including government clearance checks for required contracts.
- Formal staff certifications which include CISSP, CISM, CISA, CRISC, CDPSE, Sec+ and PCI DSS.
- Continuous review of Security controls which include patching, STIG configuration review, targeted phishing campaigns, penetration testing, SOC assessment, PCI DSS QSA and an annual NIST evaluation by an independent third party.
- ISO 2015:9001 and CMMI Maturity Level 4 certifications.
- Technical solutions which include the use of DMZs, Firewalls, IPS, which employ a deny-by-default policy.
- 24x7 Cybersecurity Operations utilizing advanced behavioral analytics as part of our security information and event management (SIEM) system.
- Encryption of data transmission and at rest.
- Dedicated Privacy and System Security Officers.
- Use of Multifactor Authentication: RSA and Common Access Cards to access systems.
- Data Loss Prevention and Media Sanitization processes that meet DoD standards.