| |
| KHA Systems Security Certification Matrix
As of 20 March 2010 |
|
All KHA security certifications are performed in compliance with the
international ISO/IEC 27001 standard, which provides certification
procedures for the cyber security practices identified in ISO/IEC
27002. Because of KHA's global reach, we have selected these
international standards as the guidelines for our corporate security
policy. Additionally, external requirements for some lines of
business require additional certifications. For example, all of our
defense systems must comply with DoD 5200 and 8500 series guidance,
as well. |
| |
| Front Office Systems |
| Division |
System |
Step 1 Complete |
Step 2 Complete |
Step 3 Complete |
Step 3
Reassessment |
| Commercial
Aviation |
CAD/CADCAM v7.1 |
5 June 2009 |
1 July 209 |
3 August 2009 |
3 August 2010 |
| Production Plant Monitoring
System v4.2 |
12 June 2009 |
8 July 2009 |
10 August 2009 |
10 August 2010 |
| Defense Systems |
GIG Broadband System IX |
14 August 2009 |
15 September 2009 |
15 October 2009 |
15 October 2010 |
| NIPRnet node |
21 August 2009 |
22 September 20009 |
22 October 2009 |
22 October 2010 |
| USN F-18C UHF/VHF EMI-EMC
Test System |
28 August 2009 |
29 September 2009 |
29 October 2009 |
29 October 2010 |
| Space Systems |
NASA Standards and Design
System II |
6 November 2009 |
4 December 2009 |
8 January 2010 |
8 January 2011 |
| USAF GeoTalk System |
13 November 2009 |
11 December 2009 |
15 January 2010 |
15 January 2011 |
| NASA Mars Lander
Communications System |
20 November 20009 |
18 December 2009 |
22 January 2010 |
22 January 2011 |
| Research and
Development |
KHA Avionics Design and
Testing System |
6 March 2009 |
10 April 2009 |
8 May 2009 |
8 May 2010 |
| NASA Next-Generation Space
Shuttle Avionics |
13 March 2009 |
17 April 2009 |
15 May 2009 |
15 May 2010 |
|
| |
|
For the back office systems, due to the high cost of 27001
certifications and our relative inexperience with them, we have
decided to only apply the certification process to the back office
systems requiring a high overall level of security. In the future,
as KHA gets more experience with the standard, we will perform a
cost/benefit/risk analysis to determine if the ISO 27001
certification process should also be applied to the medium security
requirement systems. (It is doubtful that the low security
requirement systems will ever need the 27001 certification.) |
| |
| Back Office Systems |
| Division |
System |
Step 1 Complete |
Step 2 Complete |
Step 3 Complete |
Step 3
Reassessment |
| Finance and
Administration |
PRISM Accounts
Receivable/Payable |
9 January 2009 |
6 February 2009 |
6 March 2009 |
6 March 2010 |
| Activity-Based Cost
Accounting System |
16 January 2009 |
13 February 2009 |
13 March 2009 |
13 March 2010 |
| Knowledge Warehouse |
23 January 2009 |
20 February 2009 |
20 March 2009 |
20 March 2010 |
| Technology
Support |
Gigabit Ethernet |
27 March 2009 |
24 April 2009 |
22 May 2009 |
22 May 2010 |
| T3 Dedicated Data Circuits |
3 April 2009 |
1 May 2009 |
29 May 2009 |
29 May 2010 |
| Cisco VPN |
10 April 2009 |
8 May 2009 |
5 June 2009 |
5 June 2010 |
| Barracuda Firewalls |
17 April 2009 |
15 May 2009 |
12 June 2009 |
12 June 2010 |
| Nortel Meridian SL-100 |
24 April 2009 |
22 May 2009 |
19 June 2009 |
19 June 2010 |
| IIS and Apache Servers |
1 May 2009 |
5 June 2009 |
2 July 2009 |
2 July 2010 |
| Symantec Desktop |
8 May 2009 |
12 June 2009 |
10 July 2009 |
10 July 2010 |
|
| |
| |
