Security

  1. Do I still own my content that is stored and processed by Scout PD?

    Yes, you always retain full ownership and control of your content.

  2. Does Scout PD mine my data, or use it in any way with 3rd parties?

    No, it is your data and yours alone.

  3. Can our agency/department manage its own encryption keys?

    Yes, Scout PD supports symmetric customer-managed keys (CMK) with 256-bit encryption. We are the only DEMS solution on the market that offers both of these feature together. They are central tenets to the FBI Cloud Computing Best Practices.

  4. How does Scout encrypt data at rest?

    The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. Encryption converts data to an unintelligible form called ciphertext; decrypting the ciphertext converts the data back into its original form.

    Scout PD supports symmetric customer-managed keys (CMK) with 256-bit encryption, per the latest CJIS guidelines.

  5. How does Scout PD encyrpt data in transit?

    Scout PD uses FIPS 140-2 Level 3 validated endpoints and uses Transport Layer Security (TLS) and maintains the latest protocol version, currently 1.2.

    We maintain current NIST guidelines concerning AES cipher suites, but we do not publicly list the algorithm subset suites that we employ. As NIST best-practice guidelines evolve, we will update and maintain accordingly. Scout PD supports symmetric customer-managed keys (CMK) with 256-bit encryption, per the latest CJIS guidelines.

  6. Does Scout PD support Multi-Factor authentication?

    Yes Scout PD enforces MFA, with or without Active Directory (‘AD’) integration. With AD integration, Scout ‘inherits’ whatever MFA settings your AD system administrator(s) have set. When creating users directly in the Scout PD directory, we enforce TOTP (Time-based One-Time Passwords) that are out-of-band and further backed by biometrics through the users mobile phone.

  7. Does Scout PD use hardened containers?

    Yes. Details on our process are available on request.

  8. What is AWS GovCloud?

    AWS GovCloud (US) are isolated AWS Regions designed to allow U.S. government agencies and customers to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements, including Federal Risk and Management Program (FedRAMP) High Department of Defense Security Requirements Guide (DoD SRG) Impact Level 5, and Criminal Justice Services (CJIS). The AWS GovCloud (US) adheres to U.S. International Traffic in Arms Regulations (ITAR) requirements.

    You can run workloads that contain all categories of Controlled Unclassified Information (CUI) data and government-oriented, publicly available data in AWS GovCloud (US). The AWS GovCloud (US) Region maintains the region with U.S. citizens only and provides customers with the ability to access the region through FIPS 140-2 service endpoints.

    AWS is the undisputed leader in FedRAMP High certified space with more than 3.5x the authorizations as Azure Government Cloud (April 2023).

  9. What is adaptive authentication?

    Adaptive authentication can block suspicious sign-ins, or require step-up authentication. For each sign-in attempt, a risk score is generated for how likely the sign-in request is to be from a compromised source. This risk score is based on many factors, including whether it detects a new device, user location, or IP address. Device fingerprinting helps track these factors. There are several second-factor authentication options in response to an increased risk level.