NISP Operating Manual
Many of our security practices are aligned to the DoD 5220.22-M. We are also GDPR-compliant, and exportable.
Dispel’s personnel practices apply to all employees and contractors who make up the Dispel workforce. All workers are required to understand and follow internal policies and standards.
Prior to access to Dispel systems, workers agree to confidentiality agreements and consent to background investigations. The depth of a personnel security investigation depends on the kind of access the individual may have. Workers also attend regular security awareness training, including topics such as device security, avoiding phishing, data privacy, physical security, incident reporting, and workplace ethics.
Upon termination of work at Dispel, all access to Dispel systems is removed immediately.
Dispel provides all employees with security training and briefings commensurate with their involvement with sensitive information. This training covers topics such as general security awareness, device security, insider threat awareness, reporting requirements, and data protection. Workers are encouraged as part of the culture to personally verify identities when access requests are made.
Cybersecurity is geopolitical. Dispel is sensitive to the risks associated with possible foreign ownership and influence. To that end, we have taken the following steps:
Our core technology is developed on U.S. soil. Technology areas with lesser security requirements, such as our informational website, may be developed in both U.S. and allied territories. Dispel does not outsource software development.Our engineers are U.S. citizens or authorized for employment by the U.S. Government.
Some of our systems use open source software, which we do not control. When we use open source software, we reasonably update which software is used in a publicly available list.
Dispel has defined roles and responsibilities to distinguish which personnel have security obligations and responsibilities. At the center of our security efforts is the Dispel Security Team. These personnel are responsible for supervising and directing security measures necessary for implementing applicable requirements for sensitive information.
Access to Dispel workstations are secured by video surveillance, locks, keyed access, and intrusion detection systems as appropriate for the sensitivity of the material handled at the relevant facility.
All computers used by workers are configured to comply with our standards for security. These standards require all computers to be properly configured, kept updated, and run security monitoring software. When new workers start, their computers are configured to encrypt data, have strong passwords, restrict remote access, and lock when idle. Computers run up-to-date monitoring software to report and detect potential malware and malicious activity.
Dispel has internal policies we maintain in order to safeguard information, and create a culture of trust and security awareness. This document is among those. Through culture and policy, our security documents help Dispel workers operate reliably and ethically. These policies are living documents, and are updated and made available to all workers to whom they apply.
When appropriate for meeting a particular standard, Dispel undergoes independent audits of our procedures and facilities. When appropriate and with approval, some customers also perform their own security audits of our technology. Our Security Team works with other companies' security and architecture teams to make sure we address questions prior to a deployment.
We undergo regular independent white box penetration testing. The results of these tests can be made available under a non-disclosure agreement.
Dispel maintains security risk management policies supporting SOC 2, ISO 27001, and GDPR. We do not hold SOC 2 and ISO 27001 certifications, but will work with clients in completing their SIG questionnaires.
Dispel does not maintain its own data centers, and instead utilizes third-party cloud providers. Those providers often do hold additional certifications beyond what Dispel has. In circumstances where clients use their cloud credentials in Dispel, we will use those credentials as directed to provision resources for the client.
Dispel uses version control software to store code. We try to push code to production as often as safely possible, so bugs get fixed quickly. We like to have second sets of eyes look at code. When code moves from a feature branch to staging to production, it is subject to a code review when the pull request is made to merge the branch into staging.
Dispel divides its networks into separate infrastructure in order to protect more sensitive information. Systems supporting testing and development environments are distinct from production environments. Access and credentialing to production systems and databases is restricted to engineers with specific business requirements.
Network access to production systems are isolated to protocols needed to support the applications. System logs are generated and stored in accordance with customer requests, for alerting and monitoring. For that reason, Dispel security and engineering teams receive notifications depending on state and status of Dispel network infrastructure.
Dispel employs a system of least trust when granting systems access in order to minimize the risks of a data breach and the possibility of insider threat. Dispel grants access to code repositories, billing systems, customer relationship management tools, email servers, and cloud environments based upon business requirements.
Workers must request access from their manager or responsible owner when seeking to escalate privileges. When workers no longer require access, their credentials are revoked. Access audits are conducted quarterly to determine if granted accesses are still necessary.
Dispel requires the use of approved password managers. Password managers help prevent the re-usage of passwords and reduce the chance that passwords are physically written down. They also reduce the risk of successful phishing attacks.
To further minimize the risk of unauthorized access, Dispel requires multi-factor authentication on systems containing more sensitive information. Where applicable, Dispel uses private keys for authentication. Where SSH keys are used, access is restricted to individuals with business requirements necessitating knowledge of those SSH keys.
When credentials are transmitted between workers, encryption methods such as public-key cryptography or out-of-band transmission are used. When credentials are encrypted using public keys for transmission, data transit is still conducted under encrypted protocols. In production environments requiring the highest level of security, single-tenant systems are provisioned without root access and will not provide access credentials to anyone.
For clients who want to restrict access to their dedicated Engines, Dispel uses the Two-Person Concept (TPC) for tamper control measures. TPC is designed to make sure that neither the client nor Dispel peronnel can perform an unauthorized procedure on the Engine without the others' knowledge. Engines under the STCDP are stationed behind a jump host whose access keys are held by the client. Access keys to the Engine are held by authorized Dispel personnel. The client must open an access tunnel on the jump host for the Dispel personnel to route through to the Engine.
If a security incident is detected, Dispel's computer security incident response team (CSIRT), which is part of the Security Team, will respond. The CSIRT's goal is to minimize and control the damage resulting from incidents by responding and recovering, and subsequently putting in corrections to prevent similar future incidents from taking place.
We help customers align towards each of these frameworks.
Dispel transmits information over the public Internet. We protect data in transit with strong encryption, reviewing and updating to employ the latest cryptographically reliable cipher suites.
For example, at this time, when you are connected to your Dispel services through our client application or a hardware device, and for internal server-to-server transmissions, we use two layers of cascade ciphered AES-256-CBC with independent 4096-bit RSA keys for the initial key exchange. Keys are typically generated by segmented compute systems designed with randomness in mind, and distinguished between clients.
When you are using one of our browser-accessible applications, we employ AES-256-GCM encryption. These may be secured using SHA-256 with 2048-or 4096-bit RSA keys, depending on the security requirements of the application. This means many communications through Dispel are protected by three layers of encryption. We encrypt data multiple times, using different ciphers, for several reasons. As one example, by using different ciphers encrypted data is less susceptible to a zero day flaw that could affect both at the same time.
With enforced MFA through ToTP and hardware tokens, single sign-on, and Active Directory integration. Granular user permissions are defined on a per-Enclave basis according to the principles of Least Privilege.
With rare, explicitly stated exceptions, Dispel production environments are single-tenant for each customer. This prevents one client from abusing the information they have about their Dispel network in order to attempt to attack another client on the same system. It also means any threat is segmented to a per-client minimum attack vector.
Client data is encrypted at rest in file systems, but client machines are usually active and therefore those drives are mounted in the OS. The hardware is subject to physical safeguards.
You choose what information to keep, and we burn the rest. All of our components speak syslog, which we can consolidate and forward to a central SOC or SIEM according to customer requirements.
Dispel can be deployed across 250+ global datacenters. You choose where you want your servers to be. Or, you choose a region, and we’ll randomize within it.
As we like to say, we don’t just lock the door behind you, we remove the door entirely. As your systems are always rotating through new machines, the old ones are formatted clean.