OiX - A Promise of Security.
OiX has standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. OiX Hyperledger supports private (permissioned) Blockchain through its identity management service which authenticates all participants in the network. OiX adopts NIST Security standards FIPS ,compliant cryptography module to prove the authenticity and integrity of the digital assets. The OiX security authorization using the FedRAMP requirements which are FISMA compliant and based on the NIST 800-53 rev3, (800-53, 8003-47) and FIPS 199 and 200
- Improves real-time security visibility
- Increases confidence in security of OiX platform
- Provides a uniform approach to risk-based management
- Ensures consistent application of existing security practices
- Increases automation and near real-time data for continuous monitoring
- Accelerates the adoption of secure OiX platform through reuse of assessments and authorizations
- Improves the trustworthiness, reliability, consistency, and quality of the Federal security authorization process
- Achieve consistent security authorizations using a baseline set of agreed upon standards to be used for OiX product approval in or outside of FedRAMP
- Prevents anyone — even root users and administrators — from accessing sensitive information
- Deny illicit attempts to change data or applications within the network.
- Carefully guard encryption keys using the highest-grade security standards so they can never be misappropriated.
OiX network security capabilities increase privacy and control network access.
- VPN and firewalls create private networks, and control network access
- Data in transit uses TLS Encryption across all services
OiX leverages auto-scaling DDoS mitigation technologies.
Data integrity services address the unauthorized or accidental modification of data. This includes data insertion, deletion, and modification. To ensure data integrity, a system must be able to detect unauthorized data modification. The goal is for the receiver of the data to verify that the data has not been altered. Confidentiality services restrict access to the content of sensitive data to only those individuals who are authorized to view the data.
Confidentiality measures prevent the unauthorized disclosure of information to unauthorized individuals or processes.
Identification and authentication services establish the validity of a transmission, message, and its originator. The goal is for the receiver of the data to determine its origin.
Non-repudiation services prevent an individual from denying that previous actions had been performed. The goal is to ensure that the recipient of the data is assured of the sender’s identity.
Know the OiX Shared Responsibility Model
OiX provides a secure global infrastructure and services. OiX shared responsibility model, which requires OiX and customers to work together towards security objectives. OiX provides secure infrastructure and services, while you, the customer, are responsible for secure operating systems, platforms, and data. OiX provides services and features you can use to enhance security. To ensure secure services, OiX provides technologies you can implement to protect data at rest and in transit.
OiX Advisories and Bulletins.
OiX provides advisories around current vulnerabilities and threats and enables customers to work with OiX security resources to address concerns like reporting abuse, vulnerabilities, and penetration testing.ANTIFRAUD PROVISIONS
MANIPULATIVE AND DECEPTIVE PRACTICES:
It shall be unlawful for any person, directly or indirectly, by the use of any means or instrumentality of interstate commerce, or of the mails or of any facility of Open Investment exchange,
- To employ any device, scheme, or artifice to defraud,
- To make any untrue statement of a material fact or to omit to state a material fact necessary in order to make the statements made, in the light of the circumstances under which they were made, not misleading, or
- To engage in any act, practice, or course of business which operates or would operate as a fraud or deceit upon any person, in connection with the purchase or sale of any security."
To use or employ, in connection with the purchase or sale of any security registered on a Open Investment Exchange or any security not so registered, or any securities-based swap agreement (as defined in section 206B of the Gramm–Leach–Bliley Act), any manipulative or deceptive device or contrivance in contravention of such rules and regulations as the Commission may prescribe as necessary or appropriate in the public interest or for the protection of investors