YouTestMe’s main focus is on information security. For the federal government, we ensure maximum security on both:
- Server level, and
- Software level
On a server level, we use exclusively Microsoft Azure FedRAMP-compliant servers for hosting the application which is guaranteed in our service-level agreement (SLA). These servers have been independently assessed to ensure they meet strict regulatory requirements mandated by the federal government, including but not limited to:
- Range of network security controls, including firewalls, intrusion detection and prevention systems (IDPS), and distributed denial of service (DDoS) protection.
- Encryption both in transit and at rest.
- Robust access control mechanisms to control who has access to data and resources.
- Tools and services for detecting and responding to security threats (Azure Security Center and Azure Sentinel).
- Continuous monitoring of services (e.g., regular vulnerability scanning and patch management).
- Multiple layers of physical security measures to prevent unauthorized access.
On a software level, we have gone through the rigorous DoD RMF (Department of Defense Risk Management Framework) which is created to ensure that software applications used by the DoD are secure and comply with the security requirements mandated by the federal government. YouTestMe application went through the following steps and goes through the same steps with each upgrade delivered to the DoD:
- Categorization: In this phase, the software application is identified and its security risks are assessed based on the data types it handles, its functions and operations, and the potential impact of a security breach.
- Selection: In this phase, the appropriate security controls are selected based on the categorization and assessed risks of the software application.
- Implementation: In this phase, the security controls are implemented and configured to provide the necessary security for the software application.
- Assessment: In this phase, the effectiveness of the security controls is assessed through testing and evaluation. This includes vulnerability scanning, penetration testing, and other security assessments.
- Authorization: In this phase, a designated authorization official (DAO) reviews the assessment results and grants authorization to operate (ATO) if the software application meets the security requirements.
- Monitoring: In this phase, ongoing monitoring and maintenance of the security controls are performed to ensure that the software application remains secure.
