Access Control
Our access control allows many features of our system to be enabled or disabled by customers as needed. WOLFCOM Cloud customers have different security needs and varying risk profiles so we know how important it is to be able to make changes to meet a specific level of risk for the customer.
How Our System Authenticates
- Customizable password length and complex password requirements
- Customizable failed login limit and lockout duration
- Enforced session timeout settings
- Mandatory challenge questions when authenticating from new locations
- Multi-factor authentication options for user login and prior to administrative actions (one time code via Email
- Restrict access to defined IP ranges (limit access to approved office locations)
AUTHORIZATION & PERMISSIONS
- Granular role-based permission management
- Application permission management (for example, allow specific users to use the web-based interface, but not a mobile application)
- Integration with directory services for streamlined and secure user management (optional)
AUDITING AND USER REPORTING & MANAGEMENT
- Detailed, tamper-proof administrator and user activity logging
- Intuitive administration web portal to manage users, permissions and roles
SECURE SHARING
- Intra-agency, inter-agency and external evidence sharing without data transfer, data duplication, physical media or email attachments
- Detailed chain-of-custody logging when sharing
- Revoke access to previously shared content
- Prevent a recipient of shared content from downloading or re-sharing evidence
EVIDENCE INTEGRITY
WOLFCOM Cloud includes features to ensure the integrity and authenticity of digital evidence. These features ensure the evidence meets chain-of-custody requirements and can be proven to be authentic and free from tampering.
- Forensic fingerprint of each evidence file using industry standard SHA hash function. Integrity is validated before and after upload to ensure no changes occurred during transmission.
- Full tamper-proof evidence audit records. Logs the when, who, and what for each evidence file. These records cannot be edited or changed, even by account administrators.
- Original evidence files are never altered, even when derivative works (video segments) are created.
- Deletion protection, including deletion approval workflows, deletions notification emails, and a deletion remorse period to recover accidentally deleted evidence files.
ENCRYPTION
Evidence data is encrypted in transit and while at rest in storage. WOLFCOM® maintains mature, audited encryption key management procedures.
Data Encryption in Transit:
- FIPS 140-2: Amazon Web Services
- TLS 1.2 implementation with 256 bit connection, RSA 2048 bit key, Perfect Forward Secrecy
Evidence Data Encryption at Rest:
- CJIS Compliant, NSA Suite B 256 bit AES encryption
SHARED SECURITY RESPONSIBILITY
WOLFCOM® has taken steps to secure WOLFCOM Cloud. As customers begin using and familiarizing themselves with our system, controls and programs, we want to make sure that that the security transition from us to the customer maintains the highest level of security at all times as they begin inheriting the system. This security inheritance enables customers to achieve levels of data security in accordance with their security policy. It is vitally important for customers to understand and implement the security practices that are within their responsibility and control at all times.
REPORTING POTENTIAL SECURITY ISSUES OR VULNERBILITIES
Any known or suspected security issues within your WOLFCOM Cloud account should be reported immediately to infosec@wolfcomglobal.com with a thorough explanation of the issue or vulnerability. Any sensitive testing results or information should be held until WOLFCOM can provide you with a secure and encrypted way to transmit that data to WOLFCOM.
Please do not disclose any vulnerability publicly or to any third party without coordination with WOLFCOM’s CJIS security team.