We use cookies on our website to analyze website usage and to help secure the website against misuse. Advertising and functional cookies are not used in our site or our web application products.
By clicking “Accept Essential Cookies Only”, you consent to us placing these cookies.
We comply with GDPR, SOC 1, SOC 2, HIPAA, and FedRAMP. We try to go far beyond these standards in everything we do.
Since 2003, xAssets products have been used by Army, Navy and Air Force and government defense contractors in the US, UK and Germany. Applications have included Servicing and Maintenance, Explosives Management, ITAM, network discovery, and help desk solutions. This means our products are regularly tested to be compliant with the strictest security standards and we uphold the same levels of governance and security in our server configurations and consulting services.
The xAssets cloud runs exclusively Windows Server 2022. Every server runs an identical configuration, is firewalled, encrypted, and is locked down to US DoD STIG requirements with continuous monitoring.
You can read more about our hosted infrastructure here .
A PDF document covering xAssets security is here .
Customer data is protected as follows
The US Air Force granted certification in January 2018 for all xAssets Version 7 products to be used on the two main US air force networks - NIPRNET and SIPRNET. This means the product is written to the highest standards and specifications and has passed stringent tests covering all aspects of software security in a web based environment.
This means that the products are safe to use in web environments and best practises have been deployed. xAssets goes beyond these standards, so for example we provide a means to allow cloud customers to save discovery credentials directly on their network with no transmission over the web, and the product requires high encryption SSL to function, thus disallowing low security communication protocols.
Our cloud platform is highly secured to STIG requirements, these are the standards set by the US Department of Defense (DoD). See the Hosted Infrastructure page for details.
Data Security for hosted implementations is covered through a comprehensive Backup and Disaster Recovery Plan, which includes backup to multiple geographically distinct sites. Server failover is implemented for all enterprise installations.
Onsite implementations take care of their own backup and Disaster Recovery provisions. xAssets Engineers will help guide customers through the implementation of an effective strategy as part of the deployment process.
All solutions have the option to restrict data for specific user groups. See below.
Users see just the data records and functionality they need.
User Security is implemented through the user of User Groups. Each group has specific permissions, and can have its own dashboards, menus, queries and reports. Each user group can also have restricted access to data.
Self Service profiles can also be implemented within xAssets Applications. This allows end users access to request assets, create and manage their own help desk calls, and manage their own assets, tasks, purchase orders, approvals, maintenance processes and other processes configured to the customers requirements.
The business rules within the xAssets application implement audit history recording as follows:
xAssets is undergoing a SOC 2 type 1 audit during 2023. From there we will proceed into continuous SOC 2 type 2 audits for 2024 and beyond.
xAssets solutions and frameworks were certified for use on US Air Force networks NIPRNET and SIPRNET in 2018.
All systems are patched weekly. Availability, vulnerability, firewall, logs and penetration scans run continuously
