Regulatory Compliance
Overview and Benefits
Many markets and industries today are governed by numerous regulations, laws, instructions or orders. As such, many customers who are implementing mass emergency notification systems are also required to comply with these regulations. Specifically, within the U.S. Dept. of Defense, additional certification is commonly required to show compliance with internal security standards.
See the most common regulations and standards below, along with a brief description of how AtHoc’s products accommodate these directives:
Federal Government and Military
Alerting Standards
Special Needs & Assistance
Federal Government and Military
National Institute of Standards and Technology (NIST) SP 800-53 Rev3 IA Controls at FIPS-199 Moderate Classification
AtHoc IWSAlerts Software-as-a-Service (SaaS) offering is now accredited to be compliant with the National Institute of Standards and Technology (NIST) SP 800-53 Rev3 controls FIPS-199 moderate classification for federal government information technology security requirements for public cloud applications.
- AtHoc IWSAlerts secure public cloud offering is one of the first network-centric emergency mass notification solutions to achieve the highest level of NIST compliance. This new level of security compliance meets federal government mandates for public cloud applications, as defined by the National Institute of Science and Technology. With this accreditation, AtHoc is positioned at the leading edge of the SaaS market for mass notification, now with the ability to support government and commercial organizations requiring a higher level of security and compliance
Compliance with SECDEF August 18, 2010 Memo Related to the Ft. Hood Review
After the tragic shooting of U.S. military personnel at Fort Hood in November 2009, the DoD thoroughly reviewed its approach to force protection policies, programs, and procedures. In January 2010, the DoD Independent Review identified lessons from the Ft. Hood incident and provided recommendations. Following this review, a thorough study was conducted that culminated in the August 2010 Secretary of Defense memo outlining actions the DoD is taking based on these recommendations.
- For your convenience, we have prepared a summary of the requirements as they relate to “Mass Notification and Warning Systems (MNWS)” as well as a summary of AtHoc’s solution approach, based on our extensive experience across approximately 300 DoD and DHS facilities worldwide, protecting 1.5 million military and homeland security personnel
UFC 4-021-01
Unified Facilities Criteria (UFC) 4-021-01 entitled “Design and O&M: Mass Notification Systems”, provides planning, design and construction of mass notification systems and applies to U.S. Military Departments, Defense Agencies and DoD Field Activities. Appendix C recommends adopting network-centric systems to supplement and manage existing alerting capabilities already deployed as part of facilities’ mass notification systems. The UFC outlines the value of network-based alerting for reaching all IP-connected devices such as computers, personal digital assistants, landline phones, cell phones and email while also triggering traditional notification systems such as Giant Voice and outdoor warning systems.
- AtHoc IWSAlerts is fully compliant with the UFC recommendations for network-centric alerting systems
DIACAP
DIACAP – The Department of Defense Information Assurance Certification and Accreditation Process is the new process by which systems are certified as meeting a set of security requirements and then accredited for operation by a designated official. DIACAP is the standard process under which all DoD systems will achieve and maintain their Authority To Operate (accreditation).
- AtHoc IWSAlerts has received numerous MAJCOM Approvals and Certificates to Operate, showing evidence of compliance with DIACAP
AFI 10-2501
Air Force Instruction (AFI) 10-2501 is an emergency management regulation first issued in 2005 by the Air Force Emergency Management Program Planning And Operations committee. It defines how Air Force installations should deal with physical threats such as accidents, natural disasters, HAZMAT, WMD and enemy attacks. It focuses on planning, response and recovery actions.
- Chapter 9 of the AFI focuses specifically on the requirements for emergency notification and warning systems
- AtHoc IWSAlerts meets the AFI 10-2501 requirements pertaining to emergency notification and warning systems
NMCI Certification
NMCI (Navy Marine Corps Intranet Certification) is a formal approval to allow software and hardware to be installed and operated on the Navy and Marine network.
- AtHoc IWSAlerts is NMCI certified as Commercial Off-the-Shelf (COTS) software
Alerting Standards
NIST SP 800-53 Rev3 IA Controls at FIPS-199 Moderate Classification
AtHoc IWSAlerts has been certified for its SaaS service per NIST SP 800-53 Rev3 IA controls at FIPS-199 Moderate classification. This process is equivalent to DIACAP (MAC level II) security certification processes done by our government customers. AtHoc is the only vendor to offer such certified SaaS service.
Common Alerting Protocol (CAP)
CAP - The Common Alerting Protocol (CAP) is a simple but general format for exchanging all-hazard emergency alerts and public warnings over different networks. CAP allows a consistent warning message to be disseminated simultaneously over many different warning systems, thus increasing warning effectiveness while simplifying the warning task.
OASIS Sponsor
AtHoc is an OASIS Sponsor and an active participant of both the Emergency Management Technical Committee and the recently formed Emergency Interoperability (EI) Member Section.
Emergency Alert System (EAS)
On May 31, 2007, the FCC announced it had adopted an order requiring all Emergency Alert System (EAS) participants to support CAP in order to facilitate the “efficient and rapid transmission of EAS alerts to the American public in a variety of formats (including text, audio and video) and via different means (broadcast, cable, satellite, and other networks).”
- AtHoc’s Emergency Alert System Activation Module integrates with the EAS via CAP.
- To learn more about AtHoc’s support for the Emergency Alert System and CAP click here
Special Needs & Assistance
Section 508
Section 508 of the Rehabilitation Act is a law that requires Federal departments and agencies to ensure that Federal employees and members of the public with disabilities have fair access to and use of IT systems. Section 508 applies to software applications and is primarily focused on usability for people with vision or hearing impairments.
- AtHoc IWSAlerts meets the compliance requirements of Section 508
Executive Order 13347
In July 2004, President Bush signed Executive Order 13347, Individuals With Disabilities in Emergency Preparedness, which adds to existing legislation that provides for students with disabilities, and requires public entities to include people with disabilities in their emergency preparedness effort.
