Cimcor
Encyclopedia
Cimcor, Inc. is a software company based in Merrillville
, Indiana
that develops security
and integrity
software. The company develops software to be used in corporate, government
, and military
initiatives to protect the nation's computer networks from unauthorized access. Cimcor's flagship software product, CimTrak
helps organizations monitor, protect, and "Self-heal" computer servers and network devices in real-time while providing audit
information including what was changed, when the change occurred, and how the change was made. Cimcor's customer base ranges from Fortune 100 companies through mid-market businesses, military and government agencies looking to address the business continuity, security, and regulatory requirements of their critical IT infrastructure.
The Federal Information Processing Standard (FIPS
) Publication 140-2, FIPS PUB 140-2, is a U.S.
government computer security
standard
used to accredit cryptographic
modules. Level 1 indicates that the cryptographic module supports the lowest level of acceptable security. Security Level 1 allows the cryptographic module to be executed using a unevaluated operating system. Security Level 2 enhances the physical security mechanisms of Security Level 1 by adding the requirement for tamper-evidence and protection.
CimTrak Integrity Suite version 2.0.6 (F)
The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria
or CC) is an international standard
(ISO
/IEC
15408) for computer security
certification. Common Criteria allows for the specification and verification of vendor claims relating to security functionality and assurance requirements. Verification of claims is performed using approved testing laboratories. The Evaluation Assurance Level
of EAL4 permits the developer to gain maximum assurance from positive security engineering based on good commercial development practices which, though rigorous, do not require substantial specialist knowledge, skills, and other resources. EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line. EAL4 is therefore applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs and are prepared to incur additional security-specific engineering costs. Augmented with ALC_FLR.2 establishes and verifies the claim that the developer has established flaw remediation procedures that describe the tracking of security flaws, the identification of corrective actions, and the distribution of corrective action information to TOE users.
Cimcor's flagship software CimTrak is the only File Integrity Monitoring tool on the Department of Defense Unified Capabilities Approved Products List. This unique factor allows CimTrak to be the only File Integrity Monitoring product available for use within the Department of Defense boundaries.
Products contained on the United States Army Approved products list have been deemed acceptable for use within the boundaries of the United States Army.
Merrillville, Indiana
Merrillville is a town in Ross Township, Lake County, Indiana, United States. The population was 35,246 at the 2010 census. Merrillville is located in the east-central portion of Lake County.-Geography:Merrillville is located at ....
, Indiana
Indiana
Indiana is a US state, admitted to the United States as the 19th on December 11, 1816. It is located in the Midwestern United States and Great Lakes Region. With 6,483,802 residents, the state is ranked 15th in population and 16th in population density. Indiana is ranked 38th in land area and is...
that develops security
Security
Security is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
and integrity
Integrity
Integrity is a concept of consistency of actions, values, methods, measures, principles, expectations, and outcomes. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions...
software. The company develops software to be used in corporate, government
Government
Government refers to the legislators, administrators, and arbitrators in the administrative bureaucracy who control a state at a given time, and to the system of government by which they are organized...
, and military
Military
A military is an organization authorized by its greater society to use lethal force, usually including use of weapons, in defending its country by combating actual or perceived threats. The military may have additional functions of use to its greater society, such as advancing a political agenda e.g...
initiatives to protect the nation's computer networks from unauthorized access. Cimcor's flagship software product, CimTrak
CimTrak
CimTrak is a commercially available File integrity monitoring and Regulatory compliance Auditing software solution. CimTrak assists in ensuring the availability and integrity of critical IT assets by instantly detecting the root-cause and responding immediately to any unexpected changes to the...
helps organizations monitor, protect, and "Self-heal" computer servers and network devices in real-time while providing audit
Audit
The general definition of an audit is an evaluation of a person, organization, system, process, enterprise, project or product. The term most commonly refers to audits in accounting, but similar concepts also exist in project management, quality management, and energy conservation.- Accounting...
information including what was changed, when the change occurred, and how the change was made. Cimcor's customer base ranges from Fortune 100 companies through mid-market businesses, military and government agencies looking to address the business continuity, security, and regulatory requirements of their critical IT infrastructure.
Company
Management Team- Robert E. Johnson III- President and Chief Executive Officer
- Dale Dougherty- Vice President
Accomplishments
Cimcor Cryptographic Module version 1.0- Validated FIPS 140-2 Level 1 and FIPS 140-2 Level 2
The Federal Information Processing Standard (FIPS
Federal Information Processing Standard
A Federal Information Processing Standard is a publicly announced standardization developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract...
) Publication 140-2, FIPS PUB 140-2, is a U.S.
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
government computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
standard
Standardization
Standardization is the process of developing and implementing technical standards.The goals of standardization can be to help with independence of single suppliers , compatibility, interoperability, safety, repeatability, or quality....
used to accredit cryptographic
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
modules. Level 1 indicates that the cryptographic module supports the lowest level of acceptable security. Security Level 1 allows the cryptographic module to be executed using a unevaluated operating system. Security Level 2 enhances the physical security mechanisms of Security Level 1 by adding the requirement for tamper-evidence and protection.
CimTrak Integrity Suite version 2.0.6 (F)
- Common Criteria EAL4 Augmented with ALC_FLR.2
The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria
Common Criteria
The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification...
or CC) is an international standard
International standard
International standards are standards developed by international standards organizations. International standards are available for consideration and use, worldwide...
(ISO
International Organization for Standardization
The International Organization for Standardization , widely known as ISO, is an international standard-setting body composed of representatives from various national standards organizations. Founded on February 23, 1947, the organization promulgates worldwide proprietary, industrial and commercial...
/IEC
International Electrotechnical Commission
The International Electrotechnical Commission is a non-profit, non-governmental international standards organization that prepares and publishes International Standards for all electrical, electronic and related technologies – collectively known as "electrotechnology"...
15408) for computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
certification. Common Criteria allows for the specification and verification of vendor claims relating to security functionality and assurance requirements. Verification of claims is performed using approved testing laboratories. The Evaluation Assurance Level
Evaluation Assurance Level
The Evaluation Assurance Level of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. The increasing assurance levels reflect added assurance requirements that must be met to...
of EAL4 permits the developer to gain maximum assurance from positive security engineering based on good commercial development practices which, though rigorous, do not require substantial specialist knowledge, skills, and other resources. EAL4 is the highest level at which it is likely to be economically feasible to retrofit to an existing product line. EAL4 is therefore applicable in those circumstances where developers or users require a moderate to high level of independently assured security in conventional commodity TOEs and are prepared to incur additional security-specific engineering costs. Augmented with ALC_FLR.2 establishes and verifies the claim that the developer has established flaw remediation procedures that describe the tracking of security flaws, the identification of corrective actions, and the distribution of corrective action information to TOE users.
- Department of Defense Unified Capabilities Approved Product List
Cimcor's flagship software CimTrak is the only File Integrity Monitoring tool on the Department of Defense Unified Capabilities Approved Products List. This unique factor allows CimTrak to be the only File Integrity Monitoring product available for use within the Department of Defense boundaries.
- United States Army Approved Product List
Products contained on the United States Army Approved products list have been deemed acceptable for use within the boundaries of the United States Army.
Partners
Cimcor has strategic relationships with technology partners located through the world.- NitroSecurityNitroSecurityNitroSecurity Inc. is a privately held United States-based provider of security information and event management technology. NitroSecurity headquarters are located in Portsmouth, New Hampshire, USA, with sales offices throughout the United States and in the United Kingdom. In 2010, Inc. magazine...
- Hewlett-PackardHewlett-PackardHewlett-Packard Company or HP is an American multinational information technology corporation headquartered in Palo Alto, California, USA that provides products, technologies, softwares, solutions and services to consumers, small- and medium-sized businesses and large enterprises, including...
- VMwareVMwareVMware, Inc. is a company providing virtualization software founded in 1998 and based in Palo Alto, California, USA. The company was acquired by EMC Corporation in 2004, and operates as a separate software subsidiary ....
- Core SecurityCore SecurityCore Security Technologies is a computer and network security company that provides IT security testing and measurement software products and services...