TISAX (Trusted Information Security Assessment Exchange) is a standardized assessment and exchange mechanism designed specifically for the automotive industry. Developed by the prestigious German Association of the Automotive Industry (VDA), TISAX is built upon the VDA ISA (Information Security Assessment) catalogue, which draws its foundation from the internationally recognized ISO/IEC 27001 standard.
At its core, TISAX aims to foster a trusted environment for information security within the automotive sector. By facilitating mutual acceptance of information security assessments, TISAX eliminates the need for redundant assessments and audits. This streamlines the process and allows automotive industry participants to focus on their core operations with the confidence that robust security measures are in place.
TISAX places paramount importance on safeguarding sensitive information, protecting intellectual property, and establishing secure collaboration channels among manufacturers, suppliers, and service providers within the automotive ecosystem. It sets a high bar for information security standards, promoting a culture of trust, reliability, and secure practices throughout the industry.
Soliton's solutions are fully aligned with the security framework of TISAX (Trusted Information Security Assessment Exchange). TISAX is a standardized mechanism established by the German Association of the Automotive Industry (VDA) to ensure information security within the automotive industry. It promotes the mutual acceptance of security assessments and audits, reducing redundancies and streamlining security practices.
Our solutions embrace the core principles of TISAX, focusing on safeguarding sensitive information, protecting intellectual property, and facilitating secure collaboration among automotive industry stakeholders. By adhering to the specific requirements of TISAX, our solutions provide a robust security foundation that meets the industry's highest standards.
Some of the key areas covered by TISAX include access controls, incident management, risk assessment, business continuity, network security, data protection, encryption, vulnerability management, and secure software development. Through comprehensive security measures, we ensure that our solutions address these areas effectively, providing a secure environment for the automotive sector.
While Soliton's solutions may not encompass all aspects such as awareness and training, incident response, physical protection, risk assessment, and security assessment, they comprehensively cover the remaining requirements of TISAX. Our commitment to information security and adherence to TISAX principles enable us to create a secure ecosystem for the automotive industry, safeguarding critical information and facilitating secure collaboration.
The organization needs at least one information security policy. This reflects the importance and significance of information security and is adapted to the organization. Additional policies may be appropriate depending on the size and structure of the organization.
With MailZen, administrators are granted the ability to gain a comprehensive overview of all enrolled devices, thereby enabling them to effectively monitor and manage device authorization. By providing this level of visibility, MailZen facilitates the implementation of robust security measures, allowing organizations to ensure that only authorized devices have access to sensitive data and resources.
G/On: Upon establishing a connection using G/On, the device's specific parameters are recorded and utilized for future connections. These parameters are securely stored within the G/On database, ensuring that they can be readily accessed for auditing and compliance purposes.
It is important for each organization to know the information constituting its essential assets (e.g. business secrets, critical business processes, know-how, patents).
They are referred to as information assets. An inventory ensures that the organization obtains an overview of its information assets. Moreover, it is important to know the supporting assets (e.g. IT systems, services/IT services, employees) processing these information assets.
With MailZen, administrators are granted the ability to gain a comprehensive overview of all enrolled devices, thereby enabling them to effectively monitor and manage device authorization.
By providing this level of visibility, MailZen facilitates the implementation of robust security measures, allowing organizations to ensure that only authorized devices have access to sensitive data and resources.
Upon establishing a connection using G/On, the device's specific parameters are recorded and utilized for future connections. These parameters are securely stored within the G/On database, ensuring that they can be readily accessed for auditing and compliance purposes.
Particularly in the case of external IT services that can be used at relatively low cost or free of charge, there is an increased risk that procurement and commissioning will be carried out without appropriate consideration of the information security requirements and that security therefore is not ensured.
Policies can be based on the device specific parameters, like OS, version, Hostname etc.
Policies can be based on the device specific parameters, like OS, version, Hostname etc.
Information security risk management aims at the timely detection, assessment and addressing of risks in order to achieve the protection goals of information security. It thus enables the organization to establish adequate measures for protecting its information assets under consideration of the associated prospects and risks. It is recommended to keep the information security risk management of an organization as simple as possible such as to enable its effective and efficient operation.
Working outside the specifically defined security zones (tele-working) creates particular risks requiring corresponding protective measures.
Security zones provide physical protection of information assets. The more sensitive the information assets to be processed are the more protective measures are required.
G/On facilitates the "Just In Time" model without compromising on the required security level.
Mobile IT devices (e.g. notebooks, tablets, smartphones) and mobile data storage devices (e.g. SD cards, hard drives) are generally used not only on the premises of an organization, but also in mobile applications. This presents an increased risk with respect to e.g. loss or theft.
To check the authorization for both physical access and electronic access, means of identification such as keys, visual IDs or cryptographic tokens are often used. The security features are only reliable if the use of such identification means is handled adequately.
During initial setup the user is verified through the exchange of tokens. Once the token is set, the user is granted access through MailZen to company resources.
G/On provides the means to perform identification by using computer generated tokens, but also using smartcard tokens. Both models can be enhanced with a additional factor.
Only securely identified (authenticated) users are to gain access to IT systems. For this purpose, the identity of a user is securely determined by suitable procedures.
NetAttest EPS provides management for access rights and ensures only authorised users have access to information and IT applications. When using NetAttest EPS, it provides role based access that controls who has access to which parts of your networks.
Only from within the MailZen application access to on-premises web applications can be realised.
G/On enables remote working based on Zero Trust Application Access, therefore no other access is possible besides the specifically authorised application.
Access to information and IT systems is provided via validated user accounts assigned to a person. It is important to protect login information and to ensure the traceability of transactions and accesses.
MailZen uses the standard IdP within the organisations exchange environment. Next to this, within MailZen a user needs to be enabled by the administrator.
G/On is able to use multiple IdP's simultaneously.
The management of access rights ensures that only authorized users have access to information and IT applications. For this purpose, access rights are assigned to user accounts.
G/On uses specified policies to ensure granular access controls. This can be locally managed, but also retrieved from the group memberships in an Active Directory (AD).
When using cryptographic procedures, it is important to consider risks in the field of availability (lost key material) as well as risks due to incorrectly applied procedures in the fields of integrity and confidentiality (poor algorithms/protocols or insufficient key strengths).
All data within the MailZen container is encrypted with the highest supported encryption standard
G/On provides a proprietary encryption scheme level to ensure all data communication is securely transmitted. Furthermore, both the client and server are securely verified, ensuring that all communication is conducted within authorized contexts and channels.
When being transferred via public or private networks, information can in some circumstances be read or manipulated by unauthorized third parties. Therefore, requirements regarding the protection needs of the information must be determined and implemented by taking suitable measures during such transfer.
MailZen leverages industry-standard encryption techniques to ensure that all data communication is securely transmitted, effectively mitigating any potential security risks or threats posed by unauthorized access to sensitive data.
By implementing this robust encryption process, MailZen provides a highly secure digital environment that ensures that all data is securely transmitted through encrypted channels, thereby minimizing the risk of data breaches or unauthorized access. This approach to data communication enables MailZen to provide a comprehensive and effective security framework that is optimized to protect sensitive data and resources.
G/On provides a proprietary encryption scheme level to ensure all data communication is securely transmitted. Furthermore, both the client and server are securely verified, ensuring that all communication is conducted within authorized contexts and channels.
The objective of separating the development, testing and operational environments is to ensure that the availability, confidentiality and integrity of productive data are maintained.
NetAttest EPS supports network segmentation, and with NetAttest EPS it can be dynamic VLAN assignment. Additionally, it will authorise users and devices to predefined levels of access to these environments, based on the rules that you determine.
The aim is to both technically and organizationally ensure the protection of IT systems against malware.
NetAttest EPS reduces the attack surface and the impact of malware attacks. NetAttest EPS does not provide direct protection against malware, but by segmenting networks you minimise the risk of viruses and malware spreading through your network.
Event logs support the traceability of events in case of a security incident. This requires that events necessary to determine the causes are recorded and stored. In addition, the logging and analysis of activities in accordance with applicable legislation (e.g. Data Protection or Works Constitution Act) is required to determine which user account has made changes to IT systems.
If you have NetAttest EPS in place, you will have a log of all successful and unsuccessful login attempts, giving you control over who has access to what at each moment.
MailZen securely stores a comprehensive audit trail by logging all operational activities. This enables a detailed record of all actions taken.
In G/On, every action is monitored and recorded in a specific database. Only administrators have permission to access the contents of this database.
Vulnerabilities increase the risk of IT systems being unable to meet the requirements for confidentiality, availability and integrity. Exploitation of vulnerabilities is among the possible ways for attackers to gain access to the IT system or to threaten its operating stability.
Through purchasing ongoing support for your NetAttest EPS, you ensure that you always have available a version of the software that is patched against the latest vulnerabilities.
NetAttest EPS is the core authenticator on your network, upgrading should not lead to an interruption of service. NetAttest EPS complies with this requirement and allows you to quickly implement upgrades while users can still authenticate using certificates.
IT systems in a network are exposed to different risks or have different protection needs. In order to detect or prevent unintended data exchange or access between these IT systems, they are subdivided into suitable segments and access is controlled and monitored by means of security technologies.
NetAttest EPS supports network segmentation, and with NetAttest EPS it can be dynamic VLAN assignment. Additionally, it will authorise users and devices to predefined levels of access to these environments, based on the rules that you determine.
G/On employs a micro segmentation-like model that grants users access to applications instead of relying on network-based access.
In order to ensure control over the information assets as the information owner, it is necessary that the information assets can be safely removed or are returned, if required, when terminating the IT service.
MailZen uses enhanced encryption technology to ensure that all data is securely stored and protected from unauthorized access. By implementing this encryption process, MailZen provides a highly secure digital environment that effectively mitigates any potential security risks or data leakage.
Additionally, the removal of encryption keys renders the remaining data completely inaccessible, thereby ensuring that any data that falls into the wrong hands remains effectively protected from exploitation.
Through the implementation of advanced data security protocols, G/On prioritizes the secure management and handling of sensitive data. In order to mitigate potential security risks or threats, G/On avoids storing any data locally on the end-user device, thereby providing a highly secure digital environment that ensures that sensitive data is only accessible through secure channels and within authorized contexts.
This approach to data management enables G/On to provide a robust and comprehensive security framework, effectively mitigating any potential risks or threats to data integrity.
Clear segregation between individual clients must be ensured such as to protect own information in external IT services at all times and to prevent it from being accessed by other organizations (clients).
NetAttest EPS ensures external contractors and third party organisations are only able to access areas that they are authorised to access, even though they are not part of your company domain.
An appropriate level of information security is also maintained while collaborating with cooperation partners and contractors.
NetAttest EPS ensures external contractors and third party organisations are only able to access areas that they are authorised to access, even though they are not part of your company domain.
MailZen facilitates secure email access for external contractors.
G/On facilitates secure application access, also for external contractors