Security Layers

NICE CXone has several security layers within its network infrastructure. These layers provide security at all levels of the company.

NICE CXone Security and Compliance Model

The NICE CXone Security and Compliance model details the security measures used within the CXone infrastructure. This model covers the following areas:

1. Physical Security:

   • Earthquake and explosion-resistant construction.

   • Environmental controls: redundant HVAC, raised floor, locked cages, cabinets.

   • Power backed up by emergency generators.

   • Dual-interlock, pre-action, dry-pipe fire suppression.

   • Multi-layer security access with 24 x 7 x 365 closed-circuit video with guard and biometric access control.

   • Geographically diverse data centers.

   • Redundant equipment and network design.

   • Private Data Center specs. You can get available specs from AWS.

2. Compute and Storage Practices:

   • Log and system management: logs with File Integrity Monitoring (FIM), aggregated logs and system monitored, managed alerts, events rated and remedied.

   • Strong encryption. Customers manage the following private keys:

     • Secure FTP

     • HTTPS

     • SRTP

     • IPSec

     • VPN

     • Voice-over VPN, VolP Protocol used for conducting communications and multimedia sessions over the Internet.

     • Voice files encrypted at rest

     • TLS

   • MPLS, VPLS, BYO connectivity.

   • VOICE management with less than five-second RTO, sessions maintained.

   • Database redundancy and replication.

   • Secure, encrypted AWS cloud storage.

3. Network Security:

   • Highly available architecture.

   • Next generation firewalls and ACLs utilizing deep packet inspection.

   • Application servers in DMZ.

   • Quarterly network scans (like R7, Coalfire, and ASV).

   • Yearly third-party penetration tests and internal penetration testing.

   • Intrusion detection and protection (IDS/IPS).

   • Threat tracking.

   • Separate administration network.

   • BC/DR Resiliency Testing at multiple levels.

   • AWS security.

4. Monitoring and Management:

   • 24 x 7 x 365 NOC for monitoring and alert management.

   • Secondary operational site in Philippines.

   • Formal change management process, including the NICE CXone Emergency Change Control Board.

   • AV and malware protection for production and endpoints.

   • Monthly and emergency patch management.

   • Segregation of duties, need-to-know Role Based Access Control (RBAC).

   • Risk management process.

   • Capacity planning with active management.

   • Cyber Security Operations Center (CSOC).

   • Dedicated multi-team security oversight.

5. Compliance:

   • Policy and procedure governance.

   • AT 101 SOC 2 Type II and HITRUST (HIPAA).

   • Sarbanes-Oxley 404 (NICE Ltd).

   • PCI Level 1 AOC each cluster.

   • FedRAMP ATO—Moderate baseline.

   • ISO 27001 Certificate.

   • FCC, CPNI, VPAT compliance info.

   • Business Associates Agreement (HIPAA: BAA).

   • Data Protection Agreement (GDPR: DPA).

   • Privacy Policy, Shield, and SafeHarbor-model clauses.

   • IT Audit and Compliance team (ITAC).

   • User access oversight and internal auditing.

6. Application Design:

   • Agile development SCRUM methodology.

   • Tenant RBAC security model, MFA, FIM, SSO.

   • Daily builds supporting agile method.

   • Redundant and Fault Tolerant application design.

   • Source control, SDLC best practices, and code scans.

   • Multiple, separate environments: development, test, lab, staging, beta, and production.

   • Rigorous QA, unit, and regression testing.

   • OWASP Top 10, code scanning, and full QA cycles.

   • Highly available, redundant, and fault-tolerant architecture with sustainability of call sessions.