Odyssey Logistics Assurance & Trust Portal is designed to provide customers, partners, and stakeholders with clear visibility into the strength and maturity of our cybersecurity and compliance program. Our security framework is aligned to the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), ensuring a structured, risk-based approach across the core functions of Identify, Protect, Detect, Respond, and Recover. Within the portal, visitors can review how these critical security program functions are operationalized through governance policies, technical safeguards, continuous monitoring, incident response planning, and third-party risk management. By organizing our controls and practices in alignment with NIST CSF, we provide transparency into how we manage cyber risk, protect sensitive data, and support resilient logistics operations for our global customers.
- Identity & Access Management
Multi-factor authentication (MFA) is enforced enterprise-wide, including all remote and privileged access. Highly privileged roles use just-in-time privileged access with phishing-resistant hardware security keys. MFA exceptions are governed and tracked through conditional-access policies.
Feature Alignment: NIST CSF PR.AA; CIS Control 6; CMMC Level 1 (IA); GDPR Art. 32; ISO 27001:2022 A.8.5, A.5.17
- Identity & Access Management
Privileged and service-account credentials are vaulted and rotated in a privileged access management (PAM) solution; local administrator passwords are uniquely managed. Elevated-privilege accounts are audited and aligned to least privilege. Credential hygiene is audited against known breach datasets, and compromised credentials are rotated.
Featured Alignment: NIST CSF PR.AA; CIS Control 5, 6; GDPR Art. 32; ISO 27001:2022 A.8.2, A.5.17
- Network Security
Next-generation firewalls are deployed across all locations with advanced malware prevention and intrusion prevention enabled. Communications are monitored and controlled at external and key internal boundaries. Firewall rule sets enforce default-deny with authorized exceptions, supported by intrusion detection/prevention and denial-of-service filtering
Framework Alignment: NIST CSF PR.IR, DE.CM; CIS Control 13; CMMC Level 1 (SC); GDPR Art. 32; ISO 27001:2022 A.8.20, A.8.21
- Network Security
A Zero Trust network access (ZTNA) capability and secure web gateway restrict access to verified users and compliant devices. VPN access is governed by conditional-access policies, limiting connectivity to trusted, compliant devices and blocking credential-only access from unknown machines. Privileged administrative access is further restricted to managed devices.
Framework Alignment: NIST CSF PR.AA, PR.IR; CIS Control 6, 12; CMMC Level 1 (AC); GDPR Art. 32; ISO 27001:2022 A.8.20, A.6.7
- Network Security
• Publicly accessible components are separated from internal systems; public-facing applications are hosted in isolated environments connected only through secure, certificate-based tunnels. • IoT and operational-technology devices are isolated into restricted, non-routable network zones. • A web application firewall and DDoS mitigation service protect public-facing applications; this coverage is standard …
Framework Alignment: NIST CSF PR.IR; CIS Control 12, 13; CMMC Level 1 (SC); GDPR Art. 32(1)(b); ISO 27001:2022 A.8.22, A.8.20
- Network Security
Network equipment is standardized across global locations on centrally managed infrastructure. Site-to-site connectivity uses encrypted VPN tunnels. Wireless networks use strong, enterprise-grade encryption and authentication.
Framework Alignment: NIST CSF PR.IR; CIS Control 12; GDPR Art. 32; ISO 27001:2022 A.8.20, A.8.21
- Network Security
Network connections are authorized and monitored through firewall configurations and a centralized integration platform. Content filtering blocks malicious or suspicious sites and unapproved public-cloud services. Network and security telemetry is aggregated and correlated for centralized monitoring.
Framework Alignment: NIST CSF DE.CM; CIS Control 13, 9; GDPR Art. 32; ISO 27001:2022 A.8.16, A.8.23
- Network Security
Production infrastructure runs in a contracted, access-controlled colocation data center. Systems are maintained on supported operating-system versions, with end-of-life systems remediated. Infrastructure is monitored centrally with alerting, health dashboards, and aggregated logging.
Framework Alignment: NIST CSF PR.IR, ID.AM; CIS Control 1; GDPR Art. 32(1)(b); ISO 27001:2022 A.8.14, A.8.6
- Physical Security
Physical access to facilities, equipment, and operating environments is limited to authorized individuals using badges, card readers, and electronic locks under the physical security policy. Access is logged, periodically reviewed, and promptly revoked when no longer required. Sensitive areas such as server and computer rooms are restricted to authorized personnel.
Framework Alignment: NIST CSF PR.AA; CMMC Level 1 (PE); GDPR Art. 32; ISO 27001:2022 A.7.1, A.7.2
- Physical Security
Visitors are escorted and their activity monitored, and visitor access is recorded. Physical access audit logs are maintained and retained per requirements. Facilities and server rooms are monitored around-the-clock by closed-circuit television (CCTV), with surveillance data protected and retained per policy.
Framework Alignment: NIST CSF DE.CM, PR.AA; CMMC Level 1 (PE); GDPR Art. 32; ISO 27001:2022 A.7.2, A.7.4
The controls described in this portal are part of Odyssey Logistics’ security program and are in place across the organization. Across a large environment of modern and legacy systems, implementation may vary by application, and some legacy systems may not yet include every component described. These controls are our organizational standard and continue to be extended across the environment.
