Cloud & Platform Security
- Production infrastructure runs in a contracted, access-controlled colocation data center.
- Systems are maintained on supported operating-system versions, with end-of-life systems remediated.
- Infrastructure is monitored centrally with alerting, health dashboards, and aggregated logging.
Framework Alignment: NIST CSF PR.IR, ID.AM; CIS Control 1; GDPR Art. 32(1)(b); ISO 27001:2022 A.8.14, A.8.6
Network Monitoring & Content Filtering
- Network connections are authorized and monitored through firewall configurations and a centralized integration platform.
- Content filtering blocks malicious or suspicious sites and unapproved public-cloud services.
- Network and security telemetry is aggregated and correlated for centralized monitoring.
Framework Alignment: NIST CSF DE.CM; CIS Control 13, 9; GDPR Art. 32; ISO 27001:2022 A.8.16, A.8.23
Network Segmentation & Public-System Isolation
• Publicly accessible components are separated from internal systems; public-facing applications are hosted in isolated environments connected only through secure, certificate-based tunnels.
• IoT and operational-technology devices are isolated into restricted, non-routable network zones.
• A web application firewall and DDoS mitigation service protect public-facing applications; this coverage is standard for new builds and is being extended to remaining legacy applications.
Framework Alignment: NIST CSF PR.IR; CIS Control 12, 13; CMMC Level 1 (SC); GDPR Art. 32(1)(b); ISO 27001:2022 A.8.22, A.8.20
Next-Generation Perimeter Defense
- Next-generation firewalls are deployed across all locations with advanced malware prevention and intrusion prevention enabled.
- Communications are monitored and controlled at external and key internal boundaries.
- Firewall rule sets enforce default-deny with authorized exceptions, supported by intrusion detection/prevention and denial-of-service filtering
Framework Alignment: NIST CSF PR.IR, DE.CM; CIS Control 13; CMMC Level 1 (SC); GDPR Art. 32; ISO 27001:2022 A.8.20, A.8.21
Standardized, Centrally Managed Global Network
- Network equipment is standardized across global locations on centrally managed infrastructure.
- Site-to-site connectivity uses encrypted VPN tunnels.
- Wireless networks use strong, enterprise-grade encryption and authentication.
Framework Alignment: NIST CSF PR.IR; CIS Control 12; GDPR Art. 32; ISO 27001:2022 A.8.20, A.8.21
Zero Trust & Secure Remote Access
- A Zero Trust network access (ZTNA) capability and secure web gateway restrict access to verified users and compliant devices.
- VPN access is governed by conditional-access policies, limiting connectivity to trusted, compliant devices and blocking credential-only access from unknown machines.
- Privileged administrative access is further restricted to managed devices.
Framework Alignment: NIST CSF PR.AA, PR.IR; CIS Control 6, 12; CMMC Level 1 (AC); GDPR Art. 32; ISO 27001:2022 A.8.20, A.6.7
For additional information and documentation, please submit a request.
The controls described in this portal are part of Odyssey Logistics’ security program and are in place across the organization. Across a large environment of modern and legacy systems, implementation may vary by application, and some legacy systems may not yet include every component described. These controls are our organizational standard and continue to be extended across the environment.
