FBI’s 2016 Cyber crime report released

Last week, the FBI’s Internet Crime Complaint Center (IC3) released its 2016 Crime Report on the different types of reported cybercrimes and their subsequent losses. In 2016, the IC3 received a total of 298,728 complaints with losses exceeding $1.3 billion. The top three types of cybercrime reported were non-payment and non-delivery, personal data breach, and payment scams, while the top types of cybercrime by reported loss were Business Email Compromise (BEC), romance and confidence scams, and non-payment and non-delivery scams.

Other types of cybercrime that wreaked havoc in 2016 are ransomware, tech support fraud, and extortion. Through tactics such as phishing emails, fraud tech support calls, and/or government impersonation schemes, victims are threatened with financial or physical harm or the release of personal information. Once they have control over the device, cyber criminals can install viruses, hold onto the application or threaten to destroy it unless a ransom is paid, usually with virtual currency as a payment mechanism, and can access financial accounts to wire funds. These tactics are only expected to evolve and grow in popularity as cyber threats become more deceiving. The IC3 has created an accessible report of complaints organized by state, so you can examine and be made aware of the top Internet crime trends in your area.

Here are some other patching and prevention tips to protect yourself from cybercrime:
    • Be aware of what you post on social media. Make sure all media accounts are private,
       require two-factor authentication, and use secure passwords.
    • Be suspicious of opening email links or ZIP file attachments, even if the sender seems
       to be someone you know. Verify if an email is legitimate by checking previous statements
       for contact information and/or contacting a company directly.
    • Patch your operating systems and applications with the latest security updates.
       Older software is more vulnerable to attack.
    • Be cautious in supplying personal or financial information on the Internet,
       especially if a website is not secure. A website may look the same as a legitimate
       site, but vary in URL spelling or domain.
    • Install anti-virus software and firewalls to reduce susceptibility.

Only 15 percent of the nation’s cybercrime victims report their cases to law enforcement, though any report of Internet fraud to the IC3, no matter the dollar amount helps the FBI gain a better understanding of Internet crime. Victims are encouraged to file a complaint at http://www.ic3.gov/ and can take further actions to alleviate loss by contacting banks and/or credit card companies to block accounts, attempt to recover lost funds, and to track credit transactions.

For more information on, refer to the links below:
https://pdf.ic3.gov/2016_IC3Report.pdf
https://www.fbi.gov/news/stories/ic3-releases-2016-internet-crime-report
https://www.us-cert.gov/security-publications/Ransomware

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

Talk to an Expert

FoxGuard monitors attack targeting ICS – Crash Override / Industroyer

Earlier in the week, an attack framework was brought to the attention of the cyber security industry that specifically targets industrial control systems. This framework is being referred to as Crash Override, and Industroyer.

It is largely believed that this framework was utilized in the Ukraine attack in December of 2016 which shutdown a large portion of the Kiev, Ukraine transmission substation. Currently analyzed versions of the framework show that the attackers have an extensive knowledge of industrial control systems used in electric power systems.

Support has been observed for the following ICS protocols:
   •    IEC 60870-5-101
   •    IEC 608570-5-104
   •    IEC 61850
   •    OLE for Process Control Data Access (OPC DA).

There have not been any observed cases of the malware utilizing the DNP3 protocol, which is the preferred protocol used in North America as opposed to IEC 101 and IEC 104. This, however, does not mean the DNP3 module does not exist in the framework and has not been revealed. Due to the modular design of the attack framework, a DNP3 module could also be easily implemented if there is not one already.

The attack gains access to ICS equipment through the HMI’s controlling them. It is therefore extremely important to make sure all HMI’s are updated fully, and hardened to the fullest extent. The framework has three primary modules: the backdoor, the launcher module, and the payload module. The backdoor authenticates with a local proxy and opens an http channel to a command and control server, which is used to send commands to the framework. The launcher module starts itself as a service, loads the payloads defined during execution, then starts a time to launch a data wiper, which renders the system unusable. The payload modules carry out the actual attack on the ICS equipment and contains protocol specific information.

Microsoft has also released patches to deprecated operating systems to harden against several vulnerabilities such as remote code execution. Microsoft has released these patches due to “heightened risk of exploitation due to past and threatened nation-state attacks and disclosures.” Operating systems still in support received the patches as well. The release of these patches does NOT constitute a return to service for the deprecated operating systems and was only released due to the severity of the vulnerabilities. The deprecated operating systems that the patches were made available for are as follow: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. It is strongly recommended to apply these patches as soon as possible to prevent attacks to your systems.

For more information on Crash Override / Industroyer, refer to the links below:
https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf
https://dragos.com/blog/crashoverride/CrashOverride-01.pdf

For more information on Microsoft’s release of patches, refer to the links below:
https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms
https://technet.microsoft.com/en-us/library/security/4025685.aspx#ID0ETJAC

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

Talk to an Expert

Confirm the Wannacry patch is installed

Microsoft released a patch in March of this year for all currently supported operating systems. Due to the seriousness of the WannaCry ransomware attack, Microsoft has also provided security updates for previously unsupported operating systems. Here are some tips that can be used to confirm the WannaCry patch is installed on your system.

Windows 7
   • To see if the patch is already installed:
   • Click Start > Control Panel > System and Security.
   • Under Windows Update click the View installed updates link.
   • Scan the list (which can be alphabetized by clicking the box marked Name, or sorted by date) to see
      if you have ANY of these patches installed, then you are protected:
           –      2017-05 Security Monthly Quality Rollup for Windows 7 (KB4019264)
           –      April, 2017 Preview of Monthly Quality Rollup for Windows 7 (KB4015552)
           –      April, 2017 Security Monthly Quality Rollup for Windows 7 (KB4015549)
           –      March, 2017 Security Monthly Quality Rollup for Windows 7 (KB4012215)
           –      March, 2017 Security Only Quality Update for Windows 7 (KB4012212)

Windows 8.1
   • To see if the patch is already installed:
   • Click Start > Control Panel > System and Security.
   • Under Windows Update click the View installed updates link.
   • Scan the list (which can be alphabetized by clicking the box marked Name, or sorted by date) to see
      if you have ANY of these patches installed, then you are protected:
           –      2017-05 Security Monthly Quality Rollup for Windows 8.1 (KB4019215)
           –      April, 2017 Preview of Monthly Quality Rollup for Windows 8.1 (KB4015553)
           –      April, 2017 Security Monthly Quality Rollup for Windows 8.1 (KB4015550)
           –      March, 2017 Security Monthly Quality Rollup for Windows 8.1 (KB4012216)
           –      March, 2017 Security Only Quality Update for Windows 7 (KB4012213)

Windows 10
   • CREATORS UPDATE (version 1703) is OK.
   • ANNIVERSARY UPDATE (version 1607) – If you have Build 14393.953 or later, you are fine.
      If you do not, use Windows Update to install the latest build 14393.1198.
   • FALL (er, November) UPDATE (version 1511) – use the steps above to check your build number.
      You must be at build 10586.839 or later.
   • RTM (“version 1507”) – same procedure, make sure you’re up to or beyond build 10240.17319.

   To see what build version of Windows 10 you are using:
           –      Use the Cortana search box (to the right of the Start icon)
           –      type: winver
           –      Press Enter

NEED MORE HELP!
FoxGuard Solutions has the key to starting a successful patch and update management program. We have a complete program that includes asset analysis, patch reporting, validation and deployment solutions to ensure our clients are secure and compliant. 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
We host a webinar series to discuss ways to develop and implement a robust patch management program. We can help identify and mitigate gaps in the security of ICS systems and prepare for NERC CIP audits.  Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

Talk to an Expert

FoxGuard monitors global ransomware cyber attack – WannaCry

FoxGuard continues to monitor a global ransomware cyber-attack, identified as Ransom:Win32/WannaCrypt and referred to as WannaCrypt or WannaCry, that seems to be targeting organizations and individuals in various countries. While FoxGuard remains unaffected by the attack, we are in the process of reaching out to current customers of our Patch Availability Reporting (PAR) and Validation services who were notified of this critical patch as part of our March reports.

The ransomware encrypts files and extorts a fee from the user in order to unencrypt the files. It also attempts to exploit a Server Message Block (SMB) protocol vulnerability in Microsoft Windows operating systems in order to spread out to random computers. There are reports that affected systems have also had the DoublePulsar backdoor installed. Countermeasures have been taken by the Internet community and vendors to slow, detect and stop the spread of the ransomware.

Microsoft released a patch in March of this year for all currently supported operating systems. Due to the seriousness of this attack, Microsoft has also provided security updates for previously unsupported operating systems including Windows XP, Windows 8 and Windows Server 2003. If you are unable to install the patch at this time then Microsoft suggests that SMB v1 be disabled on all vulnerable systems.

Attacks of this nature may have a significant impact and it is important for organizations and individuals to ensure that they:
   •    Keep antivirus and antimalware applications up to date.
   •    Install security updates as soon as they become available and in accordance with
         patch management processes.
   •    Create regular backups of important files and store them in a location that vulnerable
         systems cannot reach.
   •    Do not click on or open any attachments received within unsolicited emails.

For more information:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.0000umhdb0m5mdizwzh13u3fz7x7z

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0147

https://www.us-cert.gov/ncas/alerts/TA17-132A

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

Talk to an Expert

Patch Availability Reports – NEW FEATURES!

FoxGuard Solutions has made improvements to the monthly Patch Availability Reports. We believe there will be a lot of excitement around these NEW ADDED FEATURES. There will be new fields represented on the report for Patch Evidence and CVE Details.

PATCH EVIDENCE – Better meet the requests from your auditors.
We have added a table to the end of the report that will show two types of evidence: Patch Quantity and Patch Quality. 

PATCH QUANTITY – A screenshot will be provided that shows the number of patches provided from the source vendor within your report time line. This will also include a screenshot if NO patches were provided by the vendor within the same report time line.

PATCH QUALITY – If a patch was released within the report time line, this evidence is a screenshot of the actual patch data ensuring FoxGuard has provided the correct details, as well as date/time stamp of when the evidence was captured.

Note: Patch Evidence is captured at the Vendor> Product> Version level, so if you have multiple listings of the same item in your Availability table in the report (first in the report), it will only be shown once in the evidence table, making this a more condensed, easier-to-use listing.

CVE DETAILS – More Vulnerability Details!
We are adding the CVSS (version 2) Score and Description – This will provide further vulnerability details to allow you to better assess the full critical nature of your patches.

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

Talk to an Expert

 

Regulatory Growth as of April 2017

Earlier this month, Compliance & Risks published its quarterly regulatory growth charts for April 2017. The charts shows regulatory growth by subject and region. 

Overall growth by year shows an increase in regulations of over 30% from April 2016 to April 2017 (and pending), covering the areas of batteries, climate change, energy, packaging, product safety, substances, and waste.

By region, the largest growth during this time period was in the Latin America / Caribbean region.

FoxGuard tracks pending new legislation, as well as upcoming changes to existing legislation, and works closely with our supplier network to ensure continued compliance of systems and components.

Regulatory Changes Requiring New Documentation

As always, the world of regulatory compliance for IT equipment evolves and expands, and changes are on our doorstep, with further changes being right around the corner.

EU Declaration of Conformity – EMC standard EN 55032:2012 mandatory as of March 5, 2017

In less than one month, EMC standard EN 55022:2010 expires, and EN 55032:2012 must be reflected on EU Declarations of Conformity. 

Two items of note regarding this change:

  • EN 55032:2012 v. EN 55032:2015

Although EN 55032:2015 has been published, it has not yet been adopted by the European Commission under EMC Directive 2014/30/EU.  Until the 2015 version is adopted under the EMC Directive, EN 55032:2012 is the standard that must be on the CE Declaration.  Recommendations have been made to have products tested to both versions, so both versions of the standard can be cited on the product CE Declaration.  For a complete list of EMC standards currently adopted under Directive 2014/30/EU, please visit https://ec.europa.eu/growth/single-market/european-standards/harmonised-standards/electromagnetic-compatibility_en.

  • EN 55032 v. EN 55011

Certain types of equipment are in scope of both EN 55022/55032 (Information Technology Equipment) and EN 55011 (Industrial, scientific and medical equipment), which is still in force.  If your equipment falls into this category, please note that EN 55011 cannot be accepted in lieu of EN 55032, since the CE Declaration must include all standards relevant to the product.

REACH – Four Additions to Substances of Very High Concern (SVHC) List

Four new chemicals have been added to the REACH Substances of Very High Concern (SVHC) list, bringing the total number of substances on the list to 173. 

Around the corner …

  • Taiwan RoHS enters into force in 2017, with mandatory enforcement dates ranging from May to November. Please check with your test lab for product-specific dates.
  • Singapore RoHS also enters into force, in June 2017. Please check with your test lab regarding specific requirements for your products.

PROVIDING AN APPLIANCE WITH YOUR CYBER SECURITY SOFTWARE SOLUTION

The cyber security marketplace is hot right now and companies that want to position themselves in this market have a tremendous opportunity. A software company or what is often referred to as an ISV (Independent Software Vendor), with a product that is focused for the cyber security market should not divert its attention to anything else except building an exceptional product for the customer. Distractions for a software company include the selecting, acquiring, and selling of a computer or computer platform to complement the software solution. FoxGuard Solutions suggests that software companies would benefit from a partnership with a reputable computing appliance provider to offer a total turnkey solution for the customer.

why should a software company outsource?

The implementation of the cyber security software will need to be completed by either the software company, the end customer, or the outsourced computer appliance supplier who partners with the software company. FoxGuard Solutions can provide an accountable point of contact to ensure the delivery and implementation of the software.   

ISV employee

  1. Who will design and optimize the computing platform (to the software)?
  2. Will it be easier for the end customer to buy a turnkey solution or multiple products? Issue one or multiple purchase orders?
  3. Will a software company or the end customer know how to effectively move from design, to prototyping, to production systems?
  4. Who will manage the product parts setup and lifecycle?
  5. Who will manage the logistics, warehousing, inventory, and installation?
  6. What if the end customer wants the computing platform or appliance integrated with other equipment, such as a computer rack?
  7. What if the target market and customers need multiple form factors in their selection of computer appliances?
  8. What about warranty, failure rates, and support?
  9. How does the software company promote their brand?
  10. Would it be helpful if the computer was branded for the software company?

production rack integration

As this list implies, there is a lot to worry about from the software company’s perspective when they need to be devoting their time and energy to having the best software and support possible. Sure, the software company could simply tell the end customer that they (the end customer) can provide the computer, but the risk there is that the software may not perform optimally because the customer did not select the recommended and optimal hardware solution. This could cause startup problems and put a bad taste in the end customer’s mouth of the software company.

hardware production floor

The cyber security market is estimated to grow to $170 billion (USD) annually by 2020, at a Compound Annual Growth Rate (CAGR) of 9.8 percent from 2015 to 2020, according to a report from Markets and Markets. The aerospace, defense, and intelligence vertical continues to be the largest contributor to cyber security solutions. If you are a software company or ISV and you are trying to take advantage of this great growth opportunity, take a good look at partnering with a computing appliance supplier. The FoxGuard Solutions team would be happy to consult with you and help you assess whether this would be a good direction for your firm. These are very competitive times and also times where markets are moving to a heavy focus on software. The software companies who can put their focus and attention on their software and not on other distractions could be the ones who will win with the customer in the end.

UPCOMING CHANGES TO MICROSOFT’S UPDATE DELIVERY POLICY

WHAT IS CHANGING?

2016 Microsoft Update Delivery ChangesOn August 15th, 2016, Microsoft announced some new changes for how they will offer updates for Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. Starting in October 2016, Microsoft will offer a single Monthly Rollup on the second Tuesday of each month that addresses all security and nonsecurity issues released for each operating system. This Monthly Rollup only addresses core operating system components, and does not cover other Microsoft software. This is the same update model that Microsoft currently uses for Windows 10. For customers that normally only install security updates, Microsoft will release a security-only rollup update on the same day.

At first, these Monthly Rollup updates will only contain fixes for the operating system released since October 2016, but over time Microsoft plans to add older updates to this rollup. Eventually, this will become a fully cumulative update, meaning that a completely unpatched system could apply a single rollup update (plus any prerequisites that rollup requires) and be fully up to date with everything the Monthly Rollup covers. In addition to these two rollups, per a comment from Nathan Mercer from Microsoft (in the discussion section of the article referenced above), there are plans to release an update rollup containing only new non-security fixes on the third Tuesday of each month.

In addition to the Monthly Rollup for the operating system itself, Microsoft plans to use the same model for .NET Framework updates. The .NET Framework Monthly Rollup will be offered as a full rollup with both security and non-security fixes, as well as a security-only version. This rollup will only install updates for the version of the .NET Framework installed on a system. It will not upgrade a system to higher versions of the .NET Framework.

Regardless of which type of rollup update is chosen, Microsoft no longer plans to offer individual security or non-security updates for Windows itself or the .NET Framework. This is further confirmed in another blog entry posted on August 30th. In this new blog entry, they address the question: “With the new Windows as a Service: Service Model, can we back out a single patch (KB) if it causes issues since they are all rolled up?” To summarize Microsoft’s answer, you can’t control which KB’s are applied, so you will need to back out the entire rollup. They justify this decision by stating that the rollups are designed to correct the fragmentation caused when users selectively install updates. They also state this new rollup model makes it easier to migrate to new versions of Windows without wiping and reloading an entire system.

Other Microsoft-provided updates, such as Adobe Flash Player updates for newer versions of Windows and Microsoft Office updates will still be delivered as individual updates and will not be included in the rollup. Another critical update type that will not be included in the rollups are Servicing Stack updates. These are updates to the way the operating system detects and installs updates. When a new Servicing Stack update comes out, it will be likely required before any future updates can be installed.

HOW DID UPDATES WORK BEFORE?

For Windows 7 and Windows 8.1, as well as their corresponding Windows Server variants, Microsoft releases multiple security bulletins each month on the second Tuesday of the month (commonly known as “Patch Tuesday”). Each security bulletin would address a single vulnerability (or multiple related vulnerabilities) in a Microsoft product, and would reference one or more patches for each affected product. In order to fully patch a system, users need to install each of the applicable updates released in a given month. If necessary, users can choose not to install one or more updates. According to Microsoft, this ability to pick and choose leads to multiple potential problems. Some examples they give are increased scan times, increased testing complexity, and various combinations of updates causing other errors, lowering update quality.

HOW WILL IT AFFECT CRITICAL INFRASTRUCTURE?

Updates for Windows 7 SP1, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. Moving to a rollup model does have some major benefits for those in critical infrastructure. A reduced number of updates each month greatly reduces the patch management burden, especially considering the June 2016 round of updates included 17 different security bulletins. This reduced update count also means less compliance documentation to deal with each month.

However, the loss of granular update selection means that when a critical application breaks due to a Windows rollup update, end users are left with difficult decisions. For example, what is the best way to get back up and running? Ideally, the offending update can be uninstalled. This would leave systems vulnerable, but operations would return back to normal. In some cases, there have been Windows updates that could not be uninstalled. One recent example is MS16-088. Certain updates within this security bulletin cannot be removed. The updates that can’t be removed here mainly deal with online Office products such as SharePoint and Microsoft Office Web Apps. However, MS14-024 was a security update released for Microsoft Office as a whole that cannot be uninstalled. While no recent examples of OS updates that could not be uninstalled could be found, if any future rollup updates behave that way, then it would be necessary to restore from a backup after applying an incompatible update.

In a situation where a rollup update is incompatible with a critical application, there are two options available: wait for Microsoft to release a new update that does not break the application, or wait for the application’s vendor to release an update that is compatible with the Microsoft rollup update. Microsoft has stated in their more recent blog entry on August 30th that “if there is a problem the partner will need to open up a case and provide business justification to drive the discussion with Microsoft.” Expecting a large entity like Microsoft to re-release an update to address issues that affect a very small number of applications, no matter how critical they are, is unlikely (but not improbable). In an industry where hardware and software is designed to run for decades, waiting for a vendor to update an application is not feasible in many cases. Until either the Microsoft rollup update no longer breaks the application, or the application is changed so that it won’t break, systems in critical infrastructure and other industries may have to remain unpatched for quite some time.

In situations where updates can’t be applied without breaking a critical application, Microsoft does provide documentation on mitigating factors and workarounds for some of their published security vulnerabilities. If this documentation exists for a given update, it can be found in the Microsoft Security Bulletin for that update. For updates with no mitigation documentation, other mitigation technologies would need to be utilized in order to protect systems where the underlying vulnerability can’t be patched without breaking other critical functionality.

FINAL THOUGHTS

While this new update model is great for many large enterprises with huge numbers of endpoints to manage, it fails to address the reason why businesses selectively installed updates in the first place: updates sometimes break critical applications. Unless Microsoft brings back some way of installing individual security updates, many systems may have to remain vulnerable until system owners can convince Microsoft to provide a workaround, or until vendors are forced to update applications across the entire deployed fleet. In some situations, a vendor for a critical application may no longer exist or is unwilling to change. In that case, entities may need to find a new vendor in order to remain secure against all of the latest vulnerabilities in Windows. Changing vendors in critical infrastructure is not to be taken lightly, as it often requires long, expensive upgrades that introduce unwanted downtime. In the meantime, systems in critical infrastructure that were staying up to date may start to fall behind and become vulnerable, with little recourse available.

FoxGuard Solutions will continue to watch for new developments regarding Microsoft’s servicing changes. Additionally, FoxGuard is working with other industry experts to analyze these changes and work with Microsoft on ways to mitigate risks for energy delivery industrial control systems. Expect more communications from us as new information is made available.

FOR A PDF VERSION OF THIS ARTICLE – CLICK HERE

To view this an other white papers, visit our Resources page.

References:

[1] www.blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying servicing-model-for-windows-7-and-windows-8-1/

[2] www.blogs.msdn.microsoft.com/dotnet/2016/08/15/introducing-the-net framework-monthly-rollup/

[3] www.blogs.technet.microsoft.com/askpfeplat/2016/08/30/a-bit-about-the windows-servicing-model/

What’s Behind that Document?

FoxGuard Solutions’ Regulatory Compliance program is designed to ensure that each order shipped meets the regulatory requirements of the order’s destination. 

Our services cover the following areas of regulatory compliance for over 36 worldwide locations:

  • Safety
  • eWaste
  • Telecom
  • Low Voltage
  • Energy Efficiency
  • Country of Origin
  • EMC
  • Hazardous Substances
  • Multilingual Labeling
  • Battery Requirements
  • Energy Efficiency
  • Document Translation

Regulatory Compliance Map

“Behind the scenes” of the regulatory document packages uploaded to customer support sites lies daily research into new and changing legislation surrounding IT equipment design and import, investigative reviews into compliance of potential new inventory components, and a database of over 40,000 regulatory certificates and reports covering thousands of parts, from adapters to industrial computers and peripherals!

Our document database is monitored to ensure expiring documents are renewed and certificates with superseded standards are retired.  One change in a national or regional standard, such as CE, can mean replacement of hundreds of component certificates!

FoxGuard’s Regulatory Compliance Team maintains a network with over 250 manufacturers and suppliers.  In addition to collaborating with these associates to assess compliance of specific components and produce proper documentation, FoxGuard issues periodic Regulatory Bulletins alerting manufacturers and suppliers of upcoming legislative changes and new documentation requirements.

The custom regulatory document packages provided to customer-specified sites are the result of design and pre-BOM reviews, quote reviews, and an additional line-by-line review before an order is released for planning.

In addition to the support provided on an order-by-order basis, FoxGuard’s Regulatory Compliance Team works with Customer Account Representatives, suppliers, and customer compliance professionals to explore and coordinate special requests, such as additional product certifications. 

The result of these extensive “behind the scenes” services is successful import to international destinations and proper documentation to back up every regulatory mark on a system component.  On those occasions when a customs office requires additional information to clear a shipment, FoxGuard’s Regulatory Compliance staff works closely with customer and customs associates to provide the information requested in a timely manner.

Customer Care Center

Last but not least, FoxGuard’s Customer Care Center (CCC) offers pass-fail results on regulatory compliance pre-submittal inquiries.  If you need log-in information or instructions on the use of the CCC, please contact your FoxGuard Customer Account Representative or e-mail customerservice@foxguardsolutions.com.