Traversing through the myriad of security guidelines and directives can be bewildering—let us assist. SecuriGence has developed security policies, procedures, and guidelines based on many different forms of guidance, such as NIST 800 Series, DoD Instructions, Risk Management Framework (RMF), DoD directives such as TASKORDs and PLANORDs, and the ICD Series (need to check on exact name). We have utilized these guidelines, while integrating agency-specific guidance and requirements to produce effective solutions. SecuriGence also has experience managing agency programs such as Information Assurance Vulnerability Management (IAVM), Vulnerability Management System (VMS), and 8570 Workforce Improvement Program (WIP).
Computer Network Defense
The malicious actor attempting to exploit your information systems only has to be right once. While today’s IT capabilities have fundamentally transformed the way we operate, they have also increased our attack profile exponentially. SecuriGence has leveraged leading edge technology, such as next-generation firewalls (NGFW), big data SIEM solutions, and sandboxed virtual execution of code, to develop holistic, best-of-breed security stacks for our customers. Our staff are computer network defense experts, tackling the latest risks to information systems, such as advanced persistent threats (APTs), zero-day exploits, and insider threat.
An unpatched Windows system will survive approximately 5 minutes on the open Internet according to the Internet Storm Center (ISC). The truth is, fundamental system hardening, implementation of an anti-malware suite, and other security best-practices can substantially decrease the attack surface. Our security engineering staff utilize NIST, DISA STIGs, and CIS benchmarks, among others, coupled with organization-specific guidance, and industry best-practices to harden systems. SecuriGence has implemented and maintained enterprise deployments of industry leading anti-malware suites, to include the DoD’s execution of McAfee ePolicyOrchestrator, known as HBSS. Vulnerability scanning is a key component of assessing weaknesses in network components, endpoints, and software. SecuriGence engineers have experience with numerous vulnerability scanners, to include Retina, Acunetix, and Nessus—along with the DoD implementation of Nessus, called Assured Compliance Assessment Solution (ACAS). Our staff are certified in various Microsoft, Red Hat Linux, Cisco and other products, and are authorities at securing them against malicious actors.
Certification and Accreditation (C&A)|Assessment and Authorization (A&A)
What value is an information system without an authority to operate (ATO)? All dressed up and nowhere to go. C&A/A&A, while essential to gaining approval to operate an information system, is more importantly critical to the process of risk management within an organization’s overarching security program. The selection and specification of security controls, and subsequent implementation and testing, is crucial to ensuring that an information system has security baked-in from inception and throughout its system lifecycle. SecuriGence has extensive experience with many accreditation vehicles, to include:
- Defense Information Assurance Certification and Accreditation Process (DIACAP)
- DoD 8510.01 Risk Management Framework (RMF) for DoD IT
- NIST 800-37
- Director of Central Intelligence Directive (DCID) 6/3
- Joint SAP Implementation Guide (JSIG)
- DoD Joint Security Implementation Guide
- We have guided organizations through all phases of C&A/A&A, to include control selection, auditing, artifact generation, and plan of actions and milestones (POA&M) management, with 100% success in attaining ATO/ATC.