CSCI has been providing critical Information Assurance (IA) services to the federal government for three decades, providing a full range of services from maintaining classified enclaves to designing information technology enterprises for secure collaboration across the Nation, with a balance and focus on information security and mission needs for our customers. CSCI’s group of technical subject matter experts utilizes their proven background to provide customers with the processes and technical solutions to meet their essential cyber security and business requirements. CSCI’s supports Defense and Intelligence organizations providing subject matter experts with real world experience in information technology, engineering, and cyber security.
CSCI IA professionals have a comprehensive understanding of the system life cycle from conception to disestablishment and what it takes to achieve operational approval through the integration of policy, documentation, and operations for our customers. CSCI has achieved operational approval and continues to provide support for our DoD and government customers utilizing proven processes and understanding of deliverables for many policies and regulations to include:
CSCI IA professionals have extensive cyber security experience in the Intelligence and DoD community providing information assurance and technical services to ensure our customers systems are designed to meet Intelligence and DoD information assurance requirements. In the early years, CSCI’s IA team managed systems through the DoD Information Assurance Certification and Accreditation Process (DITSCAP) certification and accreditation process. The IA team transitioned many of our customers from DITSCAP to the DoD Information Assurance Certification and Accreditation Process (DIACAP) processes. CSCI is now working closely with the Intelligence and DoD community to assist our customers with transforming from some of the legacy intelligence policies and regulations to the Risk Management Framework (RMF) following DoDI 8510.01, RMF for DoD IT guidance.
As with many new policies, the adaption of the RMF approach will take time for it to be implemented throughout the community. The government as well as the IA community as a whole has been working to better align certification and accreditation practices and procedures to ensure the security of data and infrastructures are maintained while being more efficient with cost. DoD is leveraging Committee on National Security Systems (CNSS) and National Institute of Standards and Technology (NIST) policies against the requirements to meet DoD needs. Some of the policies being leveraged are CNSS 1253, NIST SP 800-37, NIST SP 800-53, and NIST SP 800-137. Today’s cybersecurity policies along with the RMF attempt to provide adaptable processes that move away from a checklist approach to security and adapt a continuous monitoring approach to manage risk. This risk management methodology will help to identify as well as mitigate deficiencies of secure information technology systems throughout its life cycle.
RMF is a six step process used to implement system security and risk management. The six processes are Categorize Information System, Select Security Controls, Implement Security Controls, Assess Security Controls, Authorize System, and Monitor Security Controls. CSCI has several IA team members that have gone through government training with Joint Task Force Working Group regarding the implementation of RMF. CSCI’s IA team has taken a system through the RMF processes and developed the required documentation artifacts.
Our key capabilities include: Security Requirements Planning, Systems Development, Information Assurance Compliance, System Administration, Information System Security Management, and System Security Analysis.
|Security Requirements Planning||Provides security planning professional services that addresses security policy, security architecture, and operational security needs of customers.|
|Systems Development||Provides professional services for the detailed design, development and implementation of any secure computing environment, application, or operational security need such as policy management, security procedures, network security, application and database security.|
|Information Assurance Compliance||Provides services in support of the certification and accreditation process for all IT systems. Provides services such as system certification documentation, development and testing including the preparation of system configurations and security documentation (e.g., SSP, SSAA, SOP).|
|System Administration||Provides professional services for the operations and maintenance of network operating systems, database systems, and user community. Includes services such as Active Directory implementation, installation of application updates, software/hardware implementation and maintaining backups|
|Information System Security Management||Provides professional services for the operations and maintenance of security systems. Includes services such as the development of a Security Program, disaster recovery plans, system and network monitoring, incident management), application of anti-virus updates, backup and restore operations, security awareness training and policy/procedure review in order to meet changes in technology, threat analysis and organizational change.|
|System Security Analysis||Provides professional analytical services to assess the posture of customer security architectures and assist in identification of security gaps. Services include, but are not limited to policy and procedure reviews, security requirements analysis (e.g., DIACAP, NISPOM, JSIG, RMF), threat analyses, vulnerability assessments and security architecture reviews.|
In order to ensure secure information systems are being developed and operated properly the Department of Defense came out with the 8570 directive. This directive required individuals to demonstrate a certain level of competency via professional certifications based on the role they would be serving in an organization and the secure system being supported. The 8570 directive mandates individuals that have access to any government information system and perform any security function be DoD 8570 compliant. The 8570 directive lays out a multitude of certifications that individuals must obtain in order to be in compliance.
CSCI IA Professionals are compliant with DoD requirements for working on information systems and possess a multitude of information security and technical certifications including:
CSCI has the practical experience and third party verification through technical certifications to provide the full range of IA services required to manage secure information systems throughout an information systems lifecycle. CSCI has worked in secure environments for over three decades and has the subject matter experts to help organizations navigate through the information system assessment processes. CSCI has invested in their IA professionals through corporate investment with training dollars and on the job experience to ensure we have the expertise to meet our customers’ needs.