Provides a full range of analytical services to assess the posture of Government security architectures and assist in identification of security gaps. Services include, but are not limited to policy and procedure reviews, security requirements analysis (e.g., JTA-A, DII-COE, DITSCAP, Common Criteria), threat analyses, vulnerability assessments, penetration testing, data validation and security architecture reviews.
Provides security planning services that addresses security policy, security architecture, and operational security needs of customers. Provides the design and development of: security architectures and secure solutions based on mission drivers and government-approved architecture approaches, standards, and policies. Some examples include Internet architectures, web services security and J2EE application security architectures, IDS and incident management architectures, multiple security layer architectures, enterprise security architectures, grid computing security architectures, enterprise privacy architectures, operational security plans, communications security plans, and system security plans.
Security Standards Development
Provides standards development services in several emerging security standards areas (e.g., web services security, J2EE, trusted computing and security policy management) dealing with items such as: smart cards, multi-level operating systems and databases, hardware security modules, network security and cryptography, and grid computing security.
Provides services to assist the Government in evaluating emerging and state-of-the-market security technologies. Services include, but are not limited to: evaluation of products (hardware or software), product upgrades and emerging market methodologies, standards, policies and procedures
Security Design and Implementation
Provides a full range of services for the detailed design, development and implementation of any type of security system, application, or operational security need such as policy management, security procedures, network security, application and database security, telephony, business continuity, and physical security and surveillance products. Some examples of security implementations include: intrusion detection, firewalls, system monitoring, anti-virus, COOP, I&A, single sign-on, Active Directory migrations and implementations, data migration plans, MOU/MOAs, smartcard/biometrics and CAC/PKI implementations.
Provides services in support of the Government's certification and accreditation process for all IT systems. Provides services such as: system certification documentation, development and testing (integrated into all new solutions, or assisting other non-accredited systems) including the preparation of system configurations and security documentation (e.g., TFM, SFUG, COOP, SSAA), and independent DITSCAP ST&E.
Security System Operations
Provides a full range of managed services for the operations and maintenance of security systems. Includes services such as: execution of COOP and disaster recovery plans, system and network monitoring (including intrusion detection, forensics, and incident management), application of anti-virus updates, backup and restore operations, vulnerability abatement programs, security awareness training, physical security and policy/procedure review in order to meet changes in technology, threat analysis and organizational change.