To help secure government information systems, Intellect provides Cyber Security services focused on Information Assurance and Security Engineering.
For Information Assurance, Intellect uses standard Information Assurance (IA) assessment methods and procedures to assess the security controls in federal information systems, based on the Risk Management Framework (RMF) defined in NIST 800-37, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy, DoDI 8510.01, Risk Management Framework (RMF) for DoD Information Technology, the Cyber Security Framework (CSF) for Improving Critical Infrastructure Cybersecurity, and the underlying controls in NIST 800-53 Rev4, Security and Privacy Controls for Federal Information Systems and Organizations and other related standards and client-specific standards and guidelines. Intellect’s IA services include Assessment and Authorization (A&A) support, Federal Risk and Authorization Management Program (FedRAMP) support, and Security Test & Evaluation (ST&E) to determine if security controls are implemented correctly, operate as intended, and produce the desired outcome to meet all client security requirements. We provide independent assessment support via Penetration Testing and Risk & Vulnerability Analysis, and perform as the Information System Security Officers (ISSO), helping our client’s System Owners develop, implement, verify and monitor System Security Plan (SSP) implementation to achieve and maintain Authority to Operate (ATO).
Intellect’s Cyber Security Engineering services secure IT infrastructure, implementing the NIST controls as defined above while providing system administration, network administration, and telecommunications/audio visual support. We support cyber security applications and appliances, such as HBSS, ACAS/Nessus, Splunk and a variety of firewalls, to enhance our client’s security posture.
Approach – Cyber Security Services
To verify and validate the proper implementation of NIST 800-53 Rev4 controls or the DoDI RMF (DoDI 8510.01) required controls, we follow the guidance in NIST SP 800-53A, Guide for Assessing the Security Controls in Federal Information Systems and Organizations, adapted to each client scenario and additional policies, standards and guidelines.Intellect’s Information Assurance security assessment services take into consideration the entire system, network, and application life cycle. Our approach includes a manual audit of policies, procedures, selected controls, contingency and disaster recovery plans. We use a combination of commercial and open source technologies to run automated tests to determine each system’s security posture. Our approach provides the benefit of consistent, comparable, and repeatable security assessments that provide the right information to prioritize and mitigate vulnerabilities. For those systems that exhibit security vulnerabilities, our security assessments include formal recommendations for remediation. The outcome of the Assessment & Authorization (A&A) support activity is a Certification Package containing documents that describe the security posture of the system, an evaluation of risks, and recommendations for correcting deficiencies.
Intellect’s Cyber Security Engineering approach uses an ITIL-based IT Service Management process where we define the components of a particular Security Engineering support type captured in guides, templates, and checklists to implement an efficient, repeatable engineering support methodology. For vendor-specific tools such as Splunk, we embed vendor-defined best practices.
Intellect’s Cyber Security support services include:
- Assessment and Authorization (A&A)
- Security Test and Evaluation (ST&E)
- Systems Security Engineering
- Penetration Testing
- Risk & Vulnerability Analysis
- High Value Asset (HVA) Assessments
- Software Assurance (Software source code assessments)
- Security Policy and Operational Procedure Development
- Security Engineering and Architecture Design
- Computer Security Incident Response
Intellect currently provides Information Assurance and Security Engineering services to clients including the Air National Guard, the U.S. Mint, and the Internal Revenue Service.