SphereCom Enterprises Inc, Logo

Information Assurance and System Security Services

To assist customers in securing vital systems and information, SphereCom provides a comprehensive suite of information assurance and system security services.

Information Technology Security
Cloud Computing Security
Security Policy & Plan Development
Threat/Risk Analysis and Vulnerability Assessment
Continuity of Operations & Disaster Recovery
Security Architecture Evaluation and Development
Assessment & Authorization
System Life Cycle Development SDLC Support
Security Awareness and Training
Communications Security
Personnel Security
Physical Security

Information Technology Security

Operational and analytical support of systems ranging from personal computers to worldwide telecommunications networks, including development, documentation, and implementation of security methodologies and safeguards, as well as ongoing analysis of International, National level information security initiatives, including Federal Information Security Modernization Act (FISMA), Health Insurance Portability and Accountability Act (HIPAA), Privacy Act, Homeland Security Presidential Directives (HSPD), and other U.S. Government and International security requirements.

Cloud Computing Security

Conduct technical and trade-off analysis of cloud computing security mechanisms, such as encryption, authentication, auditing, multi-tenant separation, communications, security monitoring, and forensic analysis.  Assist Cloud Service Providers (CSP) in implementing and authorizing secure public, private and hybrid clouds and prepare cloud security artifacts for evaluation by the Federal Risk and Authorization Management Program (FedRAMP). 

Security Policy & Plan Development

Develop security policies and planning documents in accordance with industry/government directives (e.g., OMB Circular A-130, NIST Special Publications 800-18, 800-37, 800-53, 800-171) and Agency-level instructions (e.g., CNSSI 1253, DoDI 8510.01, DHS 4300, IRS 1075).

Threat/Risk Analysis and Vulnerability Assessment

Comprehensive analysis of naturally occurring and man-made threats to information systems, using authoritative sources such as the USGS, FEMA, FBI, NCS, DoD, and various intelligence sources. These assessments identify mitigation procedures and system modifications to close known vulnerabilities, enabling the information system to operate at an acceptable level of risk.  Risk analysis and vulnerability assessments are conducted using the processes identified in NIST SP 800-30, NIST SP 800-39, COBIT, ISO 27005, and other U.S. Government, industry and international guidelines.

Continuity of Operations & Disaster Recovery

Develop contingency and continuity of operations plans and procedures, incident response plans, disaster recovery plans, and business impact assessments for major information systems, data centers, and worldwide telecommunication networks, with a focus on ensuring continuity of operations and secure backup/recovery, in accordance with specific agency guidelines.

Security Architecture Evaluation and Development

Life-cycle design, development, and evaluation of end-to-end system security architectures, from requirements definition through final systems implementation. Areas of emphasis include firewall security, router security, secure protocol implementations, cybersecurity (Internet/Intranet), strong authentication techniques, and system and continuous monitoring and control.

Assessment & Authorization

Develop complete Assessment and Authorization (A&A) packages and validate the security posture of systems and organizations as part of the A&A activities. Packages include details of all system components and operations and are prepared in accordance with NIST SP 800-18, NIST SP 800-37, NIST SP 800-53, DoD Instruction 8510.01, FedRAMP and other Agency-specific A&A criteria. Documentation prepared includes, but is not limited to, System Security Plans (SSP), Configuration Management (CM) plans, Incident Response (IR) plans, Contingency plans, security training plans, security test and evaluation plans, Security Assessment Plans (SAP) and Security Assessment Reports (SAR).  Conduct Information Security (INFOSEC) and security control assessments in accordance with recognized procedures and guidelines such as OMB A-130, NIST SP 800-53A, NIST SP 800-171A, and Agency-specific guidance (e.g., DOL Computer Security Handbook, DHS 4300, GSA CIO-IT Security-06-30).

System Development Life Cycle (SDLC) Support

Assist customers in developing and implementing Risk Management Frameworks (RMF) as required by NIST SP 800-37, ISO/IEC 27001, DoDI 8510.01 and other Government-specific guidelines.  All steps of the RMF are addressed including design, development, and implementation of continuous monitoring solutions.  As part of the life cycle support, assist customers in developing Supply Chain Management (SCM) processes to address current Government and ISO/IEC requirements.

Security Awareness and Training

Develop a wide variety of security awareness and training curriculum, including general awareness training, information system specific training, insider threat training, and security training for executive, technical, developer and user personnel.

Communications Security

Design and evaluate systems that employ various Communications Security (COMSEC) control mechanisms, including but not limited to, FIPS 140-2 validated encryption, Type 1 encryption, Public Key Infrastructure (PKI), Internet Protocol Security (IPSEC), TEMPEST emanation security, and Red/Black installation criteria.

Personnel Security

Develop personnel security programs that address security screening policies, personnel identification procedures, industrial security requirements, and security awareness training programs.  Prepare supporting personnel security documentation such as Non-Disclosure Agreements (NDA), Confidentiality Agreements, Rules of Behavior (RoB), and Acceptable Use Policies (AUP).

Physical Security

Analyze and design physical security control systems, including automated and manual entry control systems, facility monitoring equipment, intrusion detection systems, access control procedures, and other mechanisms designed to protect physical infrastructures for data centers, Network Operations Centers (NOC), and Security Operations Centers (SOC) throughout the world.