|
SphereCom's comprehensive suite of information assurance and system security services include:
Information Technology Security
Security Policy and Plan Development
Threat/Risk Analysis and Vulnerability Assessments
FISMA Security Control and INFOSEC Assessments
Security Architecture Evaluation and Development
Personnel Security
Security Awareness and Training
Communication Security
Physical Security
Continuity of Operations and Disaster Recovery
System Development Life Cycle (SDLC) Support
Certification and Accreditation Support
SphereCom maintains an extensive system security library. This controlled library houses up-to-date copies
of all major Government and commercial security-related publications, including risk and threat profiles, security
safeguards, and "Best Practices", Public Laws and Executive Orders, National Security and Presidential Directives,
Government Security Directives, Staff Publications, vendor product and service information, and product evaluation
results.
Capabilities
Information Technology Security
Operational and analytical support of Information Technology (IT) systems, ranging from a personal
computer to a worldwide telecommunications network. Security operations support such as development, documentation,
and implementation of security methodologies and safeguards. On-going analysis of National-level IT Security initiatives
such as the Federal Information Security Management Act (FISMA),the Health Insurance Portability and Accountability Act (HIPAA),
the Privacy Act, Homeland Security Presidential Directives (HSPD), and other Federal security requirements.
Security Policy and Plan Development
Development of security policies and planning documents in accordance with industry/government directives
(e.g., OMB Circular A-130, NIST Special Publications 800-18, 800-37 and 800-53) and Agency-level instructions (e.g., DoDI 8500.2,
DOJ 2640.2 and DISA Instruction 630-230-19).
Threat/Risk Analysis and Vulnerability Assessments
Comprehensive analysis of naturally occurring and man-made threats to information systems, using
authoritative sources such as the USGS, FEMA, FBI, NCS, DoD, and various intelligence sources. Identification of risk
mitigation procedures and system modifications to close known vulnerabilities, enabling systems to operate at an acceptable
level of risk.
FISMA Security Control and INFOSEC Assessments
Conduct security control assessments and Information Security (INFOSEC) Assessments in accordance with recognized
assessment procedures, such as NIST SP 800-53A and the National Security Agency (NSA) INFOSEC Assessment Methodology (IAM).
Assist Government organizations in conducting self-assessments of their most relevant information assets
for FISMA submissions in accordance with NIST and OMB guidelines.
Security Architecture Evaluation and Development
Life-cycle design, development, and evaluation of end-to-end system security architectures, from requirements
definition through final systems implementation. Areas of emphasis include firewall security, router security, secure protocol
implementations, Internet/Intranet security, strong authentication techniques, and system and network monitoring and control.
Personnel Security
Development of personnel security programs that address security screening policies and identification procedures,
Industrial Security requirements, and computer security awareness training programs.
Security Awareness and Training
Development of security awareness and training curriculum, including general awareness training, information system
specific training, and professionalization training. Author of numerous security awareness papers and advisories for National-level
symposiums and publications, covering topics such as the electronic intrusion threat, intrusion detection and response, security of
commercial IT systems, and certification and accreditation.
Communication Security
Design and evaluation of Communications Security (COMSEC) control mechanisms, including Data Encryption Standards
(DES), Type 1 encryption, Public Key Infrastructure (PKI), Internet Protocol Security (IPSEC), emanation security, and Red/Black
installation criteria.
Physical Security
Analysis and design of physical security control systems, including automated and manual entry control systems,
facility monitoring equipment, intrusion detection systems, access control procedures, and other mechanisms designed to protect
physical infrastructures.
Continuity of Operations and Disaster Recovery
Development of Contingency Plans, Incident Response Plans, Disaster Recovery Plans, and Business Impact Assessments
for major data center operations and worldwide telecommunication networks, with a focus on continuity of operations
and secure backup/recovery. Continuity of Operations Plans (COOP) also developed in accordance with specific Agency guidance
(e.g., Army Regulation 500-3).
System Development Life Cycle (SDLC) Support
Assist Government agencies in developing a Risk Management Framework (RMF) as required by NIST SP 800-37, Rev 1.
Support includes design, development, and/or implementation of continuous monitoring solutions.
Certification and Accreditation Support
Development of complete certification and accreditation packages as specified by NIST Special Publication 800-37 and
DoD Instruction 8510.01 (DIACAP) and other Agency specific certification criteria. Certification packages include complete details of all system components and operations, as documented in system security plans,
system security authorization agreements, configuration management plans, security training plans, and security test and evaluation plans.
[ Top ]
|
