DNC CORP provides cyber security and information assurance (Security Assessment & Authorization) support to multiple government agencies. All activities are conducted in compliance with FISMA, FIPS, OMB A-130, and NIST SP 800 series. Here are a few examples of steps taken during the Security Assessment & Authorization process:
Conduct risk assessment in accordance with NIST SP 800-30, Risk Management Guide for Information Technology System. Identify threats and vulnerabilities, assessed potential risk exposure and recommend cost-effective safeguards to mitigate risk.
Security Test and Evaluation (ST&E): Conduct independent security tests and evaluations to ensure technical security controls meet specified requirements and work as intended. Include the development of ST&E plan and ST&E report. Tests for GSS are done via vulnerability scanners, manual security test and manual reviews of security configuration profiles.
System Security Plan (SSP): Develop system security plan in accordance with NIST SP 800-18. The plan documents the status of necessary safeguards, i.e., in-place, planned, in-place and planned, or not applicable.
Continuity of Operations Plan (COOP): Develop business continuity plans in accordance with NIST SP 800-34, Contingency Planning Guide for Information Technology Systems. Develop and document preparatory, emergency response, and recovery actions and procedures, as well critical resources required to continue operations after a catastrophe. Also prepare and conduct test plans; and updated continuity plans based on test results; and conduct training on business continuity plan execution and related procedures.