CyberSecurity / IA

CyberSecurity / Information Assurance

SOLUTE has a dedicated Information Assurance (IA) team with the expertise necessary to guide any hardware or software system through the complete Certification and Accreditation (C&A) process required by the Department of Defense (DoD). Secretary of the Navy Instruction (SECNAVINST) 5400.15C specifically details this requirement, stating “Commanders of SYSCOMs, PEOs, and other Navy development and acquisition activities shall ensure Program Managers integrate IA requirements in the design of information systems that meet C&A responsibilities." To address this need, SOLUTE has become a registered Navy Certification Agent in IA, recognized by the Space and Naval Warfare Systems Command (SPAWAR) Certification Authority. This allows the company to provide Independent Verification and Validation (IV&V) of networks, enclaves, and applications to be used throughout the Navy as well as systems for Joint forces and the other Services. With decades of combined experience, our IA Analysts and Engineers are experts in all applicable Information Assurance standards and policy, including:

DoD Information Assurance Certification and Accreditation Process (DIACAP) – affecting all DoD systems, see diagram below or click here for a full-screen view of this process
DoD 8500.1 and 8500.2 directives
Director of National Intelligence (DNI) Directive, Intelligence Community Directive (ICD) 503
National Information Assurance Certification and Accreditation Process (NIACAP)
National Institute of Science & Technology (NIST) SP 800-37
Federal Information Processing Standard (FIPS) 140-1
Federal Information Security Management Act (FISMA)
National Industrial Security Program Operating Manual (NISPOM)

Illustration of the DoD DIACAP

SOLUTE is familiar with the Defense Information Systems Agency (DISA) standards and Navy Network Warfare Command (NETWARCOM) business processes, in addition to having expert knowledge of Cross Domain Solutions and navigation of the approval process with the Unified Cross Domain Management Office (UCDMO). SOLUTE’s staff includes cleared personnel with specialized Certified Information Systems Security Professional (CISSP) and Certified Secure Software Lifecycle Professional (CSSLP) credentials. Our engineers are sensitive to customer C&A timelines for both new and re-accreditation projects. SOLUTE uses the latest DISA provided Security Technical Implementation Guide (STIGs), Security Checklists, Security Readiness Reviews (SRRs), and DoD licensed scan tools in the performance of IA services. We are also technology independent, recommending and implementing security solutions in accordance with the individual needs and risk profile of each project. SOLUTE provides comprehensive IA support for both classified and unclassified systems, software, and networks. Our Analysts and Engineers are also experienced in performing both Site and Type accreditations.

SOLUTE’s CyberSecurity and IA services include:

Complete C&A project management and documentation for systems and software – from initialization and planning to Authority To Operate (ATO) approval, re-accreditation, and system decommission
IA collaboration meetings and guidance with the appropriate Designated Accreditation Authority (DAA)
System/network/software IA requirements determination and strategy
IA test plan development and Test Readiness Review (TRR)
On-site IA testing / penetration testing
Residual risk assessment
IA audits, vulnerability assessments, and scans supporting
IA engineering recommendations, process improvement, and training for CyberSecurity best practices
Follow-on support and IA help desk services

Contact Us

For all information related to Cyber Security and Information Assurance, email us at cybersecurity@solute.us

Last update February 3, 2010