The InfoReliance IA practice provides IT Security Services to DoD and Federal Clients with complex IT Security Policy Compliance requirements that are critical to the protection of our nation’s Homeland Security. We have clearance holding, certified information systems security professionals, as required under DoD and Federal Policy, currently securing networks and applications and meeting all IA documentation requirements at several clients which include Army, Air Force, Navy, USMC, Joint DoD and numerous civilian agencies. Our staff is continually educated in the areas of DIACAP, DITSCAP, NIACAP, PRISMA, FISMA, NIST and OMB IT Security Policy.
IA Policy Compliance – What does that mean to me?
“We match the correct methodology and the right people to execute the IT Security strategies and solutions that will be compliant for each of our client’s needs.” - InfoReliance IA Program Director
If you are a Federal Civilian Agency or a DoD Component then you understand the need for protection of your data, no matter where it resides or wherever it is transmitted. You trust the data is Available, has Integrity (Accuracy), and is kept Confidential. Depending on the classification of the data, HW and SW will need to be configured in accordance with the applicable IA Controls. Verification that the IA controls have been implemented on the system should provide a high degree of trust that your data is appropriately stored and transmitted securely. Verification that your agency’s IT System Security documentation exists, is accurate and up to date and SOPs are being followed, should provide the remaining degree of confidence in your agency’s IT Security Strategy and that your data is not being misused.
FISMA Compliance for Federal Government IT Systems
Faced with meeting FISMA compliance, agencies are looking to industry for Best Practice approaches. We believe that a risk-based security program should be developed, implemented and continually measured and monitored agency-wide. This will instill accountability, proactive protection, integrity and continual improvement of the security posture of the system to promote ongoing compliance and annual reporting.
DIACAP Compliance for DoD IT Systems
DoD systems that are newly developed or in planning stages must now follow the DIACAP instead of the DITSCAP and those that are DITSCAP Certified and Accredited will need to begin executing a transition plan to DIACAP compliance. With infoReliance’s proven experience in both DITSCAP and now DIACAP, you can rest assured that your component’s Certification and Accreditation will be planned and executed in accordance with DoD Policies and provide a sense of Trust in your system’s overall security posture.
The actual work performed for each client, Federal or DoD, may include any or several of the following:
- Initiate and Plan IA Certification and Accreditation
- Conduct Risk Assessment
- Conduct Vulnerability Assessment
- Analysis and Application of IA Controls
- Security Test and Evaluation (ST&E)
- Accreditation Certification Recommendations/Determinations
- Re-Accreditation of IT Systems
- Penetration Testing & Ethical Hacking
- System IA Posture Determination
- System Level IT Security Plan of Action & Milestones (POA&M)
- Component Level IT Security Plan of Action & Milestones (POA&M)
- IT Life Cycle Transition Planning
- COOP and Disaster Recovery Planning
Phases of the DIACAP as it follows the Life Cycle of an IT System
