-
Risk Management Framework
-
Enterprise-Wide Information Security/Assurance
-
Cross Domain Security Solutions
-
Risk Identification & Management
-
Trusted Agent SSO-Navy
-
Certification & Accreditation (C&A) Compliance
-
Enterprise Wide Risk Management
-
IAVM & STIG Compliance/Updates
-
Information Technology Risk Analysis
-
Vulnerability Assessments Gap Analysis
-
FISMA Compliance Test & Reporting Compliance
-
Policy Development (acceptable use standards)
-
Information System Validation
-
Virtual Machine (VM) Security Solutions
-
Mandated Systems Engineering Discipline
-
Pertains to the Confidentiality/Integrity/Availability of information and information systems
-
IA Controls (as defined in DOD 8500.2 and others) equate to Baseline Security Requirements
-
-
Standards defined in:
-
DITSCAP – Past
-
DIACAP – Present
-
NIST Risk-Based (RMF) – Future
-
DoDIIS – Intelligence Community
-
-
Process:
-
Certification – Process to demonstrate compliance
-
Accreditation – Management Decision for Accreditation Authority to accept risk results in a (ATO/IATO/IATT)
-
-
Benefits:
-
Get Out of Jail Free Card (System Accreditation Authority accepts risk)
-
Greater Assured Sharing of Information
-
-
DOD/Industry Recognized Certifications
-
Fully Qualified Navy Validators
-
Certified Information Systems Security Professionals (CISSP)
-
Information Systems Security Management Professional (ISSMP)
-
Qualified Certification & Accreditation Professionals (Q/C&A)
-
Qualified Ethical Hackers (Q/EH)
-
-
Common Submarine Radio Room (CSRR) (SPAWAR PMW770/NUWC)
-
All aspects of C&A activities for entire submarine force radio rooms
-
Cross-Domain Security Solution from Independent Levels of Security Enclaves
-
Multiple Independent Filter (MIF) Accreditation
-
Annual FISMA Reporting
-
-
Navigation Data Processor: Trusted Agent Services (SSO-Navy)
-
Special Intelligence Systems (black box): Trusted Agent Services in support of NAVINTEL