 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
| Integrated Approach
TSTC has extensive full life cycle information assurance and risk management experience within the Federal Government. Our certified staff verify compliance with established security procedures and standards, identify and document vulnerabilities and non-compliances, and help manage risk by making recommendations for mitigating actions / compensating controls in compliance with Agency/Department regulations, Executive Orders, Public Law, and NIST, OMB, and other guidelines as these apply to the protection and treatment required for Federal computer systems. Security Services TSTC provides life-cycle security services including assembling certification and accreditation packages, developing security architectures and solutions using sound security systems engineering practices, performing security test and evaluations, and assisting clients in attaining their protection goals. Our professional staff assist clients with making decisions concerning information assurance requirements and security management of information systems including incident reporting and training and awareness. TSTC skilled security staff create tailored security policies/procedures and documentation that address all information assurance requirements for an organization's data, emanations, communications, operations, physical, procedural, personnel, and computer security. We have extensive expertise in migrating Agency-specific legacy C&A processes to NIST standards. Federal IT budgets are becoming increasingly tied to verified management, operational, and technical security controls and procedures. TSTC combines its information assurance and security engineering expertise with its extensive capital planning and OMB Circular A-11 Exhibit 300 capabilities to provide fundable security services for our clients. Risk Management Services Leveraging our information assurance and systems operations expertise, TSTC staff identify the unique threats and exposure to loss which include risks that are location driven, and threats that are related to the mission of an organization. The in-place management, operational, and technical controls in the context of a defense in depth (i.e., layered) security model are qualitatively / quantitatively assessed and documented and recommendations for mitigation, enhancements, and compensating controls are developed and communicated. A risk baseline addressing risk probabilities, the triggers that cause or exacerbate the threats, and the potential exposure to loss are developed and proactively managed through corrective action plans (CAP), preventive action plans (PAP) and/or integrated Plans of Actions and Milestones (POA&M) approaches. Our Knowledge Base We are knowledgeable of Joint, DOD, Agency (DIA, NSA, etc.) and Service (Air Force, Army, Navy, etc.) security policies, memorandums, guidance, directives, regulations, manuals and have the ability to apply this information. TSTC staff have the experience and knowledge to develop and provide the following:
|
|
Federal Information Systems |
|
Our Practical Experience
TSTC staff have practical experience in certification and accreditation (C&A), security policy, testing, and training and awareness in the context of the Common Criteria, DITSCAP, FIPS 199, HIPAA, NIACAP, NISPOM, NIST Special publications 800-18, 800-26, 800-30, 800-33, 800-37, and 800-53, and OMB security guidelines, amongst others. These orders, laws and guidance are legally and logically required to operate Federal computer automated information systems. Recent staff experience includes the following:
|
 |
|
 |