|
Past Performance
Customer: Air Force Reserve Command
Type of Service: Consulting and Technical Support For the Air
Force Reserve Command Information Assurance Assessment and
Assistance Program (IAAP) and Certification and Accreditation
Program
Overview: EADS North America Defense Security
and Systems Solutions, Inc. (DS3) provided consulting and technical
support for the Air Force Reserve Commands’ Information
Assurance Assessment and Assistance Program (IAAP). We provided
assessment and assistance support services to AFRC and their
tenant units, helping to ensure they have an effective IA
program. We provided support to their IP Operations and Network
Control Center (NCC) operations which enhanced the security
posture of assigned information systems and information,
security, availability, and reliability of information systems
that support the AFRC information infrastructure. We assessed
the quality of the entire Information Assurance (IA) program
and the individual component programs of Computer and Network
Security (COMPUSEC), Communications Security (COMSEC), Emission
Security (EMSEC), and the IA Awareness program.
We also provided certification and accreditation
(C&A) maintenance support services for both the classified
and unclassified AFRC Enterprise networks. DS3 initially organized,
trained, and directed a multi-tiered certification team comprised
of government and contractor personnel at HQ AFRC and 17 AFRC
host bases/sites. We planned, developed, and tailored an Enterprise
Family of Systems (FoS) C&A approach that provided a single
Enterprise Information System Security Policy (ISSP) and configuration
baseline governing all subordinate local area networks and
organizational units. We developed and trained certification
team members documenting base-level architecture and site-specific
procedures and policies. We customized and administered an
automated C&A tool to facilitate FoS data collection and
analysis throughout the enclave’s lifecycle. DS3 provided
technical support and assistance to HQ AFRC and AFRC sites
in the security test and evaluation of all National, DoD and
Air Force security requirements. We collected, analyzed, correlated,
and reported ST&E results to the certification team and
DAA. We prepared and presented current risk assessments and
accreditation recommendations to the DAA, and assisted in the
establishment of an Enterprise Configuration Control Board
to ensure continuous risk assessment. We provided daily support
services to ensure the AFRC Enterprise networks continued to
protect assigned information systems, and the security, availability,
and reliability of information and systems supporting the AFRC
information infrastructure.
DS3 established an Information Assurance Assessment
and Assistance Program (IAAP) that provided commander’s
at all levels a measurement of the security posture of an installation,
and the health of the organization's Information Assurance
(IA) Programs. The IAAP is an extension of the existing and
successful Communications Security (COMSEC) Inspection Program.
During each IAAP, DS3 worked as part of the AFRC IAAP team
and with organizational managers to identify and correct as
many vulnerabilities possible during the visit through hands-on
assistance, providing guidance, and on-the-job training. Identifying
how to correct specific weaknesses or problems directly improves
security and enhances an organization's security posture through
individual disciplines/programs. Typical support services provided
include:
• Complete Security Assessment
• Network Evaluation and Security Assessment/Test
• Security Policy and Procedure Review
• Certification and Accreditation Process Review
• Recommended Security Protection Solutions
|
