Project
Information Assurance and ISSO Support
Challenge
The DHS Science and Technology Directorate (S&T) is tasked with researching and organizing the scientific, engineering and technological resources of the United States and leveraging these existing resources into technological tools to help protect the homeland. To assist in that effort, SiloSmashers provides information assurances services and project management through an ISSO team that is responsible for securing and fully supporting the authority to operate (ATO) and transition to Ongoing Authorization for classified and unclassified S&T systems to further their mission. SiloSmashers provides thought leadership on security posture, drives process improvement, assesses and analyzes risk, recommends mitigation and remediation strategies.
Solution
- Led an aggressive, integrated effort between Operations, Engineering and Information Assurance to address wide-spread vulnerability and patching issues which led to aggressive remediation activities. This ensured a more current, near real-time representations of data used to develop the FISMA scorecard. Took S&T from ‘worst to first’ in FISMA scorecard standings for the Department.
- Developed standardized scanning profiles and methodology for all S&T laboratory components and headquarters.
- Created Review/Comment process for S&T and began policy document review.
- Authored a Vulnerability Management Policy that provides the structure, process and procedures for a Vulnerability Management Team.
- Developed root cause analysis for systemic programmatic and operational issues within the S&T environment.
- Worked closely with the CISO to drive the current IA standardization project which includes creating ‘Gold’ system images for S&T, (pilot/rollout/phased migration for Windows, Mac, and Linux).
Results
Through these efforts, changes in the applications, data processing and transfer have had a positive impact DHS-wide, resulting in more accurate and timely data being presented through the scorecard to DHS leadership. S&T’s FISMA scores now lead the Department and have set a benchmark for all of the agency components. In addition, SiloSmashers was recognized as the Information Systems Security Officer of the Year for S&T. Integration of teams and purpose, building an ‘economy of effort’ and providing leading edge expertise are hallmarks of the SiloSmashers team.
Client Benefits
- Enhanced security posture.
- S&T Recognition from peer DHS components as a thought leader in integration and methodology.
- Significantly improved patching and vulnerability ‘time to remediate’ response.
- Repeatable processes to ensure continued integration of effort and resources.