Omitron has extensive experience in providing IT Security Engineering and Information Assurance services. Omitron’s Security Solutions Group is made up of information assurance experts, network architects, systems and security engineers, and technology professionals who are well educated, experienced, and hold professional certifications.
Certification and Accreditation
Omitron has a significant experience in assisting several different Federal government agencies develop their C&A packages. We are experienced in the development of all phases and pieces of the C&A package to include the System Security Plan (SSP), the Vulnerability Assessment, the Risk Assessment, Security Testing and Evaluation (ST&E), and the Plan of Action and Milestones (POAMs), and the additional supporting documentation that comprises the C&A package. Omitron has conducted numerous certifications and achieved corresponding successful accreditations by employing proven methodologies under the former DISTCAP and the current DIACAP accreditation processes for DoD systems, and by utilizing the NIST accreditation process for federal systems.
Security Test and Evaluations
Omitron can conduct comprehensive testing to assess the extent to which a system's security controls are implemented correctly, operate as intended, and produce the desired outcome. Evaluation criteria is based on NIST SP 800-53A. Omitron provides an Independent Verification and Validation (IV&V) capability to evaluate the correctness and quality of C&A work performed by the owning organization or by its support contractors. We evaluate a system's security categorization, its System Security Plan, verify that correct security controls are selected, create a Security Assessment Plan, conduct a security assessment, and produce a Security Assessment Report (SAR). Our approach ensures that C&A packages are standardized, correct, and complete.
The selection and integration of sound security technologies is necessary to ensure your system’s reliability and robustness, protect sensitive data and preserve privacy. The Omitron team has demonstrated expertise in current and emerging IA technologies that cover:
Network and Internet security |
Identity and access management
Encryption and PKI
Enterprise security architecture
Web application hardening
Effective security management enables systems to be developed, operated, and maintained in compliance with federal standards and directives under FIPS and FISMA, are ensures that they are compliant with NIST Special Publication guidelines, and are conforming to agency and organizational requirements. Omitron provides an array of security services that span risk management, information management and protection, information systems management, enterprise security architecture, financial management, and capital planning and investment.
We understand the criticality of integrating security into the system lifecycle and throughout its initiation and planning, development and acquisition, implementation and assessment, and operations and maintenance phases. The Omitron security team provides proven capabilities to its customers in areas such as:
| Incident response
Security awareness and training
Security Policy and Operational Procedure Development
Omitron's information assurance experts collaborate with your project management to review existing policies, standards, and procedures; to identify gaps relative to your organization's needs and applicable regulatory requirements; to fill those gaps to ensure that documentation is relevant, understandable and in alignment with your operational mission and with the applicable regulatory coverage. Our experts work with your organization to develop strategies for effectively communicating policies, standards and procedures for measuring good security practices and compliance.
Highlights of Recent IT Security Work
|JSC IT Security and Information Assurance Support
Omitron provided security engineering services for ground and support systems spanning the operational and development environments for the Mission Control Center at the Johnson Space Center in Houston, TX for the Mission Operations Directorate. Omitron was instrumental in the successful accreditation of several major NASA systems.
The Omitron team was responsible for maintaining the security posture of these systems throughout their security lifecycle. The team evaluated all proposed changes regarding the potential security impact to the systems. Omitron documented all changes in the system security plans and updated system inventories, system diagrams, and system descriptions. The team developed Contingency Plans, Continuous Monitoring Plans, and Training Plans. Omitron compiled and delivered the certification and accreditation packages.
|NESDIS IT Security Support
Omitron provides certification and accreditation services for the operational satellite ground systems as well as for new systems for the NOAA/NESDIS Office of Systems Development at the NOAA Satellite Operations Facility. Omitron plays a significant role in the successful accreditation of major NOAA systems.