Assurance Services

process

In 2005 working with our academic partner – the Indiana University of Pennsylvania (an DHS/NSA Center for Academic Excellence in Information Assurance Education), TDG developed a copyrighted course that teaches senior federal managers how to implement and manage a federal information assurance program. The life cycle is 100% compliant with FISMA/NIST and was developed five years before NIST introduced their Risk Management Framework (RMF) process in NIST SP 800-37 rev1. All of our Assurance services follow this life cycle process approach.

Assessment and Authorization (A&A)

TDG has conducted over 400 A&A efforts for over 20 federal agencies. We have used various A&A tools such as CSAM, Xacta, RMS, and others. We have conducted efforts for all steps in the NIST RMF.

Agencies include: NRCS, USDA OIG, FNS, APHIS, FSIS, AMS, GIPSA, Forest Service, ARS, NLRB, DOC, HUD, FAA, DOT, FMCSA, FCC

Security Program Evaluation

TDG has provided full security program evaluations for multiple federal agencies reporting at the CIO level in the organization. We provide as-is and desired end state comparisons using subject matter experts and employing tools such as NIST’s Program Review for Information Security Management Assistance (PRISMA) to provide senior management executable short and long term strategies.

Agencies include: USDA Forest Service, DOT Federal Motor Carrier Safety Administration, GSA Office of Inspector General

Security Operations

To provide continuous monitoring at the operational and technical levels, we have supported federal agencies in developing strategies for continuous monitoring testing of controls on an annual basis. At a technical level we have conducted vulnerability scanning and assisted agencies in developing a DHS complaint Continuous Diagnostics and Mitigation (CDM) program.

Agencies include: USDA (multiple agencies/services), FAA