Information Security and Privacy (IS&P) Program Support
The contract scope of work entails the provision of Information Security and Privacy (IS&P) support services for the entire FAA. TDG provides support in the security assessment, privacy, and risk management support areas for all the FAA systems in the inventory. Core focus of this support requires the development of System Authorization Packages for the FAA Federal Information Security Management Act (FISMA) Reportable Inventory, 290 systems, annually. The 290 FISMA Reportable systems include LANs/WANs, Data Centers, and individual applications storing and processing Human Resources (Personally Identifiable Information (PII)), security and risk management, investigation, flight standards, logistics, financial, air traffic, safety, legal, and medical data. Assessment for a typical fiscal year include reauthorizations, continuous monitoring assessments and new/initial authorizations. Support includes:
System Authorization Implementation Support
Continuous Monitoring Assessment (CMA) / Ongoing Authorization Support
Independent Assessment Services
ISSO Support Services
Vulnerability Management Support
The FAA is an early adopter of the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) program. As such, the FAA has entered into a Memorandum of Agreement (MOA) with DHS outlining CDM services and tools DHS will be providing to the FAA. TDG provides support in the selection, implementation, and management of these DHS offered services and tools, including:
Supporting the office designated as lead for the FAA DHS Continuous Diagnostics and Monitoring (CDM) early adopter program.
Providing technical recommendations on scanning and reporting capabilities (dashboards), tools, processes, and methodologies that comply with OMB, DHS, and DOT requirements in support of DHS CDM, with written reports as requested.
Developing FAA level CDM capability, strategic, and transition plans and processes in support of DHS CDM.
Conducting a study and gap analysis on existing FAA scanning and reporting capabilities that identifies gaps in scanning coverage and provides recommendations on tool consolidation, tool upgrades, new tools, and shared scanning opportunities in support of DHS CDM surveys and data calls.
Developing and providing recommendations on scanning infrastructure and architecture configurations to ensure compliance with DHS CDM and CEASARS reporting architecture, with written reports as requested.
Providing recommendations on tool configurations and placement to ensure efficiency, accuracy, and cost effectiveness.
Supporting the implementation and evaluation of CDM tools and processes in support of DHS CMD as requested.
Participating in working groups on CDM at the Federal, DOT and FAA levels as requested.
In addition, TDG provides IS&P support to the Compliance, Governance, Privacy, and Risk Management Divisions of the IS&P Organization, including:
Program Management Support
IS&P Compliance Support
IS&P Governance Support
IS&P Risk Management Support (Security Engineering)
