In 2005, working with our academic partner – the Indiana University of Pennsylvania (an DHS/NSA Center for Academic Excellence in Information Assurance Education), TDG developed a copyrighted course that teaches senior federal managers how to implement and manage a federal information assurance program. The life cycle is 100% compliant with FISMA/NIST and was developed five years before NIST introduced their Risk Management Framework (RMF) process in NIST SP 800-37 rev1. All of our Assurance services follow this life cycle process approach.
Assessment and Authorization (A&A)
TDG has conducted over 500 A&A efforts for over 20 federal agencies. We have used various A&A tools such as CSAM, Xacta, RMS, and others. We have conducted efforts for all steps in the NIST RMF.
Security Program Evaluation
TDG has provided full security program evaluations for multiple federal agencies reporting at the CIO level in the organization. We provide as-is and desired end state comparisons using subject matter experts and employing automated tools to provide senior management executable short and long-term strategies.
To provide continuous monitoring at the operational and technical levels, we have supported federal agencies in developing strategies for continuous monitoring testing of controls on an annual basis. At a technical level we have conducted vulnerability scanning and assisted agencies in developing a DHS complaint Continuous Diagnostics and Mitigation (CDM) program.