AASKI Cyber Security/Information Assurance (CS/IA) Engineering encompasses multiple security disciplines, including security architecture engineering, security assessment and authorization (A&A) support, system vulnerability identification and remediation, security artifact and supporting document production, lifecycle Information Assurance Vulnerability Management (IAVM), penetration testing and ethical hacking, and maintenance of Federal Information System Management Act (FISMA) compliance.
AASKI's IA staff possesses the DoD 8570.01-M mandated Information Systems security certifications (IAT/IAM level II and III) required for supporting DoD IA programs and projects, to include certifications for CISSP, CISM, CEH and Security +. Additionally, members of the technical staff possess a Top Secret (TS) security clearance, with no team member having less than a Secret clearance.
AASKI's cyber security team has extensive experience providing comprehensive, life cycle RMF management and technical support for several tactical and non-tactical U.S. Army information systems owners. Our RMF program support has included:
AASKI security engineers support Cross Domain Solutions (CDS) and have assisted Army sites and the Army Cross Domain Solutions Office (CDSO) with ensuring policies and procedures are followed, and requirements met for fielding Defense Information Infrastructure (DII) Guards. AASKI assists and supports with reviewing and validating requirements, working with the DISA Connection Approval Office or the supporting CDSO, and assist with fielding Cross Domain Solutions (CDS) technology baselines.
As part of our lifecycle A&A program support, AASKI ensures that our customer’s information systems maintain a post-deployed security posture in compliance with requirements of the Federal Information Security Management Act (FISMA). We participate in the preparation and execution of the FISMA Security Controls Review to ensure DoD and Federal information systems comply with FISMA requirements. The validity and effectiveness of key security controls are evaluated, to include an analysis of disaster recovery and continuity of operations, and reviews of policy and process incident response planning, production code changes to determine IA impacts, current IAVM policies and management, and periodic integrity testing. AASKI provides our customers a formal report of annual FISMA review results for specific DoD information systems.
AASKI is experienced in, and currently supports the Information Assurance Vulnerability Management (IAVM) process for our customers. Current support includes application of mandated DoD and Army security configuration changes to customer Information Systems security baseline by application of patches as defined by Information Assurance Vulnerability Alerts (IAVAs), Information Security Vulnerability Bulletins (IAVB), and Technical Advisories (TA). Additionally, AASKI provides IA Configuration Management by maintaining a database of all relevant IAVM, IAVB, and TB, as well as change and version control of RMF artifact documentation.
To ensure a successful and thorough security assessment of customer information systems, AASKI identifies and implements applicable Security Technical Information Guides (STIGs) and Security Requirements Guides (SRGs). We run automated scan tools against the network, operating systems and compatible applications, conducting additional manual assessments as necessary, using approved DoD and Army solutions:
All scan tools are updated to use the latest STIG and IAVM audits, feeds and plugins. We supplement these scans with a manual review of systems applications for requirements not assessed by the automated tools.
We evaluate developed applications using the DISA Application Security and Development STIG checklist, which provides security guidance promoting and ensuring the development, integration, and update of secure applications. This assessment includes:
Assessment results are delivered via a Security Assessment Report (similar artifact per customer requirements), identifying and summarizing potential vulnerabilities, threats, risks and mitigation strategies for customer review. We confer with the customer and implement mitigation or remediation measures at the customer's direction.