Engineering Services
Experienced, vendor-certified personnel to secure your enterprise networks and systems.
Improve Your Cyber Security Posture

Our highly trained, certified and cleared AASKI Cybersecurity team provides our DoD, Federal and private sector customers with cutting edge expertise and unsurpassed experience securing information systems, networks and enterprise systems from a continuously evolving threat environment.

Information Assurance Engineering

AASKI Cyber Security/Information Assurance (CS/IA) Engineering encompasses multiple security disciplines, including security architecture engineering, security assessment and authorization (A&A) support, system vulnerability identification and remediation, security artifact and supporting document production, lifecycle Information Assurance Vulnerability Management (IAVM), penetration testing and ethical hacking, and maintenance of Federal Information System Management Act (FISMA) compliance.

AASKI's IA staff possesses the DoD 8570.01-M mandated Information Systems security certifications (IAT/IAM level II and III) required for supporting DoD IA programs and projects, to include certifications for CISSP, CISM, CEH and Security +. Additionally, members of the technical staff possess a Top Secret (TS) security clearance, with no team member having less than a Secret clearance.

NIST Risk Management Framework (RMF) Support

AASKI's cyber security team has extensive experience providing comprehensive, life cycle RMF management and technical support for several tactical and non-tactical U.S. Army information systems owners. Our RMF program support has included:

  • Proactive expertise in the advancement of DoD cybersecurity risk management for our customers
  • System Categorization support to determine specific as well as overall adverse impact to losses or compromise of Confidentiality, Integrity or Availability to a system or its information.
  • Analysis, identification and assignment of NIST Special Publications 800-53 security controls, applicable overlays and federal security standards.
  • Development of RMF artifacts and supporting documentation in support of authorization
  • Systems and Network Vulnerability Assessment (NVA) scanning
  • Vulnerability Identification, documentation, and remediation tracking of in accordance with the IAVM process.
  • Formal Security Control Assessment (SCA) test support

Cross Domain Solutions

AASKI security engineers support Cross Domain Solutions (CDS) and have assisted Army sites and the Army Cross Domain Solutions Office (CDSO) with ensuring policies and procedures are followed, and requirements met for fielding Defense Information Infrastructure (DII) Guards. AASKI assists and supports with reviewing and validating requirements, working with the DISA Connection Approval Office or the supporting CDSO, and assist with fielding Cross Domain Solutions (CDS) technology baselines.

FISMA and IAVM Compliance

As part of our lifecycle A&A program support, AASKI ensures that our customer’s information systems maintain a post-deployed security posture in compliance with requirements of the Federal Information Security Management Act (FISMA). We participate in the preparation and execution of the FISMA Security Controls Review to ensure DoD and Federal information systems comply with FISMA requirements. The validity and effectiveness of key security controls are evaluated, to include an analysis of disaster recovery and continuity of operations, and reviews of policy and process incident response planning, production code changes to determine IA impacts, current IAVM policies and management, and periodic integrity testing. AASKI provides our customers a formal report of annual FISMA review results for specific DoD information systems.

AASKI is experienced in, and currently supports the Information Assurance Vulnerability Management (IAVM) process for our customers. Current support includes application of mandated DoD and Army security configuration changes to customer Information Systems security baseline by application of patches as defined by Information Assurance Vulnerability Alerts (IAVAs), Information Security Vulnerability Bulletins (IAVB), and Technical Advisories (TA). Additionally, AASKI provides IA Configuration Management by maintaining a database of all relevant IAVM, IAVB, and TB, as well as change and version control of RMF artifact documentation.

Security Assessments and Remediation

To ensure a successful and thorough security assessment of customer information systems, AASKI identifies and implements applicable Security Technical Information Guides (STIGs) and Security Requirements Guides (SRGs). We run automated scan tools against the network, operating systems and compatible applications, conducting additional manual assessments as necessary, using approved DoD and Army solutions:

  • Assured Compliance Assessment Solution (ACAS), using the Nessus vulnerability scanner
  • Security Content Application Protocol (SCAP) Compliance Checker (SCC) with STIG benchmark content

All scan tools are updated to use the latest STIG and IAVM audits, feeds and plugins. We supplement these scans with a manual review of systems applications for requirements not assessed by the automated tools.

We evaluate developed applications using the DISA Application Security and Development STIG checklist, which provides security guidance promoting and ensuring the development, integration, and update of secure applications. This assessment includes:

  • Reviews of systems and application documentation, code, files, and policy
  • Interviews with applications representatives, systems administrators and developers
  • Demonstrations of required security features and practices by applications representatives, systems administrators and developers
  • Remediation of vulnerability through system and code configuration/modification as indicated by security controls

Assessment results are delivered via a Security Assessment Report (similar artifact per customer requirements), identifying and summarizing potential vulnerabilities, threats, risks and mitigation strategies for customer review. We confer with the customer and implement mitigation or remediation measures at the customer's direction.

Footer Logo
© Copyright AASKI Technology - All Rights Reserved.