Cybersecurity Assurance

27773284-Online-Security-Technology-background-Stock-Photo-security-data-information

Propelled Technologies (PT)’s cybersecurity personnel manage and direct activities associated with conducting acquisition systems certification and accreditation (C&A). These personnel perform applications risk assessment, security certification and accreditation responsibilities, develop and evaluate information technology (IT) system security techniques, system support plans and provide technical expertise in implementing security standards and guidelines outlined in National Security Agency (NSA), Department of Defense (DoD), National Institute of Standards and Technology (NIST) and  Air Force instructions, manuals and policies to provide security guidance and information to new and/or existing systems throughout their lifecycle.

PT Subject Matter Experts(SME) provide services for certification and accreditation (C&A) and risk management framework (RMF). PT SME’s also provide information technology (IT) systems security technical expertise in implementing security standards and guidelines outlined in National Security Agency (NSA), Department of Defense (DoD), National Institute of Standards and Technology (NIST) and existing systems throughout their acquisition lifecycle.

Provides support to C-suite Cybersecurity Assurance performed remotely or on site. 

Manage and direct activities associated with conducting acquisition systems maintained C&A/A&A documentation

Performs applications risk assessment, security certification and accreditation responsibilities.

Develops and evaluate information technology (IT) system security techniques, system support plans and provide technical expertise in implementing security standards and guidelines outlined in National Security Agency (NSA), Department of Defense (DoD), National Institute of Standards and Technology (NIST) and DoD instructions, manuals and policies to provide security guidance and information to new and/or existing systems throughout their lifecycle. 

 

Provides support to the Certifying Authority/Security Control Assessor(SCA).

Provides and maintaines C&A/A&A documentation supporting DIACAP and RMF as required.

Provides services for all facets of cybersecurity, A&A and risk management framework (RMF).

Performs RMF activities supported DoDI 8510.01 RMF for DoDIT

Employes disciplined systems engineering processes including, but not limited to, integrated risk management, and test, evaluation, verification and validation practices throughout the period of performance of task orders IAW AFI 63-1201, Life Cycle Systems Engineering.

Ensures all personnel performing Cybersecurity Assurance activities obtain and remain current with, required technical and/or management certifications meet DoD 8570.01-M, Information Assurance Workforce Improvement Program and Department of Defense Directive (DoDD) 8570.01, Information Assurance Workforce Training, Certification and Workforce Management requirements, to include Communications Environment (CE) certification.

Ensures that IA policy was implemented correctly on systems, contractors shall ensure compliance with DoD and AF Certification & Accreditation policy, specifically DoDI 8510.01, DoD Information Risk Management Framework (RMF) for DoD Information Technology (IT), March 12, 2014, and AFI 33-210, Air Force Certification and Accreditation Process (AFCAP).

Performs cybersecurity for cloud solutions deployed to Infrastructure as a Service (IaaS), Platform as a Service (PaaS) or similar environments, and thus inherit existing network security controls, application security assurance is required at the Application layer of the TCP/IP DoD Model. Ensured that all application deliverables adhere to Public Law 111-383, which states the general need for software assurance. Specifically, the contractor shall ensure that all application deliverables comply with the Defense Information Systems Agency (DISA) Application Security & Development Security Technical Implementation Guide (STIG), which includes the need for source code scanning, the DISA Database STIG, and a Web Penetration Test to mitigate vulnerabilities associated with SQL injections, cross-site scripting, and buffer overflows

Provides the following deliverables Monthly Status Report, Weekly Activity Report, Technical Report, Meeting minutes, Certification of Personnel.