 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
|
|
 |
 |
 |
 |
 |
|
Contact Us
|
INFORMATION ASSURANCECapabilitiesInformation assurance (IA), the protection of information and its critical elements, is essential in the implementation of information technology (IT) and is rapidly maturing and growing as a discipline. We develop security policies and plans, investigate security vulnerabilities, and develop architectures, systems, and techniques to protect information resources from attack and exploitation.
LMI systems—both our internal general support system (GSS) and our external IT service center, which hosts our government clients’ systems—comply with the Federal Information Security Management Act (FISMA) requirements. We follow the requirements of Office of Management and Budget (OMB) Circular A-130, Appendix III, “Security of Federal Automated Information Systems,” the Federal Information Processing Standard (FIPS) Publication 199, Standards for Security Categorization of Information and Information Systems, as well as other statutory requirements. LMI has recently been fully certified and received its formal approval to operate (ATO). Our internal security group works with our IT and IA consultants to ensure our systems meet federal and DoD security requirements and that LMI practices what it preaches.
Our staff offers a wide array of services and has experience in all facets of IA, including the following:
Certification and Accreditation We provide our clients a structured certification and accreditation (C&A) approach for developing consistent, comparable, and repeatable assessments; promoting a better understanding of agency-related mission risks resulting from the operation of IT systems; and creating more complete, reliable, and trustworthy information. We have worked on more than 200 C&A projects for federal and Department of Defense (DoD) agencies, using National Institute of Standards and Technology (NIST) and DoD guidance.
LMI has written numerous security plans, system security authorization agreements, and security test and evaluation plans and tested the vulnerability of systems. We have developed our own risk assessment method, based on NIST SP 800-30. As a result of LMI expert support, our clients have been able to complete their component documentation and their full C&A projects on time and within budget.
Chief Information Officer and IT Program Support LMI has exceptional experience in assisting federal agencies in IT planning and implementation. We are a leader in developing Federal Enterprise Architecture (FEA)–compliant enterprise architectures, and we help agency chief information officers (CIOs) establish or improve the IA posture in their agencies. In addition to helping agencies comply with IA regulations, such as the Federal Information Security Management Act (FISMA), we prepare IA strategies that entail an integrated approach at the enterprise level. We have experience writing the full suite of security documentation required for federal acquisitions, such as IT security policies, OMB exhibit 300 documentation, and concepts of operation. Recently, the DoD CIO chose an IA acquisition strategy we developed for one of our clients as an example of a best practice for all DoD program managers.
Our IA analysts are experts in the aggregate of public law, directives, regulations, and rules that regulate how an organization manages, protects, and distributes information. We help our clients wade through the confusing array of legislation, directives, and guidance to get to the core requirements. We also help them describe the IA operations of their information systems and clearly delineate IA responsibilities and the behavior expected of all personnel.
Business Continuity Planning and Continuity of Operations Planning Federal managers need comprehensive processes to ensure their agencies are able to recover from disaster. We have exceptional expertise in business continuity planning (BCP) and continuity of operations (COOP) planning and fully support all aspects, from developing an initial contingency policy statement, to analyzing business impacts and developing contingency plans, to delivering training and exercises.
Identity Management Public Key Infrastructure/Digital Signatures Managing secure access to information and applications is a major undertaking facing all federal agencies. The issues are complex, involving everything from managing multiple versions of user identities across multiple applications to reducing sign-on access. LMI can help analyze potential costs and implementation issues for electronically submitting forms containing digital signatures. We have performed extensive market research and can provide expert technical information on using digital signatures, implementing electronic forms, and complying with regulations for electronic signatures and authentication.
LMI is engaged in an internal research and development project to develop a wireless security risk assessment method. Our information assurance staff identified a need for a comprehensive, efficient method to guide government decision making with regard to wireless connectivity. A tool for clearly defining wireless needs, assisting with developing policy and guidelines to fulfill those needs, and providing guidance for implementing a wireless plan is essential for security in today’s increasingly wireless business environment.
Numerous federal agencies have implemented wireless technology, which they use to increase employee efficiency, provide new business capabilities, support asset visibility, increase productivity, and improve data transfer accuracy and timeliness. This technology is deeply embedded into business systems: existing and planned systems often cannot function without the mission-critical capabilities it provides.
During our initial research, LMI found that many agencies are having difficulty implementing wireless networks securely. As a consequence, LMI has determined that a wireless security risk assessment method is not only needed by agencies with wireless networks, but also by those that have not implemented wireless networks. One result of our project is a method agency decision makers can use to assess their wireless security posture, whether or not wireless networks are implemented. CLIENTS AND SOLUTIONSDHS—Protecting Our Borders The U.S. Customs and Border Protection Non-Intrusive Inspection (NII) Systems Program supports the interdiction of weapons of mass destruction (WMD), contraband, and illegal aliens being smuggled across U.S. borders, while facilitating the flow of legitimate commerce. During fiscal year 2007, the NII Systems Program was changed from a non-IT investment to an IT investment, and the life cycle was changed from mixed to operations and maintenance (O&M). Due to these programmatic changes, LMI was called upon to provide significant IA support to meet new requirements from OMB and the Department of Homeland Security (DHS). LMI analysts prepared all of the required security documentation for a NIST-compliant C&A, including a system security plan, risk assessment, plan of actions and milestones (POA&M), privacy threat assessment, and contingency plan. As a result of our support, the NII Systems Program was able to achieve an ATO.
CDC—Certifying Mission Critical Systems The Centers for Disease Control and Prevention (CDC) asked LMI to support the C&A of the IT systems for the Division of the Strategic National Stockpile (DSNS). The DSNS mission is to deliver critical medical assets to the site of a national emergency. The program provides pharmaceuticals, vaccines, medical supplies, and medical equipment that support CDC emergency response teams and augment depleted state and local resources during response to terrorist attacks or other emergencies. LMI is helping the DSNS certify and accredit several mission-critical systems. We have completed a number of information assurance actions required to obtain an ATO for the first two DSNS systems. We conducted detailed technical interviews and documented the information system security policy, system architecture analysis and description, and system security requirements plan. We assisted in the preparation of privacy impact assessments (PIAs), conducted risk assessments, documented residual risks, and prepared the system security plan as well as the system POA&M. We were responsible for determining the effectiveness of the security controls used to protect system availability, data integrity, and confidentiality. A critical key component for the CDC C&A process is an actionable, functional BCP. LMI is helping write the BCP, writing the BCP tabletop and functional exercise plans, and helping conduct exercises.
DHS-USCG—Security Classification Guidance The DHS United States Coast Guard (USCG) Office of Performance Management and Decision Support asked LMI to facilitate a standardized and efficient classification management guide for USCG operational and readiness data. The USCG Operational and Readiness Security Classification Guide (SCG) is a key component of this effort. The Coast Guard is distinctive among all services in that it must play dual roles, both civilian and military. Increasingly, the Coast Guard is working with data and information critical to national security, and it identified a clear need to develop more specialized, supplemental guidance to address the special classification needs of its data and information. The SCG provides detailed classification guidance on program-specific information for use in applying appropriate security classification markings. It provides initial guidance as to what topics of program-specific information should or should not be classified, reasons for classification, and how long the information is to remain classified. The SCG is intended to provide guidance to facilitate the proper and uniform derivative classification of information.  |
|||||
| :: SITE MAP :: ACCESSIBILITY :: PRIVACY | © 2008 LMI • 2000 Corporate Ridge • McLean VA 22102 • 800-213-4817 |