join us on facebook
The Saturn Partners, Inc. | Business Process Improvements | Saturn Partners, Inc. | #1 Experts
4277
page,page-id-4277,page-child,parent-pageid-4178,page-template-default,ajax_fade,page_not_loaded,smooth_scroll,,wpb-js-composer js-comp-ver-3.6.12,vc_responsive

Regulatory Compliance

The Saturn Partners Inc. has the expertise to assist clients in both government and private sectors in becoming compliant with the standards bodies listed below, using these state of the art process:

 

Network and Critical Infrastructure Security Auditing

 

General Control Audits in accordance with OMB A-130/A-123, FISCAM, FISMA, NIST (e.g. SP 800-53) and AICPA requirements

 

    • General Control Reviews:
      • Network Management
      • Security Administration
      • Logical access controls
      • Physical access controls
      • Network security structures
      • Operating systems controls
      • Telecommunication devices
      • other related configurations

       

    • Audit Plans for operating systems:
      • MVS/RACF/ACF2/TOP SECRET
      • Windows
      • UNIX
      • Networks
      • Routers
      • Telecommunication Switches
      • PBXs
      • Database Management Systems (e.g., Oracle, Sybase, MS-Access, etc.)
      • Penetration Testing (Hacking) in the context of a General Controls Review.
      • Audit and Reviews executed in accordance with Yellow Book standards.
      • Provide annual FISMA independent testing and support for Program and CIO offices.
      • Provide annual FISMA independent testing and support for OIG offices.
      • Provide NIST Special Publication (SP) 800-53 controls identification and testing.
      • Provide NIST SP 800-40 software patch management policy documentation and testing support.
      • Provide NIST SP 800-37 security test and evaluation support.
      • Provide privacy impact assessment policy documentation and evaluation support.
      • Provide NIST SP 800-61 computer security incident handling policy documentation and testing support.

 

Application Control Audits in accordance with OMB A-130/A-123, FISCAM, FISMA, NIST (e.g. SP 800-53) and AICPA requirements

    • Application control reviews for adequate internal controls for:
      • Financial Applications
      • Logistics
      • Contracting
      • Network Management
      • Audit and Reviews executed in accordance with Yellow Book standards.
      • Provide annual FISMA independent testing and support for Program and CIO offices.
      • Provide annual FISMA independent testing and support for OIG offices.
      • Provide NIST Special Publication (SP) 800-53 controls identification and testing.
      • Provide NIST SP 800-40 software patch management policy documentation and testing support. Provide NIST SP 800-37 security test and evaluation support.
      • Provide privacy impact assessment policy documentation and evaluation support.
      • Provide NIST SP 800-61 computer security incident handling policy documentation and testing support.

 

Assessments

    • Risk assessments
    • Threat Assessments
    • Vulnerability Assessments

 

Certification and Accreditation
System Test & Evaluations (ST&Es) in accordance with Federal and Department/Agency security requirements.
 

    • Development of ST&E Documentation:
      • Certification Plan
      • ST&E Plan and Procedures
      • Test Reports
      • Transition Plans
      • Engineering Recommendations

       

    • Security Testing For:
      • Personnel
      • Physical
      • Communication
      • Computers
      • Applications
      • Administrative
      • Procedures
      • Develop Penetration and Analysis (Hacking) procedures and execute those developed procedures.
      • Development and maintenance of Certification and Accreditation findings reporting systems.
      • Application of NIST Self Assessments

 

Business Process Improvement

 

Engineering Approach

 

      • Evaluation and integration of new technologies into existing architectures or new architectures.
      • Cost/benefit analysis for development decisions on financial and non-financial applications.
      • Benchmarking of types of software used in other agencies and organizations.
      • Benchmarking of COTS packages against desired functionality in applications.
      • Architectural modifications to existing systems after analysis of what’s in place and where the organization wants to go. Certification and Accreditation Approach
      • Development of enterprise-wide C&A solutions to achieve consistency of IA controls and economies of scale.
      • Providing Certification and Accreditation services as Managed Service solutions.
      • Development and integration of of Certification and Accreditation approaches for client/server architectures and applications.
      • Development and integration of Certification and Accreditation approaches for Service Oriented Architectures (SOAs).
      • Development and integration of Certification and Accreditation approaches for Managed Service architectures and applications.
      • Integration of FISMA-compliant control reviews and Plan of Actions and Milestones (POA&M) management solutions into Certification and Accreditation approaches.

 

Security Engineering and Analysis

 

Security Engineering

 

    • Security training and self-assessments through web-based tools. Secure configuration of:
      • Routers
      • Network Management Software
      • PBXs
      • Operating Systems
      • Database Management Systems
      • Telecommunications switches
      • Firewalls
      • other SNMP Devices
      • Secure Software Development.
      • Preparing and Documenting Network Security Configuration Guides.
      • Development of Plan of Actions and Milestones (POA&M) management solutions to meet FISMA requirements.
      • Provide NIST SP 800-18 System Security Plan support incorporating NIST SP 800-53 controls.
      • Provide FIPS 199 and NIST SP 800-60 security categorization rationale and support.
      • Provide NIST SP 800-30 risk management identification, risk assessment testing, and risk assessment strategy/support.
      • Provide NIST SP 800-40 software patch management policy documentation and testing support.
      • Provide NIST SP 800-50 security training and awareness policy, training, and tracking support.
      • Provide NIST SP 800-64 configuration management plan/SDLC policy documentation and testing support.
      • Provide disaster recovery and contingency planning documentation and evaluation support.
      • Provide NIST SP 800-61 computer security incident handling policy documentation and testing support.

 

Certification and Accreditation Support

 

      • Integration of Information Assurance and innovative approaches to meet Certification and Accreditation process requirements into the acquisition process and through the System Development Life Cycle (SDLC).
      • Introduction of enterprise modeling for Information Assurance to achieve economy of scale and streamlined approval within complex Certification and Accreditation efforts.
      • Program Management support for system/program Certification and Accreditation activities.
      • Performance of mock Certification and Accreditation testing at key points within the SDLC to prepare sites and system owners and to reduce operational risks associated with Certification and Accreditation.
      • Application of NIST Self Assessments to prepare for FISMA compliance reviews and to seamlessly transition from the development to production IA environments.
      • Execution and maintenance of Plan of Actions and Milestones (POA&M).

 

Security Analysis
 

    • Evaluation of existing Security Programs.
    • Development of Organizational; Programmatic; and Implementation Security Policies.
    • Evaluation of connectivity requirements and development of Memorandum of Assignments and Memorandum of Understandings.

 

    • Development of Security related Documentation:
      • Contingency Plans (Tested)
      • Security Plans
      • System Security Authorization Agreements (SSAA)
      • Connection Approval Packages
      • Security Transition Plans
      • Assessment Reports
      • Security Features Users Guide (SFUG)
      • Trusted Facility Manual (TFM)
      • Vulnerability Analysis.
      • Definition and Implementation of self-assessment security programs.
      • Develop technical evaluation procedures for operating systems:
      • MVS/RACF/ACF2/TOP SECRET
      • Windows
      • UNIX
      • Networks
      • Routers
      • Telecommunication Switches
      • PBXs
      • Database Management Systems (i.e., Sybase; MS-Access; and ORACLE)

 
Investigative Support Services and Evidential Information

 

      • Evidence gathering through the use of Information Technology.
      • Configuration of computers, networks, firewalls, and routers in anticipation of evidential information gathering for investigative support matters.
      • Provide NIST SP 800-61 computer security incident handling policy documentation and testing support.
 
 

Liked What You Just Read? Join the Highest Level Newsletter in the InfoSec Industry.

Latest News:


Google