Defense Information Systems Agency (DISA)
Challenge
A high-profile Defense Information Systems Agency (DISA) element required expert support in system engineering and information assurance (IA). This DISA element implements world-wide communications and information technology services for senior US government leadership and thousands of support personnel. Within the past several years the organization went through tremendous modernization and increase in sophistication of its information technology infrastructure but recently experienced a reduction of its budget. The challenge was: How could the organization modernize its IA program to be fully compliant with the latest DoD guidance, including the DoD Information Assurance Certification and Accreditation Process (DIACAP), maintain consistent operation of high-availability requirement systems, and accomplish all this on a reduced budget? Veris Group was selected to deliver these solutions, including IA program evaluation and modernization, full implementation of DIACAP, and on-going development and administration of a critical general support system.
Solution
Veris Group responded to the challenge by identifying key personnel who had previous experience with this DISA element and extensive experience and training in DoD IA requirements and system technologies employed by the organization, and we provided the personnel at highly competitive rates to meet the organization’s budgetary restrictions. Veris Group personnel had the requisite security clearances to meet the customer’s stringent requirements and were available to the client at the start of the effort. By engaging the customer’s key stakeholders early, identifying core areas for improvement, and quickly defining efficient processes for accomplishing IA tasks and system administration, Veris Group’s staff was able to deliver immediate results.
With the key personnel in place, Veris Group defined a concept of operations (CONOPS) for the IA program that addressed the organizational structure, stakeholders, critical processes, and key directorate and command interactions that were essential to successful IA implementation. Veris Group interlaced requirements such as DoD Instructions 8510.01, 8500.2, and 8570, and the Chairman of the Joint Chiefs of Staff Instruction 6510 with the IA CONOPS to ensure all elements of a compliant DoD IA program were addressed. This has allowed the customer to fully integrate key IA processes, such as certification and accreditation, with the lifecycle of all of their systems. In support of the high-availability general support system, Veris Group defined processes such as Information Assurance Vulnerability Alert identification and remediation and new software evaluation and approval methodologies that allow for consistent, timely, and compliant improvements to a production system that cannot afford any downtime.
Results
Veris Group has implemented the evaluation, ongoing monitoring, certification testing, and accreditation of over a dozen customer systems of varying sizes and types; maintained positive accreditation status for all identified systems; and accomplished this within the timeframe and budget restrictions the client operates under. Veris Group developed and implemented a fully compliant IA program, identifying the key offices, personnel, and processes that support consistent, successful implementation of the program. In addition, Veris Group’s administration and management support of the critical general support system has ensured system up-time requirements have been met without sacrificing security or compliance.
