AiNET has the requisite expertise in DoD Information Assurance regulations to provide Information Assurance (IA) assistance to customers needing to secure their applications.
AiNET can ensure compliance with all operational and IA guidance published by DoD, JTF-GNO, and Service Branch to include applicable Communications Tasking Orders (CTOs), Information Operation Conditions (INFOCONs), Branch-specific activity messages (e.g. Army ALARACTS), Branch Best Business Practices, and DISA Security Technical Implementation Guides (STIGs). Additionally, AiNET will follow the appropriate C&A process based on the CSA for the system in question (DSS/NISPOM, DoD/DIACAP).
The Information Assurance engineers and staff provided by AiNET will support the mission at all levels throughout the project lifecycle from initial implementation, operational improvement, and end-of-life migration. As IA levels are amended and new standards developed, AiNET’s IA process will be continually enhanced. The Government’s key stakeholders will be kept well informed of current posture as well as enhanced integrity operations.
As part of its support, AINET would maintain a working expert or expert knowledge (including 8570 compliance) at hand in support of DoD security policies, directives and instructions, as well as a working knowledge of Branch-specific policies, for example, the US Army Automated Information Systems (AIS) security policy. Such work would include, but not be limited to: ensuring system certification and compliance validation in accordance with the applicable DoD, Federal, and Branch security policies; assessing impacts of integrated, interdependent, and interconnected DoD environments; analyzing system topology and architectures; conducting ports protocol and services analysis; exhibiting knowledge of IA engineering principals; and applying Application Security principles in support of the contract. All work performed under a task order would comply with all appropriate and relevant DoD and IA policies and guidelines.
In an area of particular strength, AINET would also provide IA and security expertise, particularly in assessing system and service capabilities and determining vulnerabilities and risk mitigation. AiNET would provide the necessary elements leading to timely and successful certification and accreditation using the DOD IA Certification and Accreditation Process (DIACAP), DOD 8500 series IA Controls, National Institute of Standards and Technology (NIST) accreditations process (as required) and Federal Information Security Management Act guidance. AINET could also provide support in maintaining the DOD Enterprise Mission Assurance Support Service (eMASS) system.
AINET would perform regular security self-assessments. Examples of such assessments include UNIX ESX host sampling, VMWare ESX Checklist, Tomcat reviews, Application Security Checklists for required components, Database checklist, Web checklist, Active Directory review, Windows AIS, Hardware/Software Baseline verification, and 8500.2 controls. In a common instance, AiNET would utilize a VMS to maintain status/compliance of Cat 1, 2 and 3 vulnerability findings. AiNET will utilize log collection, audit and event management software (e.g. Orion Solarwinds) to support and maintain compliance. Based on the results of the self assessment, AiNET would develop mitigation strategies and POA&Ms as well as update DIACAP packages and other documentation, as necessary.
AiNET would provide:
✓ Identification & authentication for dual-key authentication using CAC or similar authentication methods.
✓ IA and Compliance Services as required.
✓ Address all protected enclave and relevant computing environment security and operational considerations
✓ Enclave and computing environment services through the use of IA engineers and industrial security specialists. Including security design, configuration services & vulnerability and incident management.
Certification and Accreditation Support
AiNET would support and/or perform DoDI 8510.01 Defense Information Assurance Certification and Accreditation Process (DIACAP) actions and Branch Networthiness requirements utilizing the appropriate DoD 8570 certified IA personnel (to meet IAM Level 3 and IAT Level 3 requirements) and best practices/STIGs/ALARACTs/etc. Such certifications will be established promptly and maintained throughout the life of any contract.
