AiNET has in all aspects of Civilian and DoD/IC Component Information Assurance regulations to provide Information Assurance (IA) assistance to customers needing to secure & accredit their applications and through the certification and accreditation process. AiNET supports FISMA Moderate/High systems and controls under active ATO.
IT/Security Governance & Security Compliance:
- Federal Information Security Management Act (FISMA) High/Moderate/Low
- NIST SP800-53 (and related SP800 standards)
- ISO/IEC 27000/17799/7799
- ISO/IEC 15408 Common Criteria
- ITIL Process
- DoD, DoN, DoJ, DISA, JITC, USAF, US Army, FBI
AiNET can ensure compliance with all operational and IA guidance published by DoD (including 8500.1 & 8500.2), JTF-GNO, and Service Branch to include applicable Communications Tasking Orders (CTOs), Information Operation Conditions (INFOCONs), Branch-specific activity messages (e.g. Army ALARACTS), Branch Best Business Practices, IAVA, IAVB as a part of IAVM and DISA Security Technical Implementation Guides (STIGs).
AiNET will work with the appropriate CISO’s to follow the appropriate certification and accreditation (C&A) process based on the CSA for the information system in question (DSS/NISPOM, DoD/DIACAP).
The Information Assurance engineers and staff provided by AiNET will support your mission at all levels throughout the project lifecycle from initial implementation, operational improvement, and end-of-life migration. As IA levels are amended and new standards developed, AiNET’s provided IA process will be continually enhanced.
The Government’s key stakeholders will be kept well informed of current posture as well as enhanced integrity operations.
As part of its support, AINET maintains a working expert or expert knowledge (including 8570 compliance) at hand in support of DoD security policies, directives and instructions, as well as a working knowledge of Branch-specific policies, for example, the US Army Automated Information Systems (AIS) security policy. Such work can include, but not be limited to: ensuring system certification and compliance validation in accordance with the applicable DoD, Federal, and Branch security policies; assessing impacts of integrated, interdependent, and interconnected DoD environments; analyzing system topology and architectures; conducting ports protocol and services analysis; exhibiting knowledge of IA engineering principals; and applying Application Security principles in support of the contract. All work performed under a task order shall comply with all appropriate and relevant DoD and IA policies and guidelines.
In an area of particular strength, AINET can provide IA and security expertise, particularly in assessing system and service capabilities and determining vulnerabilities and risk mitigation. AiNET can provide the necessary elements leading to timely and successful certification and accreditation using the DOD IA Certification and Accreditation Process (DIACAP), DOD 8500 series IA Controls, National Institute of Standards and Technology (NIST) accreditations process (as required) and Federal Information Security Management Act guidance (FISMA). AINET can provide support in coordinating with the DOD Enterprise Mission Assurance Support Service (eMASS) system.
AINET shall perform regular security self-assessments. Examples of such assessments include UNIX ESX host sampling, VMWare ESX Checklist, Tomcat reviews, Application Security Checklists for required components, Database checklist, Web checklist, Active Directory review, Windows AIS, Hardware/Software Baseline verification, and 8500.2 controls. In a common instance, AiNET utilizes a VMS to maintain status/compliance of Cat 1, 2 and 3 vulnerability findings. AiNET utilizes log collection, audit and event management software (e.g. Orion Solarwinds) to support and maintain compliance. Based on the results of the self assessment, AiNET would develop mitigation strategies and POA&Ms as well as update DIACAP packages and other documentation, as necessary.
✓ AIS for identification & authentication for dual-key authentication using CAC or similar authentication methods.
✓ IA, C&A and Compliance Services as required.
✓ Processes to address all protected enclave and relevant computing environment security and operational considerations
✓ Enclave and computing environment services through the use of IA engineers and industrial security specialists. Including security design, configuration services & vulnerability and incident management.
Certification and Accreditation Support
AiNET can support and/or perform DoDI 8510.01 Defense Information Assurance Certification and Accreditation Process (DIACAP) actions and Branch Networthiness requirements utilizing the appropriate DoD 8570 certified IA personnel (to meet IAM Level 3 and IAT Level 3 requirements) and best practices/STIGs/ALARACTs/etc. Such certifications will be established promptly and maintained throughout the life of any contract.
Activities are increased scrutiny from threats domestic and abroad. AiNET can support your organization with Cyber Security practices, methodologies and expertise in following areas:
- Application Security (APPSEC)
- Computer Security (COMPSEC)
- Communication Security (COMSEC)
- Electronic Security (ELSEC)
- Emission Security (EMSEC)
- Information Security (INFOSEC)
- Operational Security (OPSEC)
- Physical Security (PHYSEC)
- Transmission Security (TRANSEC)