Security & Identity Management
As the world becomes more connected, the threat of data and systems compromise increases each day. IT security has become a reactive event. Agencies have to cope with tactical threats as they plan strategically for future threats and events. The number of security events is rising dramatically with no end in sight.
Acentia applies sound planning and controls to client systems to ensure that the systems are properly configured, operated and updated. We follow Federal and industry security standards, and have developed standard checklists for securing common products and operating systems. We have developed security and identity management solutions for clients, including:
- Information Assurance (IA) support for the Tri-Service Infrastructure Management Program Office including DoD IA certification via DITSCAP/DIACAP compliance.
- North American Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards support for the Bureau of Reclamation, including risk assessments and security of Supervisory Control and Data Acquisition (SCADA) systems covering 35 sites.
- Identity and Access Management System for US Department of Labor, including requirements analysis of 145 systems, systems architecture, alternatives analysis, proof of concept, and pilot systems.
- Identity, Credentialing and Access Management System for NOAA, including requirements analysis, systems architecture, alternatives analysis, and implementation.
Acentia uses security tools to conduct Certification and Accreditation, penetration testing, software code review, and identity management deployment. We have identified system suites based on industry trade studies, and consult with Gartner, Forrester, and other firms to select the best of breed tool sets. Tools used for previous solutions include Forge Rock Open AM and Open IDM, Radiant Logic Virtual Directory Service, Trusted-Agent FISMA for tracking and compliance, RMS for C&A creation and risk management, ECORA for compliance, Snort for intrusion detection, Belarc’s BelManage for configuration management, eEye RETINA for vulnerability scans, and HP Fortify for static code review.
Acentia partners with security tool vendors to benefit from their domain expertise and product assistance. We communicate future customer requirements to partners to ensure integration into planned future releases of vendor tools. We also partner with service companies who specialize in certain critical security specialties to bring an increased depth of experience and lowered risk to the Acentia Team. Examples of partnering include Tumy Technologies, Forge Rock, Radiant Logic, Microsoft, and Booz Allen.