SECURITY ASSESSMENTS / C&A PROJECT LIST

• Provided support to EXOSTAR in developing Certification and Accreditation documentation for their GovID System for submission to GSA under the Shared Service Provider Program.
• Activities included development of a System Security Plan (SSP) as well as performing a Security Test and Evaluation (ST&E) based on SP 800-53A controls and test procedures.
• Activities also included the development of a Security Assessment Report that documented the results from the ST&E activity.

• Provided support to the Dept of the Treasury by performing a comprehensive, department-wide study for the Treasury Office of the Chief Information Officer (Cyber) to understand the current level implementation of Security Configuration Management/Vulnerability Management (SCM/VM) on a bureau-by-bureau basis.
• Activities included developing a gap analysis, policies and requirements for SCM/VM across the Department and specific bureaus including a centralized reporting framework for SCM/VM that allows visibility into the entire Department’s compliance status.
• Activities also included examining ways to achieve higher levels of security and lower costs through consolidation, streamlining and enterprise licensing of products.

• Provided support to the DHS Office of the Chief Administrative Officer and the Office of the Chief Information Officer by developing the complete Certification and Accreditation (C&A) documentation for a major DHS application in accordance with NIST and DHS doctrine.
• Activities included development of the System Security, Contingency, Incident Response and Configuration Management Plans and a Risk Assessment, Requirements Traceability Matrix, and Plan of Action and Milestones (POAM).
• Activities also included performing Security Test and Evaluation (ST&E) for the DHS ERMS system. Conducted interviews, on-line testing, and thorough verification that all mandated security controls were addressed and implemented as well as provided on-site security training for the DHS ERMS user community.

• Involved in conducting interviews, documentation review, and various other types of data gathering techniques in accordance with the NIST SP 800-30 Risk Management process.
• Assisted in the use of automated C&A tools to efficiently and effectively develop a system security plan, and a risk assessment report.
• Created findings and ways to mitigate the risk through the development of plan of action and milestones (POA&M) as well as developed a comprehensive approach to protect the confidentiality, integrity, and availability of FEMA assets.

• Provided support to the Veteran Benefits Administration for developing Certification and Accreditation documentation for 101 systems that comprises their IT infrastructure.
• Activities included development of the Security Accreditation Package (SAP), including System Security Plans (SSP) and Contingency Plans.
• Activities also included performing Risk Assessments, preparation of RA Reports, Configuration Management Plans and other related C&A documentation as well as supporting all IA initiatives such as FISMA and ad-hoc security initiatives requirements for the VBA.

• Provided technical support to the DEA Security Work Bench (SWB) Project, in the areas of intrusion detection, incident response, firewall management, and security vulnerability assessments.
• Activities include the development of a project plan for Tier 1 activities identified in the SWB master task list, rules of behavior for the SWB Analyst role as well as the development of a SWB RID-SOP (Real-time Intrusion Detection - Standard Operating Procedure) document describing the SWAMI (Security Workbench Automated Management Infrastructure).
• Activities also included conducting level 1 inventory and SANS top 20 vulnerability scans.

• Provided network security expertise to implement policies, procedures, controls to fulfill the Centers for Medicare and Medicaid Services (CMS) Core Security Requirements (CSRs).
• Activities included the development of policies, procedures, System Security Plans (SSP) and an IT Systems Contingency Plan (CP) as well as conducting annual security Risk Assessments, and self-assessments for compliance with the CSRs along with implementing incident reporting and response procedures.

• Provided application and network security subject matter expertise while analyzing NetPost.Certified (NPC) Pilots at Social Security Administration that use PKI for secure document delivery across the Internet as well as providing technical expertise towards the development of an Intrusion Detection and Incidence Response capability for the Dept of Housing and Urban Development.

• Project involved requirements analysis of secure applications within HGSI.
• Accomplishments include recommendations on security products, architectures, and integration.