Information Assurance / Cyber Security
eGlobalTech provides unparralled services to meet today's demanding need for information security solutions. Our knowledge and expertise includes information security tools and techniques to assist federal agencies with modernizing their programs to protect critical information. We ensure that these programs are proactive, sufficient and effective. We employ the best and brightest experts in the security industry.
Certification and Accreditation
eGlobalTech's expertise in the Certification and Accreditation (C&A) process ensures that systems and major applications adhere to formal and established security requirements that are well documented and authorized. We understand the requirements for the accreditation for any system or application because we understand the federal security guidelines.
eGlobaltech services in the area of certification and accreditation include:
- Development of standardized C&A templates based on the NIST guidance
- Development and Maintenance of the required documentation for the C&A package
- Independent Assessment/Testing of implemented security controls
- Assist with the periodic reporting requirements of the Agency
Cyber Policy Support
Security plans and other C&A documentation are considered “Living Documents” since they are always either under review being changed in order to keep pace with the existing infrastructure life cycle. eGlobalTech can provide an unbiased third party evaluation of all of your Certification and Accreditation documents which is critical to ensuring that the C&A program is sufficient and effective. Furthermore, as requirements change, cyber policy must change as well. eGlobalTech services available include:
- Independent Verification and Validation criteria of existing documentation
- Review C&A packages for compliance to your existing Security requirements
- Develop Cyber Security Policy
- Developing a Security Concept of Operations (CONOPS)
- Review of Plan of Action & Milestones (POA&Ms)
- Development of a C&A handbook and process for your agency or company
- Revisions and improvements to your existing C&A handbook and process
- Standardized C&A templates
- Develop evaluation checklists
- Provide C&A Training
Federal Information Security Management Act
The Federal Information Security Management Act (FISMA) requires that all federal agencies develop and implement an agency-wide information security program designed to safeguard IT assets and data of the respective agency. FISMA mandates that each federal agency report the status of its IT posture to Congress annually. The report must address the adequacy and effectiveness of information security policies, procedures and practices. eGlobaltech can assist in developing and maintaining the following documentation stipulated by FISMA to successfully run the information security program:
- Information security policies and procedures
- Threat Assessments
- Periodic Risk Assessments
- Policies and procedures for detecting and mitigating security vulnerabilities
- Evaluation and periodic testing of how well security policies are working
- An inventory of software and hardware assets
- Security awareness training and expected rules of behavior for end-users
- An evaluation of the technical, management, and operational security controls
- Incident Response Procedures
- Assist with the annual FISMA reporting requirement of the Agency
Risk and Vulnerability Assessments
eGlobalTech's approach to Risk and Vulnerability Assessments include several key Proactive steps that can and should be taken to manage the risk to any enterprise. This approach ensures sufficient resources are available when the true threat materializes.
eGlobalTech applies a Proactive approach to better manage the true risk to your enterprise by understanding:
- The weaknesses or Vulnerabilities that exist in your infrastructure
- The Threat, or likelihood that those vulnerabilities will be exploited
- The cost to mitigate the threat
- The planning necessary to maintain a desired security posture
- Black Box/Zero Knowledge and Insider Testing for a successful Risk Management program
