Information System Security Engineering (ISSE)
Streamline provides subject matter expertise in support of a wide variety of cyber requirements to include assistance in establishing security boundaries; documenting IT systems, functions and information types; and securing aircraft avionics, C2, and ISR systems from compromise.
- Our ISSEs are subject matter experts (SMEs) in avionics, C2, and ISR systems and mission components to include Tactical Data Links (TDL) and embedded/real-time systems security.
- We perform technical vulnerability assessments using a multitude of automated and manual processes which leverage the Security Content Automation Protocol (SCAP) Open Vulnerability Assessment Language (OVAL) benchmarks allowing for automation of Security Technical Implementation Guide (STIG) assessments, and ensuring full coverage of STIG elements through manual review using the DISA STIG viewer.
- Our assessors are versed in all of the approved DoD vulnerability scanning utilities to include the Assured Compliance Assessment Solution (ACAS), Nessus, and SCAP Compliance Checker (SCC) and static code analysis using the Fortify Static Code Analyzer (SCA).
Information System Security Manager (ISSM)
- Streamline’s ISSM support includes implementing required Security Technical Implementation Guides (STIGs) and Security Requirement Guides (SRGs) and documenting compliance. Managing the Information Assurance Vulnerability Management (IAVM) process for assigned systems, and reporting deviations as security as security risks via Mission Oriented Risk Assessment Process into the system Plan of Action and Milestones (POA&M).
- We categorize the information system based on CNSSI 1253, FIPS 199, NIST SP 800-60, and applicable DoD/Service/Command guidance.
- We develop and document a continuous monitoring strategy for information systems and conduct security impact analyses on all changes to their information systems.
- We conduct annual assessments of the security controls according to the defined continuous monitoring strategies.
- Streamline selects, tailors, and supplements security controls following organizational guidance, documenting the decisions in the security plan with appropriate rationale for the decisions.
- The ISSM implements and manages the authorization package for the system and participates in all RMF activities through AO adjudication.
- The ISSM performs all required cybersecurity tasks as established in DoD Instruction 8500.1, dated March 14, 2014.
Security Control Assessment (SCA)
- Streamline develops a security assessment plan for each subset of security controls that will be assessed.
- We prepare Assessment Plans for approval by the Security Control Assessor; assesses the security controls in accordance with the assessment procedures defined in the security assessment plan; document the issues, findings, and recommendations from the security control assessment; and update the security assessment report on a regular basis with the continuous monitoring assessment results.; perform mission oriented Risk Assessment for all deviations and maintain the system Risk Assessment Report (RAR).
- Perform vulnerability scans using DoD approved tools to independently assess compliance with IAVM and STIG requirements using the ACAS and SCC automated scanning tools, and other security scanning capabilities, as required.
- We perform mission oriented Risk Assessment on findings where findings are assessed for potential mission impacts and report findings as residual risk through the POA&M.