The Veteran Business Solutions Team provides a full suite of lifecycle information assurance services and security solutions for tasks such as providing full scale security architecture analysis for existing systems; designing, developing and implementing any type of security system according to enterprise standards; and providing independent DIACAP ST&E. Veteran Business Solutions provides solutions that ensure confidentiality, integrity and availability, of Government/Commercial systems in support of enterprise-wide, organizational, and/or program requirements and initiatives such as net worthiness, DIACAP, and Active Directory roll-out.
| Service | Description |
| Security Assessment | Provides a full range of analytical services to assess the posture of Government security architectures and assist in identification of security gaps. Services include, but are not limited to policy and procedure reviews, security requirements analysis (e.g., JTA-A, DII-COE, DIACAP, Common Criteria), threat analyses, vulnerability assessments, penetration testing, data validation and security architecture reviews. |
| Security Planning | Provides security planning services that addresses security policy, security architecture, and operational security needs of customers. Provides the design and development of: security architectures and secure solutions based on mission drivers and government-approved architecture approaches, standards, and policies. Some examples include Internet architectures, web services security and J2EE application security architectures, IDS and incident management architectures, multiple security layer architectures, enterprise security architectures, grid computing security architectures, enterprise privacy architectures, operational security plans, communications security plans, and system security plans. |
| Security Standards | Development Provides standards development services in several emerging security standards areas (e.g., web services security, J2EE, trusted computing and security policy management) dealing with items such as: smart cards, multi-level operating systems and databases, hardware security modules, network security and cryptography, and grid computing security. |
| Product Evaluation | Provides services to assist the client’s by evaluating emerging and state-of-the-market security technologies. Services include, but are not limited to: evaluation of products (hardware or software), product upgrades and emerging market methodologies, standards, policies and procedures. |
| Security Design and Implementation | Provides a full range of services for the detailed design, development and implementation of any type of security system, application, or operational security need such as policy management, security procedures, network security, application and database security, telephony, business continuity, and physical security and surveillance products. Some examples of security implementations include: intrusion detection, firewalls, system monitoring, anti-virus, COOP, I&A, single sign-on, Active Directory migrations and implementations, data migration plans, MOU/MOAs, smartcard/biometrics and CAC/PKI implementations. |
| Security Accredition | Provides services in support of the Government’s certification and accreditation process for all IT systems. Provides services such as: system certification documentation, development and testing (integrated into all new solutions, or assisting other non-accredited systems) including the preparation of system configurations and security documentation (e.g., TFM, SFUG, COOP, SSAA), and independent DIACAP ST&E. |
| Security System Operations | Provides a full range of managed services for the operations and maintenance of security systems. Includes services such as: execution of COOP and disaster recovery plans, system and network monitoring (including intrusion detection, forensics, and incident management), application of anti-virus updates, backup and restore operations, vulnerability abatement programs, security awareness training, physical security and policy/procedure review in order to meet changes in technology, threat analysis and organizational change. |