Information technology has changed the way organizations
archive, access and distribute information. IT has created tremendous opportunities for flexibility and accessibility of information; however, ensuring that your agency's information is available to those who have authorized access and protected from those who don't is a major concern in today's environment. OBXtek's information security and testing experts apply industry leading tools and processes to mitigate your agency's risks and, in turn, safeguard the confidentiality and authenticity of your information.
Information systems may contain sensitive information that must be heavily protected from unauthorized access. Federal agency information systems are held to much higher security standards, so information assurance is crucial. OBXtek experts will help protect your agency's critical information from malicious hackers and code. Our solutions incorporate your agency's unique security requirements and integrate system security best practices and guidelines including NIST 800 series and DoD 5800 series publications for IT security.
DIACAP Artifact Preparation
The Defense Information Assurance Certification and Accreditation Process (DIACAP) direct the risk management of the information systems of federal government agencies. Navigating the intricacies of DIACAP regulations can be a difficult process. Our experienced professionals understand all phases of C&A, and can put the processes in place that allow your agency to support and sustain a cost effective and efficient program to meet regulatory requirements.
Intrusion Detection and Prevention
Are your information systems secured? External parties with malicious intent are always working out new ways to threaten the safety of your system. How and when an unauthorized intrusion will take place is impossible to predict, making the need for comprehensive, pliable security measures all the greater. OBXtek experts will work with your organization to build a system security infrastructure that will prevent and detect potential threats to your agency's critical information.
Security Scanning and Analysis
OBXtek utilizes the latest security and vulnerability scanning software to find potential weaknesses in your information systems' security. Once identified, our security experts use a multi-layered approach to implement appropriate solutions to improve your system's security posture.
Plan of Action & Milestones
Implementing several security measures to protect your information systems is a good practice, but if these systems don't work together then you may be at risk. OBXtek will help you develop a custom security plan of action where your security measures will work together to give your information systems the best protection possible. The effectiveness of these security measures can then be measured against previously established milestones to determine their success.
Certification and Accreditation
OBXtek can help ensure your agency's IT systems comply with federal regulations including FISMA, NIST SP800-37, and DIACAP and obtain/maintain the authority to operate. Our experts ensure the C&A process is not just a documentation exercise but rather a thorough risk assessment and vulnerability analysis that describes the controls and processes in place and provides continuous improvement to enhance your agency's security posture.
Test Evaluation Master Plan Development
OBXtek experts can develop Test & Evaluation Master Plans (TEMP) to ensure your system is thoroughly tested before production. Our TEMP identifies all groups and individuals who will be involved in testing the system. This plan provides the overall approach to testing (including description of testing phases and communication), and also provides detailed information on how testing will be done (e.g. the tools and reporting scenarios). We include change management and risk management processes detailing we will control changes to code and how general risks and issues identified during testing will be managed.
Test Script Development and Execution
One way to test your agency's IT systems is by using test scripts to evaluate its functionality during a dry run that identifies any real or potential flaws in the system. Using tools appropriate for the testing needs, OBXtek personnel will perform testing using the scenarios developed in the scripts and provide timely analysis to the appropriate project stakeholders. Our test scripts begin with testing of individual units of code or components, and then proceed to test integration of components, and then the completed system from end-to-end.
System and User Acceptance Testing
OBXtek will work with your agency's personnel to develop user test case documents based on the requirements use cases and user scenarios. We use multiple techniques including project stakeholder and user interviews to construct use cases to cover basic functionality, develop test cases to test the full range of functionality and create process flows to accompany use and test cases for review with the technical team. We work with your agency's users and stakeholders to determine if all expectations and requirements are met.
Section 508 Compliance
Section 508 is a Rehabilitation Act amendment that requires federal agencies to make their electronic information accessible to the disabled. The OBXtek team is understands Section 508 requirements and will work with your agency to ensure you IT systems eliminate barriers to people with disabilities.
Vulnerability Assessment and Analysis
How can you protect the weak points in your information technology system if you don't know what they are? OBXtek IT security professionals analyze each of your IT assets to identify all possible threats and vulnerabilities. Once the risks are identified and assessed, we will help to implement the necessary preventative, corrective or detective control methods to improve your system security.
A stable information system is a strong information system, but how strong are your agency's systems? OBXtek stress/load testing first determines your system's capacity and then tests it beyond its capacity, known as "stressing" the system. After stress/load testing is concluded, you will have a more accurate understanding of your system's capability and its ability to support its users.