Information security involves technology, process, people, and the management of all three... nobody understands that better than Tresys.
Effective Infosec Management includes elements of technology, people, and process, and the intersection of all three.
Tresys works with customers to design, build, implement, and manage audit and security solutions that are compliant with appropriate regulations. Our solutions map innovative products and services to specific regulatory and security environments, with a focus on the compliance programs of the federal government.
Particular areas of focus include the following:
- Common Criteria (CC)
- Director of Central Intelligence Directive (DCID) 6/3 [CNNSSI 1253] [CNNSSI 1253]
- Department of Defense (DOD) 8500.2
- National Institute of Science and Technology (NIST) Special Publication (SP) 800-53
- Defense Information Services Administration (DISA) Information Assurance Support Environment (IASE) Security Technical Implementation Guides (STIG)
- DOD Instruction 8510.01 - Defense Information Assurance Certification and Accreditation Process (DIACAP) formerly DoD Information Technology Security Certification and Accreditation Process (DITSCAP).
- Committee on National Systems Instruction (CNSSI) 1253A, 4009
- Unified Cross Domain Management Office (UCDMO)
Services may include the following:
- Compliance Program Assessment
- Training & Support
Tresys maintains extensive experience working with cryptographic programs that support the global US DoD and Intelligence communities.
Specifically we provide direct support to configuration management boards that define positions papers and action plans, ensure registration of proposed algorithms, suggest overall improvements, and guide policy development.
Specific areas of focus include the following:
- Provide research and technical support for the development of cryptographic solutions.
- Provide technical support to the appropriate working groups.
- Provide information system security engineering (ISSE) support and guidance to programs and systems implementing requirements for areas such as cryptographic algorithm selection to meet system security requirements, transition from legacy algorithms to Suite A and Suite B, meeting cryptographic modernization tenets.
- Assist in the preparation and maintenance of the appropriate documentation.
Services may include the following:
- Cryptographic Needs Assessment
- PKI services
- Training & Support
Tresys provides IA support to the DoD, Intelligence community, and commercial customers.
Working within DoD/Intel we have years of experience ensuring that our customers leverage the appropriate guidelines to meet their mission needs, such as the Common Criteria. This also includes working with the USG to define and develop new standards.
Primary areas of focus include the following:
- Policy and program development;
- Computer incident response and system security planning;
- Evaluation training;
- Threat, vulnerability, and risk assessments/evaluations;
- Security requirements and capabilities development and analysis;
- Cryptographic solution application; and
- Network security engineering.
Services may include the following:
- IA Policy and Program Planning
- IA Evaluation Support
- Common Criteria Policy Support (Commercial & Government)
- Training & Support
Tresys develops solutions to bridge the gaps between capability developers and war fighters, and ensure information flows where it is needed and when it is needed.
Tresys focuses on IO solutions: the appropriate technology and expertise required to support national strategy and combatant commanders' plans and operations.
Specifically we provide the following support:
- Evaluate the potential of technical capabilities to meet operational requirements.
- Develop and refine Concepts of Operation (CONOPs) for technology demonstrations, experiments, and rapid prototypes.
- Provide support to USG personnel tasked with running prep programs and deployments that support the operational forces.
- Develop solutions to meet IO requirements; see Data Protection (insert link) for more details on types if IO solutions:
- Cross Domain Security (CDS)
- Multi-Level Security (MLS)
- Multi-Single Level (MSL)
- Secure Application Development (including N-Tier Applications)
Services may include the following:
- IO Policy and Program Planning
- See Data Protection (insert link) for more details
- IO Training & Support
Related Technologies:
Related Solutions:
Independent evaluation of technology provides a strong basis for ensuring strong security and assurance.
As a foundation for compliance in high security environments, Tresys participates in the U.S. Department of Defense certification and accreditation (C&A) process and is a leader in providing technical support to evaluators and methodology training to Certification Test and Evaluation (CT&E) labs. Tresys is experienced in all aspects of certification and accreditation of government systems, from development of security requirements and training of certifiers to the creation of evidence and support of solutions through the certification and accreditation process. We also leverage this experience, and key tools, to ensure that our customers meet CT&E requirements.
Specific requirements sets we support include:
- Director of Central Intelligence Directive (DCID) 6/3 [CNNSSI 1253]
- Department of Defense (DOD) 8500.2
- National Institute of Science and Technology (NIST) Special Publication (SP) 800-53
- Defense Information Services Administration (DISA) Information Assurance Support Environment (IASE) Security Technical Implementation Guides (STIG)
- DOD Instruction 8510.01 - Defense Information Assurance Certification and Accreditation Process (DIACAP) formerly DoD Information Technology Security Certification and Accreditation Process (DITSCAP).
- Committee on National Systems Instruction (CNSSI) 1253A, 4009
- Unified Cross Domain Management Office (UCDMO)
- Common Criteria for Information Technology Security Evaluation (CC)
Skills provided include the following:
- Perform compliance program reviews for the following:
- With the government to Ensure that the existing government standards are up-to-date and optimized
- With commercial vendors to ensure that vendors have a program that can ensure compliance with appropriate requirements per the products intended use / market
- Build compliance programs, labs, testing environments and documentation preparation services
- Provide support to CT&E and/or C&A operations including testing and evidence preparation
- Train appropriate government or commercial organizations
Services may include the following:
- CT&E or C&A Assessment
- CC Evidence Support
- Identity Management Deployment, Implementation & Migrations
- Training & Support