Systems Assurance

Independent evaluation of technology provides a strong basis for ensuring strong security and assurance.

As a foundation for compliance in high security environments, Tresys participates in the U.S. Department of Defense (C&A) process and is a leader in providing technical support to evaluators and methodology training to Certification Test and Evaluation (CT&E) labs. Tresys is experienced in all aspects of C&A of government systems, from development of security requirements and training of certifiers to the creation of evidence and support of solutions. We also leverage this experience, and key tools, to ensure that our customers meet CT&E requirements.

Effective systems assurance includes elements of technology, people, and processes, and the intersection of all three.

Tresys works with customers to design, build, implement, and manage audit and security solutions that are compliant with appropriate regulations. Our solutions map innovative products and services to specific regulatory and security environments, with a focus on the compliance programs of the federal government. Particular areas of focus include the following: Common Criteria (CC); Director of Central Intelligence Directive (DCID) 6/3 [CNNSSI 1253]; Department of Defense (DOD) 8500.2; National Institute of Science and Technology (NIST) Special Publication (SP) 800-53; Defense Information Services Administration (DISA) Information Assurance Support Environment (IASE) Security Technical Implementation Guides (STIG); DOD Instruction 8510.01 - Defense Information Assurance Certification and Accreditation Process (DIACAP) formerly DoD Information Technology Security Certification and Accreditation Process (DITSCAP); Committee on National Systems Instruction (CNSSI) 1253A, 4009; and Unified Cross Domain Management Office (UCDMO).

Tresys maintains extensive experience working with cryptographic programs that support global US DoD and Intelligence communities.

We provide direct support to configuration management boards that define position papers and action plans, ensure registration of proposed algorithms, suggest overall improvements, and guide policy development. Specific areas of focus include: research and technical support for the development of cryptographic solutions; technical support to the appropriate community working groups; information system security engineering (ISSE) support and guidance to programs and systems implementing requirements for areas such as cryptographic algorithm selection to meet system security requirements, transition from legacy algorithms to Suite A and Suite B, meeting cryptographic modernization tenets; and preparation and maintenance of the appropriate documentation for community use.

Tresys provides Common Criteria (CC) evidence generation support to the DoD and Intelligence community, and commercial customers.

Working within the community we have years of experience ensuring that our customers leverage the CC to meet their mission needs. This also includes working with the USG to define and develop new standards and protection profiles (PP); defining processes for reference implementations; providing outreach and briefings on behalf of our customers; and assisting commercial customers to generate evidence that will meet CC guidelines.

Tresys develops solutions to bridge the gaps between capability developers and war fighters, and ensure information flows where it is needed and when it is needed.

We focuses on ensuring that the appropriate technology and expertise required to support national strategy and combatant commanders' plans and operations are secure and meet appropriate standards. Areas of expertise include: evaluation of potential technical capabilities to meet operational requirements; develop and refine Concepts of Operation (CONOPs) for technology demonstrations, experiments, and rapid prototypes; and provide support to USG personnel tasked with running prep programs and deployments that support the operational forces.