On a recent contract, our government customer was faced with a three-part information assurance challenge.
“Through successful remediation and compliance with Cyber Orders and security assessments, Synergy has reduced the number of outstanding vulnerabilities and open POA&Ms for USCG business systems. They have completed 1,300 POA&Ms for 34 business systems, improving the security posture for USCG Information Systems and reducing the security risk to the DoD Information Network.”
Team Synergy addressed these problems with a unique mix of proprietary techniques anchored on sound best practices such as the NIST (National Institute of Standards and Technology) Risk Management Framework (RMF), Agile techniques, automation, and the Systems Engineering Lifecycle (SELC).
To address the out-of-date security baselines, we prioritized business systems, and following Agile metrics—we separated the business systems into phases. During each phase, we used Kanban methodologies to conduct STIG (Security Technical Implementation Guide) assessments on the business systems, capturing a complete baseline of technical and documentation deficiencies. Assessments were conducted using a combination of industry-leading and proprietary tools as well as a significant amount of manual analysis.
The mountain of inherited technical debt was analyzed and prioritized based on risk metrics, criticality of the business system, and feedback from our government partner. After completing the first STIG assessments, we compared the new findings to the previously known problems with each system. Remediation was conducted on each business system, with all documentation updated and technical changes implemented following SELC procedures. Tools were implemented and leveraged to maximize efficiency and eliminate human error on deployments where feasible.
Environment discrepancies were addressed by conducting functional testing on each business system to establish a known baseline of gaps and missing functions. When technical remediations were deemed too high-risk for implementation due to environment inconsistency, a complete technical Level of Effort (LOE) for remediation was delivered to the Government for future planning.
“Synergy has been highly professional and responsive. They work collaboratively with the stakeholders to design and deliver a value-driven.”