Data Intelligence, LLC

Businessman at a desk with security lock icons

Cybersecurity

You are here: Home / Services / Cybersecurity

DI provides NIST Risk Management Framework (RMF), FISMA, Security Engineering, Software Assurance/Code Quality, and Cybersecurity Operations services. Our team includes cleared cybersecurity professionals with certifications including Navy Qualified Validator (NQV) levels I through III, and certifications including CISSP and CASP to meet DoD 8140/8570 requirements for IAT and IAM levels I through III.

DevSecOps

DI engineers work in state-of-the-art virtual and Cloud-based systems development environments to implement Security Pipelines that automatically launch vulnerability, static and dynamic software assurance/code quality scans. We apply the “Build Security In” concept throughout the SDLC. We use CI/CD tools including Jenkins to launch static and dynamic testing scans using tools including Microfocus Fortify, SonarQube, and Checkmarx, and to launch vulnerability scans using tools such as the ACAS/Nessus suite and various OWASP tools. Embedding cybersecurity in the DevSecOps pipeline assures secure systems are fielded in a timely manner, keeping pace with rapid Agile development cycles.

Cybersecurity – Assessment & Authorization/Information Assurance

As the DoD and NIST RMF processes evolves, DI’s engineers keep pace to assure our clients’ systems are secure and maintain a current Authorization to Operate (ATO). DI provides Information Systems Security Engineers (ISSE)  and Information Systems Security Officers (ISSOs) expert in FISMA/CNSS system categorization, NIST SP 800-53 and FedRAMP controls, and NIST SP 800-53A assessment procedures to support client assessors and systems owners through all seven steps of NIST SP 800-53 r5. RMF support services include:

  • System Security Plan development and documentation
  • Information Systems Security Engineers (ISSE) Services
  • Information Systems Security Officers (ISSOs), Information System Security Manager (ISSM) Services
  • Navy Qualified Validators (NQVs)
  • Security Control Assessment, Validation 
  • Penetration Testing
  • Cross Domain Analysis
  • Command Cyber Readiness Inspection (CCRI) support 

DI employs NQVs to support the unique requirements of the U.S. Navy, and experts in specialized areas including Cross-Domain Solutions (CDS), Platform IT (PIT) systems, and Command and Control systems cybersecurity. 

We enable Continuous ATO processes, implementing an accelerated and streamlined approach in state of the art Agile/DevSecOps “Software Factory” environments to assure systems have been validated concurrently with the release of initial functionality. We apply a Security Pipeline within the DevSecOps process to support the U.S. Navy’s Rapid Assess and Incorporate Software Engineering (RAISE) process and the Compile to Combat in 24 Hours (C2C24) initiative.

Security Engineering – Administration & Analytics

DI’s engineers design and implement zero-trust architectures (ZTAs) that align with federal and Department of Defense Architectural Framework (DoDAF) requirements to assure cybersecurity is applied throughout the system development lifecycle, securing code and data at rest and in transit.

DI engineers secure client networks and systems, implementing popular cybersecurity tools and appliances including HBSS, ACAS/Nessus, and Splunk. Please see DI’s NIWC PAC C4ISR Systems Lifecycle and Engineering Services Support contract description for information on an easy to use, small business IDIQ vehicle through which federal government clients can access our cybersecurity solutions.