DI provides NIST Risk Management Framework (RMF), FISMA, Security Engineering, Software Assurance/Code Quality, and Cybersecurity Operations services. Our team includes cleared cybersecurity professionals with certifications including Navy Qualified Validator (NQV) levels I through III, and certifications including CISSP and CASP to meet DoD 8570.01-M IAT and IAM levels I through III.
DI engineers work in state-of-the-art virtual and Cloud-based systems development environments to implement Security Pipelines that automatically launch vulnerability, static and dynamic software assurance/code quality scans. We apply the “Build Security In” concept throughout the SDLC. We use CI/CD tools including Jenkins to launch static and dynamic testing scans using tools including Microfocus Fortify, SonarQube, SonarLint, and Checkmarx, and to launch vulnerability scans using tools such as the ACAS/Nessus suite and various OWASP tools. Embedding cybersecurity in the DevSecOps pipeline assures secure systems are fielded in a timely manner, keeping pace with rapid Agile development cycles.
Cybersecurity – Assessment & Authorization/Information Assurance
As the DoD and NIST RMF processes evolves, DI’s engineers keep pace to assure our clients’ systems are secure and maintain a current Authorization to Operate (ATO). DI provides Information Systems Security Engineers (ISSE) and Information Systems Security Officers (ISSOs) expert in FISMA/CNSS system categorization, NIST SP 800-53 and FedRAMP controls, and NIST SP 800-53A assessment procedures to support client assessors and systems owners through all six phases. RMF support services include:
- System Security Plan development and documentation
- Information Systems Security Engineers (ISSE) Services
- Information Systems Security Officers (ISSOs), Information System Security Manager (ISSM) Services
- Navy Qualified Validators (NQVs)
- Security Control Assessment, Validation
- Penetration Testing
- Cross Domain Analysis
- Command Cyber Readiness Inspection (CCRI) support
DI employs NQVs to support the unique requirements of the U.S. Navy, and experts in specialized areas including Cross-Domain Solutions (CDS), Platform IT (PIT) control systems, and Command and Control systems cybersecurity.
We enable Continuous ATO processes, implementing an accelerated and streamlined approach in state of the art Agile/DevSecOps “Software Factory” environments to assure systems have been validated concurrently with the release of initial functionality. We apply a Security Pipeline within the DevSecOps process to support the U.S. Navy’s Rapid Assess and Incorporate Software Engineering in a Day (RAISED) process and the Compile to Combat in 24 Hours (C2C24) initiative.
Security Engineering – Administration & Analytics
DI’s engineers design and implement zero-trust architectures that align with federal and Department of Defense Architectural Framework (DoDAF) requirements to assure cybersecurity is applied throughout the system development lifecycle, securing code and data at rest and in transit.
DI engineers secure client networks and systems, implementing popular cybersecurity tools and appliances including HBSS, ACAS/Nessus, and Splunk.Please see DI’s NIWC PAC Cybersecurity and Security Engineering contract description for information on an easy to use, single-award IDIQ vehicle through which federal government clients can access our cybersecurity solutions.