INFORMATION ASSURANCE

Security Certification
& Accreditation

Disaster Recovery & Contingency Planning

Common Criteria Testing Laboratory

Independent Validation
& Verification

All Services

Home

....
.....

Certification and Accreditation Documentation Development

If you plan to sell your hardware and software to the Federal government then you are going to be required to have your product evaluated by a Common Criteria lab that is certified by NIAP which will ensure that the security declarations that you attest to are accurate.

DSD can assist your organization by creating the Certification and Accreditation documents that are required to submit to a lab for validation testing.

DSD has developed a Certification and Accreditation documentation methodology and forged Common Criteria Testing Laboratories (CCTL) relationships. In fact we have our own laboratory called DIAL.

Our approach combines the use of highly skilled, certified and knowledgeable security professionals in the Certification and Accreditation documentation process. The use of our DSD data collection developed automation tools, and highly refined data collection processes achieve economies and efficiencies of scale for your organization.

DSD will assist you by identifying and documenting the Target of Evaluation (TOE), the Security Target (ST) and the appropriate Protection Profile (PP) for which your technology must be evaluated and validated to meet the appropriate level. The DSD strategy is employed in a systematic approach that couples our experience with multiple security methodologies outlined below:

• National Institute of Standards (NIST)
• Department of Defense Information Technology Certification and Accreditation Process (DIACAP)
• ISO 17799
• OCTAVE

DSD provides a full range of products and services associated with the Certification and Accreditation process to include the following:

• Policy Analysis and Development
• Vulnerability Assessments
• Risk Assessments
• Risk Mitigation and Management
• Security Requirements analysis and design reviews
• Security Engineering (IATF Compliant)
• Trusted Facility Manuals
• Security Features User’s Guide
• Security Test and Evaluation
• Vulnerability Mitigation
• Contingency Planning
• Penetration Testing
• Common Criteria Testing
• Certificate of Net-worthiness support
• Certificate to Operate support

Security Evaluation Audit
As part of the Certification and Accreditation process DSD will also perform a Security Evaluation Audit of your system.

A Security Evaluation Audit (SEA) is the examination and analysis of the safeguards required to protect an information system (IS), as they have been applied in an operational environment, to determine the security posture of that system. DSD will come on-site to your organization and determine the Managerial, Operational and Technical aspects of your system(s) and provide a detailed report of the vulnerabilities found.

The DSD highly refined process is based upon, meets, and exceeds NSA INFOSEC Assessment Methodology specification, ISO 17799, and NIST 800-30 Risk Assessment guidance.

Key strengths and advantages of the DSD SEA process are:
• Effective and consistent data collection utilizing our extensive audit library
• Detailed analysis of each vulnerability and threat source
• Complete audit evaluations exceeding ISO 17799 standards

The SEA is designed to extend the vulnerability assessment beyond a mere technical assessment and includes a thorough investigation of all security controls identified as industry generally accepted 'Best Practice' controls by NIST.

In preparation to execute a SEA, DSD prepares a SEA plan specifically designed for the corporation. The plan takes into consideration laws, regulation, and corporate policies that constitute the operating environment of the tested assets.

The DSD SEA identifies network and system vulnerabilities/threats across the entire network and within a specific segment of the network or systems environment. Vulnerabilities and threats within an IT environment expose a corporation to both internal and external threats. The DSD SEA methodology intrinsically evaluates threats and/or vulnerabilities in all aspects of a corporation's IT environment and eliminates the concern for 'security gaps'.