tieBridge can provide your organization with documented validation showing that a qualified third party has reviewed your company.  In a world of ever-changing security threats this will not only help you meet your regulatory needs but can also provide confidence to your stakeholders.  In addition to our initial testing, we can continue to monitor your company and make sure you are safeguarded against the latest threats.

Benefits:

• Ensure you are compliant with regulations.
• Increase the confidence level of your stakeholders.
• Reduce your exposure to internal and external threats.
• Supply proof of independent external security testing and certification.
• Provide ongoing safeguards to secure company of future threats.

Project Profile: 

tieBridge provided security experts (professionals with CISSP certification) to conduct independent security testing and evaluation (ST&E) of general and application security controls to support one of our federal clients’ certification and accreditation (C&A) efforts.  Our testing scope included:

1. Data Center and Infrastructure Security (general controls)
2. Network and Perimeter Security
3. Database Security
4. Application controls

Our work was conducted in accordance with guidance issued by GAO and NIST and included review’s of the agency’s security policy, risk management plan, configuration management and controls, vulnerability assessments and mitigation strategies, and system interconnection documents.

• Designed and developed a risk based ST&E plan
• Reviewed C&A relevant documents such as system security plan, risk management plan, and contingency plan to ensure they comply with NIST guidelines and other regulatory requirements
• Conducted testing to determine whether adequate security controls were in place
• Provided final ST&E report to advise security gaps and provided recommendations