· Overview · Computer Security Standards, Policies and Procedures · IT Management and Capital Planning · Critical Infrastructure Protection Analysis · Certification and Accreditation · Privacy Services & HIPAA Implementation

System 1 develops security policies that reflect the latest guidance from NIST and OMB because of our involvement on standards committees and involvement in OMB security reporting for several government agencies. Development of policies and supporting guidance that accurate reflect the latest thinking of these agencies facilitates the implementation of security programs that meet FISMA and Critical Infrastructure Protection requirements

System 1 has assisted NIST (National Institute of Standards and Technology) with the development of several computer security standards. This assistance includes providing formal comments for the 800 series of security guidelines, performing special studies and leading the development of the CSEAT (Computer Security Expert Assessment Team) and PRISMA (Program Review for Information Security Management Assistance) security assessment standards. System 1 has been instrumental in the development of policies and guidelines for the Department of Energy, and the Department of Interior.

Cyber Security Assessment System 1 is a co-author of the NIST's Computer Security Expert Assist Team (CSEAT) methodology and a leading member of the team. As part of its CSEAT activities, System 1 assesses Government agency compliance with standards and best practices as evidenced by the organization's documented policies and procedures as well as interviews with IT personnel. Besides presenting a detailed report, results of this review are presented in scorecard fashion to Government Senior Staff readily highlighting areas requiring improvement. Agencies may use these NIST reviews to prepare for OMB, GAO and IG audits. Remediation recommendations and milestones are also provided. This methodology was endorsed in OMB's FY01 Report to Congress on Government Information Security Reform. This methodology is currently being streamlined for more focused assessments. The new methodology is called PRISMA.

Policy Support System 1 has supported the Department of Energy (DOE) in formulating an integrated approach to cyber security policies and directives, and supporting regulatory initiatives such as GISRA/ FISMA and the analysis of cyber security regulation for a White House Initiative dealing with executive level security. System 1 lead the development of DOE's GISRA (FY-02) and FISMA reports (FY-03) and the accompanying Plans of Action and Milestones (POA&M).

System 1 participated with and on behalf of the CIOs in responding to GAO, IG, and other independent inspection reports. This key role is crucial to sustaining a relevant understanding of the security issues facing a major government department with field offices throughout the United States. Further System 1 has supported White House Executive Security Committee on national policy issues.

Procedures Development System 1 has developed cyber security procedures at Federal agencies for risk assessment, configuration management, and certification and accreditation. System 1 also developed the framework for the Cyber Security Program Plan--a document based upon the eight key requirements of FISMA and public law used to develop the DOE plan baseline. This required the review of current practices across the Department, facilitating meetings to gain Agency element consensus, and working with executive management to finalize the documents.