Information Security

With the ever-changing risk environment, information security has become more and more of a focus in the Federal government. The increased risk environment means a greater amount of successful penetrations into government systems. These penetrations can range from spyware being installed by a malicious web site, to a compromise of a government server that is subsequently used to host illegal material, to an automated worm that can bring an entire enterprise to its knees for days.

Recognizing the increased risk to the mission of federal agencies, Congress passed the Federal Information Security Management Act (FISMA) in 2002. FISMA requires that all Executive Branch agencies follow the guidelines set forth by the National Institute of Standards and Technology (NIST). Moreover, all Executive Branch agencies must submit detailed reports on the state of information security to the Office of Management and Budget (OMB). OMB in turn is required to tie budget allocations to successful information security programs. Annually, Congress releases the Federal Computer Security Report Card.

Making IT Work.   Together.

SPS has been delivering secure solutions and enhancing the security programs of our customers since 1996. SPS puts the mission of the organization first, ensuring that our solutions do not unduly influence the systems we are trying to protect. SPS brings concrete, real-world experience in all areas of information security, including:

• The Development of Secure Software
• Security Program Evaluation
• FISMA Compliance and Reporting
• Risk Assessment
• FISMA-compliant Hosting Services
• Certification & Accreditation

Featured Solutions

Library of Congress (LOC)
After a series of Inspector General (IG) audits and an independent review of IT security by the National Security Agency (NSA) at the LOC, SPS was asked to provide guidance on the implementation of an information security program for the Library. In this ongoing effort, SPS has worked with the Library's enterprise IT group to develop an overall plan to implement an information security program that would fit the Library's unique needs. In this effort, SPS has already created a comprehensive set of information security polices, developed workstation and server hardening guides, and supported Certification and Accreditation (C&A) on several key systems. SPS has worked with departments across the Library on compliance issues acting as subject matter experts on the Library's IT Security Directives and the C&A process.

Bureau of Industry and Security (BIS) - Security Program Creation
After an unfavorable IG audit, the BIS came to SPS seeking advice and assistance on creating an information security program. SPS worked with the BIS Chief Information Officer (CIO) office to secure funding and maintain the attention of BIS management. As the program was being implemented, SPS worked with BIS to prioritize, track, and implement the technical (firewall, email anti-virus scanner, system hardening), operational (security awareness training, standard operating procedures for accounts management, incident handling and reporting), and management (policy creation) controls.

SPS developed policies and procedures, reviewed technical controls, and performed Certification and Accreditation activities on all BIS systems. The Office of Management and Budget (OMB) made special mention of BIS progress in a 2001 report on information security at the Department of Commerce. SPS co-presented with the BIS CIO at the 2001 eGov Information Security conference on instilling security awareness.

Department of Justice (DOJ) - Justice Consolidated Office Network (JCON) Program
SPS reviewed and designed a new system architecture at the request of the DOJ CIO to address issues with an architecture that was proving to be unreliable and costly. In keeping with the SPS vision, information security became an integral part of the JCON architecture, serving 80,000 users across the entire Department.

SPS engineers review JCON designs for architectural compliance, including security compliance. Moreover, SPS supports the operational security aspects of the JCON messaging hub, providing Information System Security Officer (ISSO) services, and maintaining all aspects of the Certification package. The JCON Program has a robust, mature information security program that SPS has kept under accreditation since 1998.

Summary

SPS provides certified information security experts, engaged with the information security community providing thought leadership and a pragmatic perspective forged through real-world experience. Our approach ensures that your information security will be holistic, rather than many loosely-coupled point solutions. We take the mission of the organization into account and follow a cost-effective path to secure, compliant systems. Imagine what we could do working together. Let us put our experience and expertise to work for you.

About SPS
Software Performance Systems, Inc. (SPS), a small business based in Maryland, is a privately held information technology services provider. Established in 1995, SPS specializes in the design and integration of large Web-based solutions for State and Local Governments and commercial clients. SPS has been honored with many national awards, including: #10 ranking in the Computerworld Top 100 Best Places to Work in IT, Deloitte's Virginia Technology Fast 50 and North America Technology Fast 500, and as a SBA Exporter of the Year. More importantly, SPS solutions helped our clients win prestigious awards, including the Grace Hopper Federal Government Technology Leadership Award, the E-Gov Pioneer Award, the Excellence.gov Grand Prize Award, and the Government IT Agency Award for Excellence in Government.
SPS...proven over time.

Contact Information
Software Performance Systems, Inc.
Mike Dorsett, PMP
VP Financial Solutions Division
301-518-5711
mdorsett@gosps.com
www.goSPS.com