Gunnison has long and successful history of delivering mission support capabilities to DISA under multiple engagements. Under the Cyber Information Assurance Services (CIAS) program, Gunnison provided a team of Senior ISSOs, ISSMs, and PKI Analysts to deliver cybersecurity technical and operational expertise to DISA for achieving a mission assurance posture that ensures the security and continuity of the agency’s internal IT networks infrastructure and services against an ever-evolving spectrum of threats. Gunnison was tasked with and achieved the development, implementation and maintenance of a comprehensive security strategy for the DISANet, while ensuring the agency remained compliant with all applicable DoD Directives and Instructions pertaining to cybersecurity.
Gunnison provided sustainment services (Continuous Monitoring) for DISA, managing cybersecurity services at 25 Unclassified and 13 Classified primary hub sites for the largest network enclave in the Department of Defense. We were responsible for all reporting, continuity, and day-to-day communications functions in order to support DISA and stakeholders across the DoD spectrum.
Gunnison implemented the Risk Management Framework (DoD RMF) in accordance with DoDI 8500.01, Cybersecurity, to include cybersecurity architecture, requirements, objectives and policies, cybersecurity personnel, and keep up to date with the cybersecurity processes and procedures for the entire DISANet. These activities include reporting and compliance management to continuously monitor compliance of the DISANet with cybersecurity policy, analyze the results of such monitoring, and generates reports to designated stakeholders. RMF documentation support to ensure that all DISANet RMF/cybersecurity-related documentation is current, accurate, and are part of the accreditation package. Cybersecurity Baseline Management support to ensure that cybersecurity-related events or configuration changes that may impact DISANet information systems authorization or security posture are properly reported to the DISANet Authorizing Official (AO).
Under the Cyber Vulnerability Management and Support Services (CVMSS) program, Gunnison supports DISA’s vast mission of Cyber Services is to secure enterprise-wide information technology services, enabling and enhancing the warfighters’ ability to execute the mission. These services include, but are not limited to, Vulnerability Management activities, continuous monitoring, and program security posture (as it pertains to Enterprise Program Services), Network Program Services, Mission Partner Engagement, and Internal Program Services.
Under CVMSS program, Gunnison delivers Endpoint Protection Operation with an expert team of Endpoint Security Specialists, who operate, manage, and deploy DISA-approved endpoint security tools and components to include HBSS IAW all active DoD and DISA policies and procedures. The team monitors, maintains, and facilitate endpoint protection compliance throughout DISA and the IS lifecycle; performs rogue system and removable storage monitoring and registration, DISAFIRST testing, module installation, policy, tag, and security scan creation and application, firewall, IPS, Antivirus tuning and enforcement; and validates, registers, and maintains approved mass storage device documentation to include removable spinning disk drives. The team is charged with participating in and adhering to Change Control Board (CCB) and stakeholder sessions, determinations, and requirements; investigating, remediating, preventing, and documenting issues resulting in denials of service; while also creating, maintaining, and facilitating custom queries, reports, and dashboards for system, module, and policy compliance.
Gunnison’s team monitors and reports cyber and insider threats; facilitates and approves endpoint protection application upgrades and changes; coordinate Tier III vendor support troubleshooting; monitors, evaluates, remediates and prevents performance impacting issues, and manages DISA-approved endpoint security tool accounts and credentials IAW DISA privileged access policies and procedures.
On another engagement with DISA for Cyber Threat Emulation and Inspection Support, Gunnison developed, reviewed and updated security policies and plans to conduct audits of security programs for defense agencies and other DISA customers. Our team deployed on behalf of DISA to conduct security audits and perform vulnerability tests. All audits and tests were conducted against and in accordance with FISMA, NIST and DOD security guidelines. We identified and reported all findings through formal reports and briefings to all stakeholders, providing recommendations for mitigating vulnerabilities. Gunnison performed follow up assessments to ensure that mitigation strategies had been implemented and delivered the desired security results. Gunnison performed and developed multi-level insider threat detection and prevention inspection programs for the Department of Defense Information Network (DODIN) at the enterprise level. The program measures cyber programs’ effectiveness for DOD agencies down to the Base, Post, Camp, and Station levels.