Gunnison provided Security Engineering and ISSO Operations Support for Cyber Security and IA to the Defense Logistics Agency’s (DLA) Customer DAA Accredited Enclaves (CDAE). Among other tasks, Gunnison performed the following:
- Assess the security documentation, processes and procedures of the agency’s systems;
- Make recommendations for improvement, including processes, procedures, training and inspection requirements;
- Provide migration support from Defense Information Assurance Certification and Accreditation Process (DIACAP) to NIST Risk Management Framework (RMF);
- Perform vulnerability assessment and management support
- Provide Program Management Office (PMO) support;
- Provide incident response planning and support, continuity of operations support, and IA operations support
- Provide security documentation review, design, and recommendations;
- Provide technical and information assurance operations supporting ongoing system authorization efforts;
- Provide guidance to application support teams, Information Assurance Managers (IAM), Information Assurance Officers (IAO), SAs, DBAs, etc. in order to ensure that STIGs are implemented correctly; and
- Provide information assurance guidance for all applications transitioning into a CDAE or Enterprise Authority To Operate (ATO) packages.
In addition, Gunnison was tasked with continuously evaluating the IA Posture of DLA’s Ogden, UT and milCloud enclaves. The company participated in such activities as the Change Advisory Board (CAB), Technical Change Board (TCB), and actions of the Programs Management Office relative to the introduction of new applications into the DOE/DME. Gunnison continually assessed the IA impact of proposed changes, and in coordination with the DOE/DME IAM, documented IA status changes, identified and captured evidentiary artifacts, and updated the status of the IA Controls established as the baseline for DOE/DME. Gunnison Senior Security Engineers provided both IAO and Subject Matter Expertise in monitoring and documenting the IA Posture within DLA.