 | Department of Health and Human Services | |
|
Department of Health and Human Services, Food and Drug Administration
Cyber Security Defense Operational Support
 Exeter is implementing and administering an IT security program that is consistent with industry and Federal standards to protect FDA information resources. Exeter IT security experts interact with FDA strategic planning and IT staff to provide technological and managerial advice on incorporating security into CIO operations, including EA, CPIC, SDLC, and integrated IT Governance areas. Key features of Exeter's efforts include an existing relationship with FDA and a consequent in-depth understanding of the FDA's mission and enterprise, and an enterprise-wide information security lifecycle methodology. This approach is based on integrating security with key IT management disciplines.
Exeter developed a comprehensive IT Security Program Plan that encompasses all facets of security, and is assisting the FDA in complying with a myriad of legislative mandates regarding security. Working hand-in-hand with the FDA Chief Information Security Officer (CISO), Exeter's personnel have been instrumental in providing a secure computing environment at the FDA. We have managed all areas of security necessary for ensuring FDA meets or exceeds FISMA requirements on an annual basis including:
- Certification and Accreditation (C&A), NIST 800-37
- System Security Planning, NIST SP 800-18
- Contingency Planning, NIST SP 800-34
- Privacy Impact Assessment (PIA), OMB M-03-22
- Risk Assessment, NIST SP 800-30
- Self Assessment, NIST SP 800-26 or 800-53
- FIPS 199 Categorization
- Plan of Action and Milestone (POA&M), OMB M-03-19
We have also provided advice in many aspects related to other IT security domains including:
- Security Policy and Architecture Development
- ISSO Support, Staff Augmentation, Security Training
- Network Engineering Support, Staff Augmentation
- Evaluation and testing of security components: wireless, firewall, IDS, encryption, etc.
- Forensic data gathering for criminal investigations
- Vulnerability scanning
- HSPD-12, Policy for Common Identification Standards for Federal Employees and Contractors
- Personnel Security
- Training and education
These efforts have facilitated cooperation between the various Offices and Centers within the FDA, preventing the duplication of efforts, preserving scarce resources, and opening paths of communication that did not previously exist. Plans for the future include ensuring that IT security is a primary consideration in the successful implementation of all FDA business processes. Exeter continues to enhance its support to the FDA with the addition of our disaster recovery planning business impact assessment team. Business Continuity will be a focused area of support for Exeter in 2007 at FDA. The Exeter reputation is established from over 4 years of outstanding FDA support and a commitment to providing quality products for the IT security community.
| |
|
|
|
Gaithersburg, Maryland 20878