horizontal line
Global Union, Inc. LogoPicture of the reflecting pool and the Washington Monument
horizontal line
home
management
capabilities
experience
contract vehicles
careers
contact us
 
white placeholder for layout. Contains no content information.Global Union, a veteran owned small business.
representative experience


IT Security Engineering

Federal Student Aid - VDC National Transportation Safety Board Federal Housing Finance Board Back to Experience

Representative Experience of IT Security Engineering Work

 

Security Penetration Testing & Intrusion Detection Systems (IDS) Evaluation of Virtual Data Center, U.S. Department of Education, Office of Financial Student Aid

This is the primary data center for Federal Student Aid financial applications associated with student loans, grants, and web-based applications used by students, schools, and lenders for all phases of the student loan process. The systems are accessed by over 12 million students a year, and the web-based systems must be secure and available to borrowers, schools, and lenders at all times.  Global Union was selected to independently assess the security of web facing systems and gather evidence to close an Office of the Inspector General (OIG) finding.  Global Union also performed an evaluation of the network intrusion detection system architecture and its attack detection thresholds. 

The services Global Union provided include: 

  • Technical data gathering to determine the exact nature of the OIG finding 
  • Preparation of a detailed IV&V approach and formal IV&V Plan for the project 
  • Preparation and execution of a Rules of Engagement document to convey the technical and operational details and risks associated with the penetration testing 
  • Conduct of both informed and uninformed penetration testing using: NMAP, hping2, NESSUS, ISS, SuperScan, Ethereal, and other tools to craft custom scripted attacks and full vulnerability scans 
  • Documentation of Global Union testing, results, and assembly of evidence supporting our conclusions and observations 
  • Preparation of formal draft and final Penetration Testing and IDS Assessment Reports 
  • Briefing Federal Student Aid technical and management personnel and executives on our analysis, results, and observations 

<back to top>

Security Engineering  and C&A Support Agency-Wide Security Program, National Transportation Safety Board

Global Union and their subcontractor, BSC Systems, served as the contractor resource for establishing NTSB’s agency-wide security program to achieve compliance with all applicable Federal IT security requirements.  As part of the security program support effort, security engineers and security/business analysts supported NTSB in developing a NIST compliant NTSB information system inventory, coordinated and produced 20 NTSB Security Policies and Procedures, and conducted an assessment of security compliance on selected NTSB systems.  The Information Systems Inventory task involved:
 

  • Documentation review of the NTSB GSSs and MAs
  • Documentation review of NTSB policies and procedures
  • Interviews of key NTSB program personnel
  • Review of NTSB IT operations and network topology

The Global Union Team supported the preparation of NTSB security program policies and procedures and a Security Awareness and Training Program for the following security areas:

1.   Risk Assessment and Management
2.   Review of Security Controls
3.   Rules of Behavior
4.   Planning for Security in the Solution Life
      Cycle
5.   Certification and Accreditation
6.   System Interconnection/ Information
      Sharing
7.   Authorization to Process
8.   Personnel Security
9.   Physical and Environmental Protection
10. Public Access Controls		 11. Production Input/ Output Controls
12. Contingency Plans
13. Application Software Maintenance
      Controls
14. Data Integrity/ Validation Controls
15. Documentation
16. Configuration Management
17. Incident Response
18. Identification and Authentication
19. Logical Access Controls
20. Audit Trails

The Global Union Team thereupon conducted security risk assessments addressing the security control objectives conveyed through guidance in OMB Circular A-130, Appendix III, OMB Circular A-123, FISMA, NIST SP 800-18, and NIST SP 800-53A.  A subsequent task involved preparation of MA and GSS Security C&A Analysis and documentation.

<back to top>
 

Security Engineering and C&A Support Agency–Wide Security Program Federal Housing Finance Board (FHFB)

Since October 2003, BSC Systems and their subcontractor, Global Union, have provided security engineering services and C&A support to FHFB through a series of contract instruments.  Examples of the types of security services performed has included:
 

  • System Categorization
    • Develop system categorization of FHFB GSS and FMS Major Application (MA) according to FIPS 199
  • Assessments
    • Performed third party assessment of C&A package prepared by FMS Line of Business solution provider for various components of the outsourced FMS major application
    • Performed an E-authentication assessment
  • Agency Security Program Security Consulting
    • Develop draft FHFB IT security strategy and policies, SOPs, and related guidance documentation; develop system inventory, characterization process, and program metrics
    • Provide, as requested, Security SME consulting services in areas such as security controls, security aspects of CM Plans, DR Plans, COOPs, and vulnerability scans
    • Prepare draft responses to security audits
  • Develop IT Security System Implementation and Awareness Training
  • Prepare Security Certification and Accreditation (C&A) documents for FHFB accreditation of the FHFB GSS and MAs
  • Performed security “due diligence” review of the security program in effect at a Center of Excellence (COE) FMS Line of Business

<back to top>

© Copyright 2005 - 2011 by Global Union, Incorporated.  All Rights Reserved.