Challenge: To support the FHWA with agency-wide security efforts.

Solution: In partnership with the FHWA Information Systems Security Officer (ISSO), INDUS delivered full security program support, including daily security operational support; Certification & Accreditation (C&A); system security testing and documentation updates; contingency and Disaster Recovery (DR) plan creation and testing; incident response and reporting; vulnerability scanning; FISMA reporting; and IT security training. Security C&A plans have been successfully developed and deployed for over 26 systems.

Challenge: To assemble and deploy technical staff with security clearances to CONUS and OCONUS locations within 24-48 hours after notification to meet evolving DoD communications requirements.

Solution: INDUS deployed a multi-disciplined team to engineer, acquire, install, and test the red, black, and SCI communication and associated fiber and copper trunk cabling in various environments to meet TIA/EIA, BIC SI, and TEMPEST requirements.

Challenge: To obtain security Certification & Accreditation (C&A) for NASA’s Scientific and Engineering Workstation Procurement (SEWP) Program information technology.

Solution: INDUS provided network and security operations to the NASA SEWP program, including router and switch installation and maintenance; DNS operation; firewall installation and maintenance; Active Directory; NIS; and intrusion detection. INDUS led the SEWP security planning, resulting in the Program’s successful C&A and an Authorization to Operate (ATO).

Challenge: Streamline the Certification and Accreditation (C&A) process and associated FISMA compliance and reporting requirements by using enterprise-wide tools

Solution: In 2008, INDUS implemented the Cyber Security Assessment and Management (CSAM) tool to leverage guidance from the National Institute of Standards and Technology (NIST), Office of Management and Budget (OMB) and industry best practices. Since its implementation, DOT uses CSAM to assist in Information Technology (IT) security self-assessments and to generate monthly, quarterly, and annual OMB mandated FISMA reports. DOT uses CSAM as an electronic storage warehouse for C&A and Annual Security Assessment deliverables and products. CSAM is also used to document and manage uncovered IT general support and application system vulnerabilities and deficiencies as defined in resultant Plan of Action and Milestones (POA&Ms).

Due to the success, in Government Fiscal Year 2011 (GFY11), DOT plans to expand the use of CSAM to initiate and perform C&As and Annual Security Assessments through its automated features and capabilities. This initiative will reduce the time (by 20-30%) to complete the C&A process and greatly reduce training costs.

INDUS was a significant contributor to FHWA achieving a Green status on all FISMA compliance directives in the FY09 OMB Scorecard (July 1, 2008 – June 30, 2009).