- Security and Vulnerability Management
- Configuration, Compliance (FISMA, NIST) and Management
- Continuous Monitoring
- Incident Response
- Vulnerability Scanning and Testing
- Security Audits
- Self Assessments
- Penetration Testing
- Web Filtering
- Risk Assessment
- FISMA Reporting
Blue Mountain Data Systems is actively involved in implementing FISMA and NIST standards with Federal Civilian Agencies. Due to our extensive experience in this area, Blue Mountain has developed processes and organizational techniques to help ensure security deliverables are completed on time, and performed in the most efficient manner possible.
We ensure that NIST-800-53 control requirements are treated consistently during definition, analysis, implementation, auditing, and reporting phases of a system.
At Blue Mountain, various members of the security team are assigned to address specific control families for all major systems. In this way, a person becomes “expert” in certain families and handles the portion of all security deliverables related to these families. For example, a person assigned the Contingency Planning (CP) family of controls would write the compliance descriptions for the System Security Plan, oversee/conduct testing of the CP and testing of backups at DR facilities, create and manage Plan of Action and Milestones (POA&M) related to this family, and initiate and conduct annual reviews and updates to the CP and related documents.
This process mitigates confusion by different interpretations of controls, and takes advantages of efficiencies of implementing the same or similar solutions across systems. Document updates are more easily managed, as the person who works on a solution for a control will automatically know when that POA&M item can be closed. Thus, fewer items are missed. There is also no time wasted in communicating control solutions from one individual to another.
We have also implemented several basic organizational techniques for managing the large number of documents required for security and for coordinating with the development and administration teams. These tools automate the process as much as possible and decrease the reliance on humans to remember everything. These tools are used in the following ways:
- A comprehensive list of security deliverables has been developed in Excel so that the list can be sorted by due date, assigned person, or information system
- Key deliveries and actions are set up for Outlook Calendar alerts (i.e. non-automated password changes for administrative accounts)
- The project manager for the security team coordinates on a regular basis with the project manager for the development and administration teams. For example, both managers maintain a list of POA&M items and coordinate solutions, implementation and scheduling on at least a monthly basis. Both managers coordinate closely with the agency ITSO.
- The security and development/administration teams conduct weekly or bi-weekly meetings where the status of any item may be reviewed with the entire technical team.
Blue Mountain takes a proactive stance in maintaining a secure infrastructure by closely monitoring security trends and deploying security updates, hotfixes and virus definitions to address potential vulnerabilities. Blue Mountain works to provide rapid response to US-CERT and FedCIRC notifications, together with applicable security incident reporting.
For continuous monitoring, Blue Mountain utilizes the Accelops SIEM, which collects, correlates and consolidates complex Network activity event logs from firewalls, routers, switches, VPN gateways, and the network IPS. Blue Mountain utilizes the Tenable Nessus Vulnerability Scanner for scanning network devices, servers, and workstations. Nessus allows Blue Mountain engineers to detect and monitor for the latest vulnerabilities via a plug-in feed. Blue Mountain also uses the McAfee Vulnerability Manager and IBM Tivoli Endpoint Manager or Bigfix. These tools are used to monitor and manage vulnerabilities, including security updates and hotfixes.
Securing Data From Within
It’s not sufficient anymore to rely on border routers and firewalls to protect your data. Data and file encryption, and two factor authentication for data/file access provides a much better shield from hackers who are successful at gaining access to the network. You see, once someone compromises a user account, they have access to any of the data and files that the user can see, even if they are encrypted. If sensitive data and file shares are further protected both by encryption and two factor authentication, the hacker must also have the token to retrieve the information.
Data Encryption and VPN
If you have personnel who tele-work or who regularly work out of the office, Blue Mountain can help you secure confidential information such as Personally Identifiable Information (PII). We assist with data encryption and VPN for remote access across all client desktops and notebooks. Blue Mountain will create a deployment plan and implement this complex technology with minimal impact and downtime to your users. We also can play a significant role in helping your administrators and users understand the importance of encryption and its necessity to protect the public that you serve.
For on premises email, Blue Mountain can help you implement an e-mail archiving solution, using Symantec Enterprise Vault, to address several customer requirements; centralizing user personal folders (Outlook “.pst” files), retaining data for purposes of eDiscovery and reduction of Exchange information stores for increased performance on the Exchange servers. For cloud email, Blue Mountain can assist with creating and managing appropriate email retention/archive periods for e-discovery.
Historically, clients have maintained that data that is not reasonably accessible because of undue burden or cost need not be disclosed. The Sedona principle 8, as revised, differentiates between levels of accessibility of electronic data and places additional burden upon customers who have a clear duty to preserve potentially discoverable information. Further, active online data is discoverable and must be readily able to be produced.
Available tools such as Enterprise Vault, provide the capability to search email information stores and readily produce active discoverable information. In addition, the product also provides the capability for archival of email outside of the Exchange information store, enabling older email to be accessible but freeing up disk space on the email system.
Blue Mountain works together with agency client offices to determine appropriate structure and categorization of email to be archived. We propose to assist with planning and implementing a solution that will enable agencies to proceed with email archival, while becoming confident that production of email for discovery purposes will be readily available.
Two Factor Authentication
Two-factor authentication provides yet another layer of security designed to prevent unauthorized access to sensitive data. Blue Mountain is experienced in implementing two-factor authentication in a way that minimizes impact to users. Blue Mountain’s two-factor authentication experience using RSA tokens, coupled with its applications development experience with single sign-on application access via Active Directory, provides demonstrable experience to enable us to assist agencies with this task, where applicable.