Take the first step: 1.866.746.1122

vision_banner_federal_solutions_and_services

Cyber Security

Cyber SecurityVision Technologies (Vision) has the strategic, technical, and functional expertise to help government agencies cost-effectively protect their information infrastructure. Government agencies must deal with new regulations, budget constraints, and manpower limitations to protect their physical and virtual environments from a steady increase in manmade and natural threats. To succeed, they must use innovative technologies to ensure that administrative, physical, and technical safeguards prevent or limit security breaches and attacks. Vision has proven methods for solving complex security challenges and building organizational capabilities needed to combat cybersecurity threats.

Taken together, National Security Presidential Directive 54 and Homeland Security Presidential Directive 23 comprise the Comprehensive National Cybersecurity Initiative (CNCI), aimed at addressing one of the most serious economic and national security challenges we face as a nation. Vision assists the government in fielding an organized and unified response to future cyber incidents; while strengthening public/private partnerships to find technology solutions that ensure U.S. security and prosperity to meet the digital challenges of our time. Our solutions shore up existing defenses while providing a roadmap for continuous improvement.

Our Approach & Benefits

Today nearly every business and organization relies on information technology for every aspect of operations. This increased reliance on technology makes combating vulnerabilities an ever-increasing priority. To minimize risks, Vision offers a suite of security services that focus on the preservation of confidentiality, integrity of data, and availability of network resources. Our services aim to:

  • Improve security and reduce risk across the enterprise
  • Define policies and procedures to enable a predictable, measured security posture
  • Simplify compliance with governmental guidelines and mandates
  • Combat threats and reduce/eliminate incidents or disruptions through proactive vulnerability management
  • Speed response and recovery

drop-arrow   Network Security

Government agencies must maintain safe, continuous operation of their network in order to meet mission goals and objectives. With the growing threats of viruses, intrusions and other attacks, however, securing systems, networks, applications and critical information resources and integrity is a constant challenge. Vision’s security experts maintain the highest level of professional certifications to ensure that your network is equipped against external and internal security breaches, threats and potential risks and to quickly identify and mitigate vulnerabilities.

Vision uses a multi-layered approach to analyze your agency’s IT security and implements appropriate measures to keep your system safe. Our comprehensive plan delivers policy, procedures, and protection for all layers, including:

  • Physical access to servers and network devices
  • Virus protection at the system level and email gateways
  • Monitoring of network traffic for malicious activity
  • Security training for system administrators, web developers, and end users
  • Vulnerability assessments
  • Timely system patching
  • Encryption
  • OS lockdown
  • Network perimeter tools (firewalls, network and host IDS/IPS, security information, management systems)
  • Information assurance capability
  • Monitoring and log auditing at the system and application level (Unix syslog, Windows logs, Website logs, firewall logs, database logs, host-based intrusion detection logs)
  • Regularly scheduled self-audit for each of these areas
  • Compliance with federal mandates and legislation

Project Highlights

  • Supporting the U.S. Environmental Protection Agency with a full range of IT advisory and assistance services to support their information policy, planning and program management
  • Providing Cyber Security to the U.S. Department of Energy Western Area Power Administration and Desert South West
  • Developing integrated privacy and security programs for a variety of federal government clients, to identify and mitigate potential privacy and security risks during all phases of IT systems design and development

drop-arrow   Security Operations Center

In order to provide services and efficient operations, Federal agencies must be able to depend on the reliability and security of their information and infrastructure. To protect against the ever increasing number of internal and external security threats, policies and requirements demand flexibility to meet ever-changing security demands. Vision’s integrated approach to planning, deploying, staffing and maintaining Security Operations Centers ensures that your agency can proactively and effectively meet security challenges.

Vision’s certified Information Assurance (IA) experts work with your agency to assess your security structure and map out a solution that complies with myriad IA policies and mandates. Vision monitors and manages intrusion detection and prevention; ensures implementation of an overall security policy across an enterprise; provides prioritization, oversight and disclosure of key risks and vulnerabilities; and provides end-to-end risk management services throughout the risk life cycle.

Vision’s security experts utilize the latest Enterprise Security Management (ESM) tools and technologies in your SOC and provide timely updates to keep current with rapidly evolving threats. Our experienced subject matter experts are fully trained and able to leverage the technology and processes necessary to ensure the security and availability of your networks. With our well-designed IA capability and SOC, we are able to reduce regulatory compliance costs, increase your IT infrastructure security and overall efficiency, and fully integrate your security program.

Security Operations Center services include:

  • Centralized management that reduces and mitigates risk of the security infrastructure
  • Better utilization of security personnel and budget to improve efficiencies of scale and reduce cost
  • Faster, more effective response to security threats and incidents
  • Elimination of duplicate efforts and “holes” in security coverage
  • Central enterprise security POC for entire organization
  • Compliance with regulatory IA requirements at lower costs
  • Scalable tools that leverage existing resources

Vision Security Management is comprised of two key tasks. Fault Management ensures continuous operation of the security infrastructure through monitoring of client security devices, fault detection and signaling; fault reporting; corrective action determination; corrective action implementation; and system recovery, if necessary. Configuration Management ensures the continuous enforcement of firewall rules tailored to customer needs. It applies to all equipment managed by the SOC and includes data packet discard/acceptance rules between an external source and an internal destination (or vice versa) based on source address, destination address, network protocol, service protocol, and traffic log.

To determine the overall security of your systems and operations, Vision utilizes a twofold approach to Security Assessment. Vulnerability assessments search for known weaknesses of systems and software and are accomplished through specific technologies configured and customized for each assessment. Penetration tests isolate and exploit known or unknown vulnerabilities of systems, services, and installed web applications and attempt to quantify the threat level and potential impact on each system.

Vision technical assistance experts are ready to support you on any issue regarding system operation, system violations, system update, security hardware, software update, and configuration. For your convenience, our assistance can be provided remotely or on site, depending on your needs and the level of service. Benefits to these services include:

  • Deliver IT security services
  • Prevent unauthorized access and manage security
  • Provide risk management through centralized analysis using the combined resources consisting of personnel, dedicated hardware and specialized software
  • Offer continuous risk analysis and guarantee protection against intrusion
  • Monitor and analyze firewall activity, Intrusion Detection System (IDS) activity, antivirus activity, individual vulnerabilities, etc.
  • Operate 24 hours a day, seven days a week, 365 days a year
  • Provide real-time monitoring, coordinates incidents and response activities, and issues advisories concerning threats

drop-arrow   Certification & Accreditation

Proper planning and procedures are essential to ensure that Certification & Accreditation (C&A) aspect of your IT system operates cost effectively and efficiently. Vision thoroughly understands all phases of C&A and implements the crucial processes that enable your agency to support and sustain an efficient process in accordance with your budget and regulatory requirements. Vision understands that documentation of security controls and process of IT systems is only the first step in the C&A process. Systematic risk assessment and vulnerability analysis are necessary to identify potential areas to improve the C&A process.

Vision is poised to help you meet the challenge set forth in NIST SP800-37r1 that states, “…security authorization challenges managers at all levels to implement the most effective security controls Information Assurance Capability possible in an information system, given mission and business requirements, technical constraints, operational constraints, cost/schedule constraints, and risk-related considerations.” Our experts help to leverage your C&A investment to ensure that your IT infrastructure is secure, available and compliant.

Our comprehensive C&A services include:

  • Consistent and efficient processes that streamline the C&A process to ensure
  • Enhanced overall enterprise security management plan and processes through integration of lessons learned from the C&A process
  • Improved system and program security beyond compliance requirements
  • Quicker and more effective transition to new guidance and regulations
  • Qualified professionals with the appropriate level of training and skill sets to address mission critical and business challenges

Our services meet or exceed regulations and standards including:

  • Federal agencies: FISMA, NIST SP800-37, HIPAA, and OMB A-130
  • DoD specific: 8510.01 (DIACAP) and transition from 5200.40 (DITSCAP)
  • National security systems specific: DCID 6/3 and NSTISSI No. 1000 (NIACAP)

Our personnel have earned the highest professional industry certifications, including:

  • National Security Agency Information Assessment Methodology (IAM) certification
  • National Security Agency Information Evaluation Methodology (IEM) certification
  • Certified Information System Security Professional (CISSP)
  • SANS Global Information Assurance Certifications
  • Certified Protection Professional
  • Associate Business Continuity Professional (ABCP)
  • Certified Business Continuity Professional (CBCP)
  • Certified Disaster Recovery Planner (CDRP)
  • Certified Information Security Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified Computer Examiner (CCE)
  • Certified Intrusion Analyst (CIA)
  • Cisco Certified Security Professional (CCSP)
  • Cisco Certified Network Associate (CCNA)
  • Cisco Certified Network Professional (CCNP)
  • Cisco Certified Internetwork Expert (CCIE)

drop-arrow   Enterprise Security Management

At Vision, our Enterprise Security Management (ESM) solutions extend well beyond software selection and network installation. We develop solutions that integrate your processes and personnel, and align security with your agency’s goals and processes. Vision’s team of security experts thoroughly assess your needs and develop a solution that meets your regulatory requirements, staffing levels and expertise, and most importantly—your budget. We determine not only your current requirements, but also the scalability of the ESM for future expansion and added security features and functionality. Because the security threats are constantly evolving, we ensure that your ESM solution can respond to meet these challenges. Vision has the knowledge and staff to work with you every step of the way to deliver an ESM solution that becomes the hub around which your security infrastructure is built, providing security to your infrastructure and value to your bottom line.

Services include:

  • Integration with existing security, administrative tools and processes and business practices to secure the entire organization
  • Faster and more accurate evaluation of security events
  • Automated capability that enables properly trained security personnel to instantly identify security issues
  • Protection that defends networks, systems, applications and data from accidents, malice or inadequate planning
  • Enterprise-wide strategy for information assurance that protects the confidentiality, integrity, authentication, availability and validity of your environment
  • Trusted methodologies, products and tools
  • Holistic view of information-related risks incorporates the spectrum of human, technology and regulatory dependencies

Vision’s Enterprise Security services will help your organization to:

  • Improve security and reduces risk across the enterprise
  • Define policies and procedures to enable a predictable, measured security posture
  • Simplify compliance across governmental guidelines
  • Reduce threats, incidents and disruptions through proactive vulnerability management
  • Speed response and recovery

drop-arrow   Disaster Recovery & Continuity of Operations

Today, increasing threats from terrorist attacks, natural disasters, hackers, and viruses have highlighted the need for Disaster Recovery (DR) and Continuity of Operations (COOP) plan. Mission essential functions (MEF) and national essential functions (NEF) are mandated to continue regardless of the impact or scope of events by the government. Vision professionals understand these threats as well as your essential functions and aim to deliver high availability of systems and infrastructure every day, not just in times of crisis. Using an enterprise-wide approach, we identify essential business functions, assess your state of operations, recommend policies to reduce disruptions and risks, train your staff in preparedness techniques, and provide documentation and control for critical systems and networks.

From startup to execution, Vision’s structured approach to COOP and DR is based on industry best practices and processes recommended by the National Institutes of Standards and Technology (NIST). Our cost-effective, realistic solutions are based on the seven-step contingency process in NIST 800-34:

  1. Develop the contingency planning policy statement
  2. Conduct the business impact analysis
  3. Identify preventive controls
  4. Develop recovery strategies
  5. Develop an IT contingency plan
  6. Plan for testing, training, and exercises
  7. Plan maintenance

Vision ensures that your COOP and DR solution fits within the overall framework of your risk management and enterprise security requirements, change management practices, incident response policies and procedures, and Certification & Accreditation (C&A) life cycle. Additionally, all Vision solutions meet requirements set forth in OMB A-130, HSPD 20, DoD 3020.26, and DoDI 3020.45 and follow NIST guidance for COOP planning (800-34) and testing/training/exercises (800-84).

Our Disaster Recovery & Continuity of Operations services include:

  • Site-specific threat assessments
  • Detailed contingency plans development
  • Operations framework implementation
  • Standard operating procedures development
  • Training staff through classroom instruction, workshops and computer-based methods
  • Direct procedural and performance drills
  • Standard and customized automated support systems implementation

Vision’s Disaster Recovery and Continuity of Operations services will help your organization to:

  • Improve ability to avoid or reduce business disruption
  • Minimize ad hoc reorganization, duplication and confusion
  • Provide detailed guidance for restoring normal operations without disrupting key activities
  • Avoid unnecessary expenses resulting from unexpected outages
  • Prepare employees to effectively deal with contingencies
  • Comply with federal regulations

drop-arrow   Firewall Administration

In a multi-layered security plan, firewalls serve as the critical first line of defense to keep malicious traffic out of the network while allowing valid traffic to enter. Vision analyzes your network traffic and works with your user groups and system administrators to determine services, protocols, and the normal port usage for your network. Based on this analysis, we tailor a firewall configuration to simultaneously secure your IT resources and provide seamless network access for your agency. We regularly review this configuration to ensure that outdated access and obsolete rules are removed to prevent vulnerabilities.

Vision evaluates, approves, and documents requested changes to the firewall policy. We locate public-facing services, such as web traffic, email, and remote access to bar invalid traffic from the Internet from entering the internal network. We service all externally sourced traffic to protect the internal systems from hackers and malicious code. Vision uses established industry best practices for regular maintenance of security patches to the firewall operating system and application software. Logs are sent to a secure syslog server and monitored daily.
Our Firewall Administration services include:

  • Increase security to prevent threats from getting into the network
  • Development and documentation of firewall rules
  • Internal systems protection from hackers and malicious attacks
  • Compliance with federal mandates and legislation

drop-arrow   Risk Analysis & Assessment

Vision’s Information Assurance (IA) experts understand that risk analysis and assessment are essential to securing your IT resources. Our professionals analyze each of your IT assets to identify all possible threats and vulnerabilities and determine the probability of each event and its impact. Once risks are identified and assessed, we select and implement the necessary preventive, corrective, or detective control methods.

Because networks, systems and personnel are constantly evolving, the risk management process is continuous and ongoing. Vision conducts periodic reviews to uncover new threats and vulnerabilities and to evaluate the effectiveness of existing control methods. We also develop a security policy to support the IT infrastructure to securely transfer sensitive information.

Our Risk Analysis and Assessment services include:

  • Policy and program development
  • Public-private sector cooperation
  • Critical infrastructure asset identification
  • Continuity and contingency
  • Physical infrastructure protection planning
  • Information systems security
  • Vulnerability analysis and threat assessment
  • Emergency preparedness, awareness, training, assessment and exercises
  • Information assurance
  • Integrated force protection technologies
  • Crisis management planning software
  • Information system security products

Vision’s comprehensive product and service portfolio meets the requirements of PDD-63 and addresses more current Homeland Security Presidential Directives (HSPDs) and national policies including: incident management and response (HSPD-5), identifying and prioritizing national CIKR and public-private partnerships (HSPD-7), national preparedness goals (HSPD-8), and the National Infrastructure Protection Plan.

Benefits of Vision’s Risk Analysis and Assessment services include:

  • Increase awareness to identify areas that require security improvements
  • Identify appropriate and cost-effective countermeasures
  • Provide justification for security expenditures
  • Comply with federal mandates and legislation
  • Ensure continuity and viability of critical infrastructures
  • Speed response and recovery
  • Prepare stakeholders to effectively deal with contingencies

drop-arrow   Incident Response

Vision provides Information Assurance (IA) expertise to assist your agency in creating policies, plans, and procedures in compliance with federal regulations before an incident occurs. Based on incident response methodology specified by National Institute of Standards and Technology (NIST) and Federal Information Security Management Act (FISMA), Vision’s experts work with your existing incident response program or establish a new capability for your agency to:

  • Create or modify an incident response policy and associated plans to ensure a timely response to any incident
  • Establish incident response teams that create interactions between IT and business personnel
  • Establish internal and external relationships between incident responders, agency stakeholders and regulatory overseers
  • Develop procedures supporting the incident response policy and reporting requirements
  • Assemble teams and address staffing and training requirements
  • Identify all internal and external stakeholders for participation in the incident response process
  • Determine service offerings provided by incident response team(s)
  • Integrate incident response into a Security Operations Center (SOC), if applicable
  • Comply with NIST guidance, including Special Pubs 800-61 Rev 1, 800-83, and 800-86 as well as FISMA requirements that all federal agencies have “procedures for detecting, reporting, and responding to security incidents,” and that the risks associated with these security incidents need to be mitigated “before substantial damage is done.”

Vision can integrate incident response to the U.S. Computer Emergency Readiness Team (US-CERT) into an existing Security Operations Center (SOC) or build upon existing policies and procedures to meet compliance requirements. Whether working with a SOC or a standalone incident response team, we tailor a plan that fits the size of your agency and your budget.

Benefits of Vision’s Incident response services include:

  • Reduce time and effort necessary to discover and address vulnerabilities
  • Achieve greater situational awareness and increases overall security posture
  • Remove geographic barriers and enhances information sharing and collaboration
  • Improve service through regular metrics evaluation
  • Enhance relationships with stakeholders to promote early and active participation
  • Reduce errors and downtime
  • Improve staff efficiencies by introducing documented, repeatable, measurable and automated processes
  • Strengthen analysis and reporting efficiencies with proven, advanced analytical support tools
  • Transform trends, anomalies and potential areas of weakness into comprehensive and actionable reports
  • Improve regulatory compliance
 

Federal Clients

At Vision Technologies (Vision), we recognize the value of doing the job right, the first time. Our execution culture fosters the spirit of customer service, and the result is satisfied customers who are willing to share their experiences with you. Here's a partial list of our satisfied customer accounts:

  • Department of Homeland Security
  • Department of Veteran Affairs
  • Environmental Protection Agency
  • Federal Deposit & Insurance Corporation
  • U. S. Environmental Protection Agency

If you'd like a referral from any of these accounts, please contact us and we'll forward the information!

Federal Services List

Press Releases

Click to view Federal Contracts

Click to view Federal Past Performance

WHITE PAPERS

Neutralizing Spyware in the Enterprise

Cisco’s Safe White Paper

Vision Technologies Identity Management

What's New at Vision

HTNG 2014 North American Conference on 3/3 in San Diego, CA - Read More

Government Procurement Vendor Fair  on 3/12 in Memphis, TN - Read More

Vision Technologies Installs the First Private Commercial Building Public Safety Distributed Antenna System in Arlington, Virginia - Read More

Vision Technologies Manages Communication Networks for Fifth Largest School District in the U.S. - Read More

#InBuildingWireless event 10/3 in NYC for #cabling companies. Partner with us for value-added services & #DAS. http://t.co/nIkH6BStXb