NARA Information Security

Challenges

NARA needed Information Security support services including system Certification and Accreditation (C&A) and IT Security Compliance Testing.

Solutions

DRC conducted Risk Assessments and developed System Security Plans, Contingency Plans, and Security Test and Evaluation (ST&E) Plans for eight major applications. We developed and executed a detailed C&A Project Plan and templates (e.g., System Security Plan, Risk Assessment, Contingency Plan, etc.).

DRC developed and executed system ST&E Plans to assess whether the management, operational, and technical controls met the requirements for accreditation. The results of our security testing were documented in system ST&E Reports and served as input for NARA's accreditation decision. In addition, we supported NARA with developing a Plan of Action & Milestones (POA&M) for select systems where Information Technology (IT) security weaknesses were identified through the C&A activities.

DRC Security Engineers provide network intrusion detection and firewall system analysis, tuning, and maintenance and conduct security assessments and analysis on NARA systems. Earlier in the project DRC conducted Certification and Accreditation (C&A) and IT Security Compliance Testing activities. C&A support was provided in accordance with the National Institute of Standards and Technology (NIST) guidelines and the NARA Certification and Accreditation Program. DRC designed and implemented Standard Operating Procedures (SOPs), maintenance procedures and protocols, and end-user training for NARA's user community.

Benefits/Achievements

Each system that DRC supported was successfully accredited. DRC improved NARA network security, configuring and implementing network access control systems for all of the NARA, including firewalls, IDSs, and VPNs; and we took NARA to a private IP addressing scheme to enhance security beyond the baseline industry standard.

Interested in more information?