TDI helped secure JSF’s enterprise, providing Certification and Accreditation management, security operations, and security consulting.

TDI provided a suite of information assurance (IA) services to the Joint Strike Fighter (JSF) Program Office to secure JSF’s enterprise of fourteen classified and unclassified networks. Our support included Certification and Accreditation (C&A) management, security operations, and security consulting.

We developed C&A documentation that follows DoD Information Assurance Security Certification and Accreditation Process (DIACAP) requirements. We worked with system stakeholders to collect information from the various remote offices around the nation. TDI performed site visits to interview, update, inform, and verify site profile information with site security officers, and system stakeholders. Throughout the process, TDI served as the IA liaison by offering regulatory guidance for C&A, including advice on how to adhere to DoD as well as national and organizational security requirements such as FISMA, The Privacy Act of 1974, and OMB Circular A-130.

TDI was also responsible for continuously maintaining the accreditation of the SIPRNet network through the Connection Approval Process (CAP) within the JSF program. We performed the following: Completed the entire DIACAP process utilizing the System Identification Profile (SIP), DIACAP Implementation Plan (DIP), the DIACAP Scorecard, the System Security Plan (SSP), and the Plan of Action and Milestones.  TDI also secured critical infrastructure components and endpoints by implementing configurations according to applicable Security Technical Implementation Guides (STIGs), and by remediating vulnerabilities that were identified in vulnerability scans.

TDI was also responsible for policy compliance, internal policy development, and strategic planning for the Information Technology Division. TDI designed Business Continuity and Disaster Recovery Plans for JSF, developing security record keeping procedures and program impact analyses. We monitored DoD compliance notices issued by United States Cyber Command and ensured that security patches, Communication Tasking Orders and Warning Orders were implemented in a timely fashion.

TDI performed Information Assurance Officer (IAO) duties within the classified vault space for Top Secret Special Access Programs (SAP) which included the following duties: developed the Certification and Accreditation Plans for both the collateral and Top Secret networks; ensured that systems were operated, maintained and disposed of in accordance with internal security policies and practices as outlined in the SSP; and ensured that all users had requisite security clearances, authorization, and need-to-know, and were aware of their security responsibilities before access was granted. TDI formally notified the Information Assurance Manager (IAM) and Designated Approval Authority (DAA) when changes occurred that might affect the accreditation. We also reported any security-related incidents or violations, and notified management of any change in a systems’ intelligence and SAP level information. TDI also ensured that IA requirements were addressed during all phases of the system life cycle and authorized software, hardware and firmware use before implementation on any of the classified systems.

Our team also served as JSF’s primary contact for the U.S. Air Force Information Warfare Center’s (AFIWC) Automated Security Incident Monitor (ASIM), the Air Force’s 24 hour/7 day per week worldwide intrusion detection tool. Communications were maintained frequently ensuring prompt responses to reported security incidents. We developed configurations and Automated Information System Security Plans (AISSPs) for network and standalone classified processing systems from Secret/Collateral to Top Secret/Special Access Required (TS/SAR). We ensured that the security architecture of the network complied with stringent national computer security requirements.

TDI’s implementation and management of cryptologic technologies had significantly increased the security of data transmitted on the JSF networks. TDI implemented the Joint Strike Fighter (JSF) Program Public Key Infrastructure (PKI) to organize and manage individual encryption keys to securely transmit For Official Use Only (FOUO) information across public networks. TDI validated users’ identities, tracked PKI certificate expirations, and revoked them per JSF policy. We applied our knowledge of Federal Information Processing Standard (FIPS) 201: Personal Identity Verification of Federal Employees and Contractors, National Institute of Standards and Technology (NIST) Special Publication (SP) 800-32: Introduction to Public Key Technology and the Federal PKI infrastructure, NIST SP 800-73: Interfaces for Personal Identity Verification, and Homeland Security Presidential Directive (HSPD)-12 PIV-1 security controls. Incorporating these and various other standards, TDI ensured the security architecture of the JSF network complied with stringent national computer security requirements.

TDI also secured web applications. We installed VeriSign certificates (PKI security key) for the Flight Clearance application and helped to export/import VeriSign keys for the Flight Test Status Report. As the COMSEC custodian, we ordered, controlled, and installed all encryption key material. TDI managed Intelligence Community PKI tokens within JSF and were responsible for the security design review and corrections a security vault build. We wrote the User Instructional Guide for the Security System, Flight Clearance, and Suspense Tracking Applications. Finally, we wrote technical advisory White Papers, such as one to recommend encryption and its usage on Personal Digital Assistants program-wide.

Our successful efforts led to TDI becoming the central point of reference for all cyber security related matters at JSF. At various times throughout the performance period, TDI personnel have received commendations from the JSF PM and Deputy PM. TDI performance was praised (July of 2008) by our customer who indicated “what a great job [TDI employee] is doing for the Information Assurance team at Joint Strike Fighter”. He added: “My hat’s off to [TDI Employee] and the rest of the TDI team for creating such a higher standard within the IA Industry.”

TDI is a Fully Qualified Navy Validator company

Testimonials

Don’t take it from us, hear what our clients have to say about TDI

“TDI’s approach to Managed Cybersecurity Performance (MCP) has been a game changer for us. We now have added visibility and insight to better understand risk and the ROI (return on investment) we’re receiving from our other security provider. Our security program continues to mature and we’re able to maintain continuous compliance. MCP gives me one less thing to worry about and frankly makes my job easier.””
Johnny Yang
Director Information Security & Compliance
“TDI always provides top notch personnel that meet or exceed the requirements of the contract. Their deliverables, reports, and technical aptitude are bar none. We will continue to hire TDI … they always come through for us and our end customers.”
Emilio Gonzalez
Joint Strike Fighter Program Manager
“[TDI Employee] You are the Man !! Thanks so much for the quick turn around.”
W.A. Harrison
USAJOBS Program Office Deputy Program Director
“The most appealing part of the engagement was the development of the 10-year strategic security plan for our mutual client. The quality of the thinking and input into the deliverables was exceptional.”
Bruce Gnatowski
Director Verizon Global Services
“On behalf of MCSC, PdM TFITS, Manpower Team, I would like to express our appreciation for the excellence in leadership & teamwork demonstrated by [TDI Staff] over the past 18 months. Her role as a lead IA professional was carried out in a manner above and beyond expectations.”
Beverly Walker
USMC Manpower Branch Manager
“Highly skilled and knows their work. . . exceptional at task preparation & reduced time to perform tasks by 90%. TDI brings quality & care to the table. Lots of companies have good people, but TDI employees really care about the work they do & the collective customers we support.”
Deron Burba
Smithsonian CIO
“TDI and its staff provided high quality testing engagements followed up by concise easy to understand reports. They clearly showed adherence to tasks schedule and offer adequate frequency of client/customer interaction resulting in a very satisfied customer.”
Carla Little-Kopach
Chief, DARPA SSO BPA
“TDI has proven an invaluable asset to the mission of the CTO…have strengthened the overall IA posture of the DEA Enterprise…and continues to further innovate and provide solutions that help sharpen the overriding information technology goals and mission of the Office of the CTO.”
Mark Shafernich
CTO, DEA

Related Case Studies

All Case Studies
TDI made it smooth sailing for MSC on the sea of cybersecurity

MSC brought TDI in as its partner in cybersecurity, charged with designing, implementing, & operating a cybersecurity framework to continuously identify & manage vulnerabilities across its vast fleet.
TDI, security the warfighter so they can keep us safe

Semper Fidelis is a motto the Marines live by. TDI embraced this notion, having provided cybersecurity services to the US Marine Corps for over a decade across dozens of programs.
TDI securely marches in step with the U.S. Army

TDI has managed the Assessment & Authorization (A&A) efforts for the Army AWRDS program since 2006, ensuring it achieved and maintained uninterrupted Authority to Operate, under both DIACAP and RMF.

nSights Report


X