TDI’s Assessment & Authorization services helped carry 100 NIH systems over the goal-line & attain or maintain their authority to operate.

TDI assisted NIH with the Assessment & Authorization (A&A) process for over 100 of their critical systems. In the course of our work at NIH, TDI was either directly responsible for or heavily supporting the following components of the A&A lifecycle as laid out by NIST SP 800-37 and as required under the Federal Information Security Management Act of 2002 (FISMA) as well as other Federal laws and regulations:

  • System Categorization: TDI identified and/or verified the high, moderate, or low categorization of the NIH systems in scope based on an impact analysis covering Confidentiality, Integrity, and Availability of the system.
  • Security Control Selection and Implementation: TDI assisted NIH in selecting security controls most appropriate for the targeted information systems and consulted on their implementation. We heavily leveraged Risk Assessments, including vulnerability assessments, to tailor the control selection to NIH and achieving the best and most efficient protection. Finally, we documented these controls in NIH’s System Security Plan (SSP).
  • Security Control Assessment: TDI performed Security Testing and Evaluation (ST&E) of all selected security controls implemented in NIH’s information systems to determine whether or not the controls were implemented effectively to provide NIH with real protection against threats to their systems.
  • System Authorization: TDI prepared all necessary paperwork, including the certification package, to streamline the process of obtaining Authority to Operate (ATO) for all covered NIH systems.
  • Continuous Monitoring: TDI supported NIH in maintaining security in its systems even after ATO was granted by ensuring progress on the Plan of Action and Milestones (POA&M) and providing consulting on control implementations.
  • Based on TDI’s performance on A&A-related activities, NIH indicated the efficacy with which we conducted our efforts warranted our being the sole authors of the NIH Policy for Assessment & Authorization of Systems and Applications.

TDI also provided legal and regulatory guidance for the A&A process, including advice on how to adhere to national and organizational security requirements such as FISMA, NIST-issued Federal Information Processing Standards and Special Publications, and Office of Management and Budget (OMB) Circular A-130 and selected guidance.

Testimonials

Don’t take it from us, hear what our clients have to say about TDI

“TDI’s approach to Managed Cybersecurity Performance (MCP) has been a game changer for us. We now have added visibility and insight to better understand risk and the ROI (return on investment) we’re receiving from our other security provider. Our security program continues to mature and we’re able to maintain continuous compliance. MCP gives me one less thing to worry about and frankly makes my job easier.””
Johnny Yang
Director Information Security & Compliance
“TDI always provides top notch personnel that meet or exceed the requirements of the contract. Their deliverables, reports, and technical aptitude are bar none. We will continue to hire TDI … they always come through for us and our end customers.”
Emilio Gonzalez
Joint Strike Fighter Program Manager
“[TDI Employee] You are the Man !! Thanks so much for the quick turn around.”
W.A. Harrison
USAJOBS Program Office Deputy Program Director
“The most appealing part of the engagement was the development of the 10-year strategic security plan for our mutual client. The quality of the thinking and input into the deliverables was exceptional.”
Bruce Gnatowski
Director Verizon Global Services
“On behalf of MCSC, PdM TFITS, Manpower Team, I would like to express our appreciation for the excellence in leadership & teamwork demonstrated by [TDI Staff] over the past 18 months. Her role as a lead IA professional was carried out in a manner above and beyond expectations.”
Beverly Walker
USMC Manpower Branch Manager
“Highly skilled and knows their work. . . exceptional at task preparation & reduced time to perform tasks by 90%. TDI brings quality & care to the table. Lots of companies have good people, but TDI employees really care about the work they do & the collective customers we support.”
Deron Burba
Smithsonian CIO
“TDI and its staff provided high quality testing engagements followed up by concise easy to understand reports. They clearly showed adherence to tasks schedule and offer adequate frequency of client/customer interaction resulting in a very satisfied customer.”
Carla Little-Kopach
Chief, DARPA SSO BPA
“TDI has proven an invaluable asset to the mission of the CTO…have strengthened the overall IA posture of the DEA Enterprise…and continues to further innovate and provide solutions that help sharpen the overriding information technology goals and mission of the Office of the CTO.”
Mark Shafernich
CTO, DEA

Related Case Studies

All Case Studies
TDI’s A&A efforts let Verisign sell its PKI to the U.S. government

TDI’s A&A effort on Verisign’s flagship PKI system successfully enabled Verisign to win its bid to become an official PKI provider of managed PKI services within the U.S. federal government.
We’ve fortified Smithsonian’s cyber for the better part of 2 decades

Our engineers have been embedded at Smithsonian longer than much of their own staff & we appreciate this honor & their trust to provide A&A, pen testing, training, business continuity, & more.
HUD relies on TDI to meet its cyber & infrastructure protection needs

From gap analyses to risk & vulnerability assessments to developing comprehensive policies, via our proven cybersecurity policy creation model, TDI moved HUD into a regimented cybersecurity program.

nSights Report


X