TDI has spent nearly two decades supporting Monster’s cybersecurity needs. From top to bottom, we have been their trusted cyber advisor.

Monster embarked on the process of Assessment & Authorization (A&A) in an effort to become compliant with government regulations, while paying particular attention to those of the U.S. Office of Personnel Management (OPM). To meet this goal, TDI offered services to provide Monster with a System Security Plan, Systems Security Authorization Agreement and the core set of artifacts needed to adhere to this process.

To proactively prepare for the various A&A efforts that are required of Monster by different U.S. government agencies, TDI assisted Monster in developing a base set of deliverables that meet the requirements for going through the A&A process. TDI tailored this core set to Monster such that the end-product satisfies most agency requirements into which Monster integrates their IT systems. For example, the OPM uses USAJobs, a Monster-developed application. Consequently, this application must undergo a A&A process to ensure that it meets with the regulations and guidelines set forth in FISMA.

TDI also developed a Configuration Management (CM) Plan for Monster which identified CM processes and procedures for the Monster System and its related applications. TDI also assisted OPM and the IRS in drafting and finalizing an Interconnection Security Agreement between the two organizations as well as a Memorandum of Understanding. Among the other tasks that TDI undertook included creating and re-engineering the Monster Contingency Plan and performing a Security Test and Evaluation on the USAJOBS System.

Other agencies that use the Monster application also have FISMA A&A requirements to fulfill.

We then developed a Secure Configuration Management (SCM) methodology and plan for Monster.com. We helped implement SCM at Monster.com to apply change control as a discipline that enforces security, technical, and administrative directions and surveillance in order to: identify and document functional and physical characteristics of configuration items (CIs); control changes to CIs and their related documentation; record and report information needed to manage CIs effectively; and audit CIs to verify their conformance to security policy, specifications, interface control documents, and other requirements. TDI worked with Monster.com to emphasize the purpose of SCM is to maintain the confidentiality and integrity of products as they evolve through the product development life cycle from requirements specifications through design, development, testing, and production.

TDI used SCM to help Monster identify the configuration its network systems at given points in time, systematically and securely controlling changes to the configuration, and maintaining the integrity and traceability of the configuration throughout the lifecycle. Monster assets that are currently placed under SCM include the software and hardware products that comprise the network as well as items required to create or maintain these products. TDI was instrumental in defining the SCM Plan that describes some of the SCM practices that have been implemented to manage the development and maintenance for Monster systems and related applications.

TDI was able to help with the implementation and design of the Monster Secure Configuration Management Plan. Our efforts resulted in proper configuration management at Monster, enabling them to answer the following questions:

  • What is the process for making changes to the network?
  • Who made a change to the network?
  • What changes were made to the network?
  • When were the changes made?
  • Why were the changes made?
  • Who authorized the changes?
  • What was the impact on Monster’s security posture?

As part of the many cybersecurity tasks TDI performed for Monster, we helped establish this SCM methodology so that Monster’s cybersecurity processes tied together from their system lifecycle’s beginning to end.

Testimonials

Don’t take it from us, hear what our clients have to say about TDI

“TDI’s approach to Managed Cybersecurity Performance (MCP) has been a game changer for us. We now have added visibility and insight to better understand risk and the ROI (return on investment) we’re receiving from our other security provider. Our security program continues to mature and we’re able to maintain continuous compliance. MCP gives me one less thing to worry about and frankly makes my job easier.””
Johnny Yang
Director Information Security & Compliance
“TDI always provides top notch personnel that meet or exceed the requirements of the contract. Their deliverables, reports, and technical aptitude are bar none. We will continue to hire TDI … they always come through for us and our end customers.”
Emilio Gonzalez
Joint Strike Fighter Program Manager
“[TDI Employee] You are the Man !! Thanks so much for the quick turn around.”
W.A. Harrison
USAJOBS Program Office Deputy Program Director
“The most appealing part of the engagement was the development of the 10-year strategic security plan for our mutual client. The quality of the thinking and input into the deliverables was exceptional.”
Bruce Gnatowski
Director Verizon Global Services
“On behalf of MCSC, PdM TFITS, Manpower Team, I would like to express our appreciation for the excellence in leadership & teamwork demonstrated by [TDI Staff] over the past 18 months. Her role as a lead IA professional was carried out in a manner above and beyond expectations.”
Beverly Walker
USMC Manpower Branch Manager
“Highly skilled and knows their work. . . exceptional at task preparation & reduced time to perform tasks by 90%. TDI brings quality & care to the table. Lots of companies have good people, but TDI employees really care about the work they do & the collective customers we support.”
Deron Burba
Smithsonian CIO
“TDI and its staff provided high quality testing engagements followed up by concise easy to understand reports. They clearly showed adherence to tasks schedule and offer adequate frequency of client/customer interaction resulting in a very satisfied customer.”
Carla Little-Kopach
Chief, DARPA SSO BPA
“TDI has proven an invaluable asset to the mission of the CTO…have strengthened the overall IA posture of the DEA Enterprise…and continues to further innovate and provide solutions that help sharpen the overriding information technology goals and mission of the Office of the CTO.”
Mark Shafernich
CTO, DEA

Related Case Studies

All Case Studies
TDI’s A&A efforts let Verisign sell its PKI to the U.S. government

TDI’s A&A effort on Verisign’s flagship PKI system successfully enabled Verisign to win its bid to become an official PKI provider of managed PKI services within the U.S. federal government.
We’ve fortified Smithsonian’s cyber for the better part of 2 decades

Our engineers have been embedded at Smithsonian longer than much of their own staff & we appreciate this honor & their trust to provide A&A, pen testing, training, business continuity, & more.
TDI provided years of cybersecurity direction & counsel to the DEA’s execs

From technology to process to people, TDI examined every DEA cybersecurity element & directly advised the CTO & DEA Administrator on how to better their organization. Then we stayed to help them do so.

nSights Report


X