HHS relied upon TDI’s help to perform numerous security assessments across their entire enterprise including all 8 of their GSS.

TDI has performed a number of Assessment & Authorization (A&A) tasks at HHS, including the very high-profile security assessment for the HHSIdentity system. HHSIdentity was projected to become the single provider of identity and access management services for the Program Support Center (PCS) and HHS at large. TDI conducted A&A and security assessment services on eight high-profile general support systems (GSS) at HHS. Our services included penetration testing as well as independent review and recommendations on the overall security practices at HHS and their application to each of the eight GSS. TDI diligently conducted security assessment activities for each of the 8 GSS and produced a detailed Security Assessment Report (SAR) for each system. Previous ST&E efforts conducted at Prior to the concept proliferating and becoming normal practice, TDI developed a formalized list of “common controls” which facilitated the efficiency of evidence collection and is currently being used by the HHS to streamline future assessment efforts by eliminating duplication in evidence collection for any system in possession of “common controls”.

TDI naturally delivered the requisite work products for a normal A&A and security assessment effort for the eight GSS systems, yet as with all our efforts we went above and beyond our contractual requirements. TDI also provided an Independent Review and Recommendations report which complemented the A&A deliverables required by the contract. We essentially provided a high-level overview of findings not covered by the security assessment yet related to deficiencies in HHS security policy distribution, naming conventions, compliance with government template standards, etc. According to the customer, the added efforts provided HHS with insight otherwise unavailable from any of the previously conducted security assessment efforts. Finally, the evidence artifact list we provided for each of the 8 GSS demonstrated TDI’s findings were not only legitimate but also readily traceable and actionable to specific system, system artifact, and – at times – system personnel.

HHS’ PSC CISO was delighted with the level of involvement TDI demonstrated and the extensive project delivery expertise exhibited by TDI on this effort.

Testimonials

Don’t take it from us, hear what our clients have to say about TDI

“TDI’s approach to Managed Cybersecurity Performance (MCP) has been a game changer for us. We now have added visibility and insight to better understand risk and the ROI (return on investment) we’re receiving from our other security provider. Our security program continues to mature and we’re able to maintain continuous compliance. MCP gives me one less thing to worry about and frankly makes my job easier.””
Johnny Yang
Director Information Security & Compliance
“TDI always provides top notch personnel that meet or exceed the requirements of the contract. Their deliverables, reports, and technical aptitude are bar none. We will continue to hire TDI … they always come through for us and our end customers.”
Emilio Gonzalez
Joint Strike Fighter Program Manager
“[TDI Employee] You are the Man !! Thanks so much for the quick turn around.”
W.A. Harrison
USAJOBS Program Office Deputy Program Director
“The most appealing part of the engagement was the development of the 10-year strategic security plan for our mutual client. The quality of the thinking and input into the deliverables was exceptional.”
Bruce Gnatowski
Director Verizon Global Services
“On behalf of MCSC, PdM TFITS, Manpower Team, I would like to express our appreciation for the excellence in leadership & teamwork demonstrated by [TDI Staff] over the past 18 months. Her role as a lead IA professional was carried out in a manner above and beyond expectations.”
Beverly Walker
USMC Manpower Branch Manager
“Highly skilled and knows their work. . . exceptional at task preparation & reduced time to perform tasks by 90%. TDI brings quality & care to the table. Lots of companies have good people, but TDI employees really care about the work they do & the collective customers we support.”
Deron Burba
Smithsonian CIO
“TDI and its staff provided high quality testing engagements followed up by concise easy to understand reports. They clearly showed adherence to tasks schedule and offer adequate frequency of client/customer interaction resulting in a very satisfied customer.”
Carla Little-Kopach
Chief, DARPA SSO BPA
“TDI has proven an invaluable asset to the mission of the CTO…have strengthened the overall IA posture of the DEA Enterprise…and continues to further innovate and provide solutions that help sharpen the overriding information technology goals and mission of the Office of the CTO.”
Mark Shafernich
CTO, DEA

Related Case Studies

All Case Studies
Monster calls on TDI to support its cyber requirements and scare away risk

As Monster’s cybersecurity partner for over a decade, TDI helped Monster navigate the difficult waters of Federal compliance by conducting A&A & other cyber efforts delivering roadmaps to protection
TDI’s A&A efforts let Verisign sell its PKI to the U.S. government

TDI’s A&A effort on Verisign’s flagship PKI system successfully enabled Verisign to win its bid to become an official PKI provider of managed PKI services within the U.S. federal government.
TDI applies all its energy to ensuring DOE GSS keeps the lights on

DOE’s Office of Science relied on TDI’s Assessment & Authorization expertise to attain an Authority to Operate for its main general support system

nSights Report


X