Orizon works with its clients to implement National Institute of Standards and Technology (NIST), DoD and intelligence community IA and security strategies to monitor their critical systems, identify vulnerabilities and risks, and secure business-critical applications and data. Our comprehensive offerings, including continuous monitoring, as well as governance, risk and compliance support to safeguard the confidentiality, integrity, and availability of vital systems and data.
 
Orizon works with its clients to implement National Institute of Standards and Technology (NIST), DoD and intelligence community IA and security strategies to monitor their critical systems, identify vulnerabilities and risks, and secure business-critical applications and data. Our comprehensive offerings, including continuous monitoring, as well as governance, risk and compliance support to safeguard the confidentiality, integrity, and availability of vital systems and data.
 
 

IT Security and IA Policies

We partner with our clients to assess their existing information security policies and provide them with guidance to prevent and defend against unauthorized access to systems and data. Our IA expertise includes assisting agencies with the planning and policy development for system security operational, technical, and management controls to ensure full compliance with Federal Information Security Management Act (FISMA) and related statutes and directives.

IT Security and IA Policies

We partner with our clients to assess their existing information security policies and provide them with guidance to prevent and defend against unauthorized access to systems and data. Our IA expertise includes assisting agencies with the planning and policy development for system security operational, technical, and management controls to ensure full compliance with Federal Information Security Management Act (FISMA) and related statutes and directives.

 

Risk and Vulnerability Assessments

We evaluate IT systems based on the DoD Information Assurance Risk Management Framework (DIARMF) and agency-specific guidelines and standards to identify vulnerabilities. We conduct scans to determine if security controls are correctly implemented, meet acceptable configurations, and comply with established data integrity and security policies and standards. Our experts identify deviations and weaknesses, and assess the level of risk in order to make sound mitigation recommendations.

 

Risk and Vulnerability Assessments

We evaluate IT systems based on the DoD Information Assurance Risk Management Framework (DIARMF) and agency-specific guidelines and standards to identify vulnerabilities. We conduct scans to determine if security controls are correctly implemented, meet acceptable configurations, and comply with established data integrity and security policies and standards. Our experts identify deviations and weaknesses, and assess the level of risk in order to make sound mitigation recommendations.

 

Certification and Accreditation

We ensure systems are compliant with OMB, NIST, DoD Information Assurance Certification and Accreditation Process (DIACAP), and DIARMF regulations and standards. We bring a thorough understanding of Federal Assessment and Authorization (A&A) / Certification and Accreditation (C&A) processes for properly securing systems from initiation through Authority to Operate (ATO) to continuous monitoring. We work closely with our Government clients to define their security requirements, assist with completing required documentation, conduct system test and evaluation (ST&E) activities, and provide continuous monitoring support.

 

Security Audits and Plans of Action and Milestones (POA&Ms)

We conduct security audits of IT systems to test and assess their security posture and compliance with established standards. These include initial certification and continuous monitoring audits of systems to verify management, operational, technical and privacy controls based on regulatory standards and security best practices. As part of our risk mitigation approach, we develop, coordinate, and manage the POA&Ms and help ensure security findings are corrected in order for systems to continue to operate securely.

 

Security Audits and Plans of Action and Milestones (POA&Ms)

We conduct security audits of IT systems to test and assess their security posture and compliance with established standards. These include initial certification and continuous monitoring audits of systems to verify management, operational, technical and privacy controls based on regulatory standards and security best practices. As part of our risk mitigation approach, we develop, coordinate, and manage the POA&Ms and help ensure security findings are corrected in order for systems to continue to operate securely.

Succeeding within an Environment of Full Partnership with our Clients

Clients We Have Provided These Services To

Clients We Have Provided These Services To

 
General Services Administration

Federal Acquisition Service | U.S. General Services Administration

Department of the Treasury

U.S. Department of the Treasury

Department of Housing and Urban Development

U.S. Department of Housing and Urban Development

Department of Defense

Office of the Undersecretary of Defense | U.S. Department of Defense

 
 
Department of Homeland Security

U.S. Department of Homeland Security

Department of State

U.S. Department of State

Defense Intelligence Agency

U.S. Defense Intelligence Agency

 
General Services Administration

Federal Acquisition Service | U.S. General Services Administration

Department of the Treasury

U.S. Department of the Treasury

Department of Housing and Urban Development

U.S. Department of Housing and Urban Development

Department of Defense

Office of the Undersecretary of Defense | U.S. Department of Defense

Department of Homeland Security

U.S. Department of Homeland Security

Department of State

U.S. Department of State

Defense Intelligence Agency

U.S. Defense Intelligence Agency

 
 
 
 

Defense Intelligence Agency | Joint Intelligence Task Force Combating Terrorism (JITF-CT)

Orizon was awarded a prime contract from the Defense Intelligence Agency (DIA) in support of the DIA’s Knowledge Management efforts for the Joint Intelligence Task Force Combating Terrorism (JITF-CT). This required us to provide technical, operational, security, and programmatic support of JITF-CT systems and resources in order to improve the architecture for the next generation of DIA IT systems, and enhance DIA’s analytical and knowledge sharing capabilities for combatting terrorism.

For over 3 years, Orizon served as the JITF-CT Information System Security Officer (ISSO) providing Information Security (INFOSEC) and Information Systems Security (ISS) oversight and management for JITF-CT systems to ensure that all these systems maintained proper security and met their mission requirements. Orizon provided security engineering and architecture, and A&A/C&A support for the DCID 6/3 and ICD 503 processes; and provided INFOSEC/ISS management oversight for all JITF-CT information systems and INFOSEC/ISS processes. We participated in the development or revision of system-specific security safeguards, practices and local operating procedures and scheduled meetings with the Deputy for Operations, JITF-CT system stakeholders and security team to resolve inconsistencies.

 

Defense Intelligence Agency | Joint Intelligence Task Force Combating Terrorism (JITF-CT)

Orizon was awarded a prime contract from the Defense Intelligence Agency (DIA) in support of the DIA’s Knowledge Management efforts for the Joint Intelligence Task Force Combating Terrorism (JITF-CT). This required us to provide technical, operational, security, and programmatic support of JITF-CT systems and resources in order to improve the architecture for the next generation of DIA IT systems, and enhance DIA’s analytical and knowledge sharing capabilities for combatting terrorism.

For over 3 years, Orizon served as the JITF-CT Information System Security Officer (ISSO) providing Information Security (INFOSEC) and Information Systems Security (ISS) oversight and management for JITF-CT systems to ensure that all these systems maintained proper security and met their mission requirements. Orizon provided security engineering and architecture, and A&A/C&A support for the DCID 6/3 and ICD 503 processes; and provided INFOSEC/ISS management oversight for all JITF-CT information systems and INFOSEC/ISS processes. We participated in the development or revision of system-specific security safeguards, practices and local operating procedures and scheduled meetings with the Deputy for Operations, JITF-CT system stakeholders and security team to resolve inconsistencies.

 

U.S. Department of Housing and Urban Development | National Servicing Center

As part of the U.S. Department of Housing and Urban Development (HUD) Business Service Provider (BSP) prime contract, Orizon hosted the National Servicing Center (NSC) SAS Business Intelligence system, which included a three-tier architecture. We performed formal comprehensive annual security assessments of the system infrastructure in accordance with HUD-established IT system security policies and consistent with the NIST mandated information security guidelines. We performed a FIPS 199 impact analysis to identify the baseline control classification and worked with HUD staff to establish the minimum security requirements for the system according to FIPS 200 and NIST 800-53 requirements. We developed a security assessment plan for the system and, as part of annual security compliance, conducted an annual assessment of the overall system and SAS-specific security controls in accordance with NIST 800-26/NIST 800-53A guidelines.

 
 

U.S. Department of Housing and Urban Development | National Servicing Center

As part of the U.S. Department of Housing and Urban Development (HUD) Business Service Provider (BSP) prime contract, Orizon hosted the National Servicing Center (NSC) SAS Business Intelligence system, which included a three-tier architecture. We performed formal comprehensive annual security assessments of the system infrastructure in accordance with HUD-established IT system security policies and consistent with the NIST mandated information security guidelines. We performed a FIPS 199 impact analysis to identify the baseline control classification and worked with HUD staff to establish the minimum security requirements for the system according to FIPS 200 and NIST 800-53 requirements. We developed a security assessment plan for the system and, as part of annual security compliance, conducted an annual assessment of the overall system and SAS-specific security controls in accordance with NIST 800-26/NIST 800-53A guidelines.

 

Office of Naval Research

Orizon served as a prime contractor providing system engineering and software support to the Office of Naval Research (ONR) University Business Affairs Division for 5 years. The ONR, University Business Affairs performs post award administration services on contracts and grants with universities and non-profit organizations. Orizon was tasked with technical/development support for five critical DoD interfacing invoicing and contract payment systems. The systems support 1,400 personnel at ONR headquarters, five regional offices, and 420 colleges, universities, and research facilities.

As part of DoD Information Assurance Certification and Accreditation Process (DIACAP) mandates, we conducted DISA Security Technical Implementation Guides (STIGS) security vulnerability assessments on these systems to identify all vulnerabilities. This included performing complete database and application vulnerability scanning. Orizon remediated all security weaknesses found and completed the STIG documentation for submission to NETWARCOM. As a result, all systems were granted the ATO ahead of schedule.