Capabilities Compliance Services

Capabilities Compliance Services

ST&E

TDI is a recognized leader in the examination and analysis of the safeguards required to protect your organization. TDI can help you ensure that a comprehensive ST&E activity is planned and conducted.

An ST&E is essential to the Certification and Accreditation process directly required by the Federal Information Security Management Act (FISMA). An ST&E is used to determine a Major Application or General Support System's compliance with defined security control requirements according to NIST SP 800-53A and any organization-specific guidelines. Historically, ST&Es have been conducted on a prescribed and limited system boundary vertical testing. This vertical testing excludes the potential risk to the entire horizontal IT environment. Vertical testing is similar to testing a single link without regard for the other links and the chain as a whole. TDI takes a horizontal testing approach in addition to the vertical testing that allows for true end-to-end testing of business process continuity. Horizontal and vertical tests augment the ST&E efforts by allowing for an iterative testing approach. The TDI approach to conducting an ST&E includes the review of systems and products comprising the IT environment at an organization with emphasis on FISMA compliance. Our testing is comprehensive, including examination of aspects such as personnel security, security training and awareness, incident response training and management, logical and physical security controls within an application or facility, operational security, integrity of both application payload and data, and security of data in-motion and at-rest. TDI's ST&E efforts involve multiple tasks, each aimed at satisfying particular FISMA requirements and culminating in the development of an ST&E report (often referred to as a Security Assessment Report or SAR), and if necessary a Plan of Action and Milestones (POA&M). Our security engineers are well versed in evaluating the technical implementation of a security design and ascertaining if the software, hardware, and firmware features affecting confidentiality, integrity, availability, and accountability have been implemented properly. TDI is a recognized leader in helping organizations perform all of their ST&E needs and is ready to help you.