In support of the Universal Service Administrative Company, TDI provided a broad range of cybersecurity compliance and technical services.

TDI was responsible for revising and implementing the entire network architecture at USAC by supporting the USAC IT Division with high-end consulting services. TDI performed a successive series of tasks that, in concert, provided a thorough understanding of USAC’s security infrastructure. Initially, TDI performed policy, procedures, and process reviews. We coupled this with reviews of USAC architecture and system and network device implementations. TDI then performed an internal vulnerability assessment. Our internal assessment included multiple scans and probes, system configuration reviews, and interviews with USAC personnel. After the internal assessment, we performed an external assessment with the aim of gaining access to the internal USAC network. Additionally, this effort provided an external view of USAC’s publicly accessible devices. Using the results from these efforts, we compiled a list of findings that ultimately required remediation. Relying on National Institute of Standards and Technology (NIST) guidance, we then assigned a numerical risk metric and prioritized the risks. Finally, TDI entered the findings into a Remediation Plan that provided USAC with a roadmap for becoming compliant with government requirements and for taking remedial action to address said findings; this was ultimately translated into a Plan of Actions & Milestones.

TDI then developed USAC’s IT security policies and procedures while considering several essential elements: gap analysis findings, current and previous assessment/audit findings, departmental guidance, industry best practices, and legislative and executive mandates and guidance. Each element contributed key aspects to the overall policy development. The USAC Security Policy’s content was developed to be consistent with NIST SP 800-26. Along with this, TDI developed an Incident Response Plan for USAC that was fully compliant with U.S. Federal Communications Commission guidelines.

TDI also conducted a Business Continuity Plan, Disaster Recovery Plan, and Continuity of Operations Plan development effort. TDI determined how USAC conducted business as a crucial step in effectively providing a roadmap for business continuity. Using a combination of interviews, surveys, observations, and studying existing program documentation, we fully evaluated USAC’s backup infrastructure, off-site storage requirements, business unit processes, and business model.

To meet USAC’s need for compliance with federal regulations related to security of audit trails for improved accountability and forensic practices, TDI implemented a centralized logging solution. Our goal was to identify and implement an existing solution or develop the solution ourselves. TDI’s efforts included the design for logging/auditing, audit log management, determining auditable events, a log migration strategy, means for log storage, the type of normalized raw log format, and log data analysis. Once the solution for centralized logging was deployed, TDI ensured that production systems were properly transmitting log data to the central server.

TDI intensely researched commercial and freeware Security Information Event Management and other related products used to consolidate and analyze the logs of cyber solutions and other systems. TDI performed an asset inventory of all available USAC network assets, including servers, routers, firewalls, switches, etc. Our efforts ensured our solution requirements for the centralized collection, storage, and analysis of all USAC system logs was built such that future reconstruction and assessments are possible.

Management of vast amounts of log data was the essential problem that TDI overcame. Subsequently, we determined how log data should be handled such that it could be analyzed, migrated into log data from other systems, and stored correctly. TDI determined the appropriate combination of auditable components, including system events, system changes, keystrokes, system calls, and application level events. TDI also addressed the components for proper log data transmission: guaranteeing delivery, securing delivery, and assuring a balanced network load. We helped determine, rewrite and apply USAC’s requirements for log data storage to dictate how long data should be retained altogether, how long it should reside on a local device, and whether it should remain onsite. TDI then developed a solution that normalized log data from various USAC systems. Finally, to establish patterns of misuse and completely reconstruct user behavior at USAC, TDI’s collection and centralized storage of raw system logs allowed data mining and forensic and statistical analysis to be performed.

All told, TDI spent many years supporting USAC and advancing their cybersecurity risk posture.

Testimonials

Don’t take it from us, hear what our clients have to say about TDI

“TDI’s approach to Managed Cybersecurity Performance (MCP) has been a game changer for us. We now have added visibility and insight to better understand risk and the ROI (return on investment) we’re receiving from our other security provider. Our security program continues to mature and we’re able to maintain continuous compliance. MCP gives me one less thing to worry about and frankly makes my job easier.””
Johnny Yang
Director Information Security & Compliance
“TDI always provides top notch personnel that meet or exceed the requirements of the contract. Their deliverables, reports, and technical aptitude are bar none. We will continue to hire TDI … they always come through for us and our end customers.”
Emilio Gonzalez
Joint Strike Fighter Program Manager
“[TDI Employee] You are the Man !! Thanks so much for the quick turn around.”
W.A. Harrison
USAJOBS Program Office Deputy Program Director
“The most appealing part of the engagement was the development of the 10-year strategic security plan for our mutual client. The quality of the thinking and input into the deliverables was exceptional.”
Bruce Gnatowski
Director Verizon Global Services
“On behalf of MCSC, PdM TFITS, Manpower Team, I would like to express our appreciation for the excellence in leadership & teamwork demonstrated by [TDI Staff] over the past 18 months. Her role as a lead IA professional was carried out in a manner above and beyond expectations.”
Beverly Walker
USMC Manpower Branch Manager
“Highly skilled and knows their work. . . exceptional at task preparation & reduced time to perform tasks by 90%. TDI brings quality & care to the table. Lots of companies have good people, but TDI employees really care about the work they do & the collective customers we support.”
Deron Burba
Smithsonian CIO
“TDI and its staff provided high quality testing engagements followed up by concise easy to understand reports. They clearly showed adherence to tasks schedule and offer adequate frequency of client/customer interaction resulting in a very satisfied customer.”
Carla Little-Kopach
Chief, DARPA SSO BPA
“TDI has proven an invaluable asset to the mission of the CTO…have strengthened the overall IA posture of the DEA Enterprise…and continues to further innovate and provide solutions that help sharpen the overriding information technology goals and mission of the Office of the CTO.”
Mark Shafernich
CTO, DEA

Related Case Studies

All Case Studies
Monster calls on TDI to support its cyber requirements and scare away risk

As Monster’s cybersecurity partner for over a decade, TDI helped Monster navigate the difficult waters of Federal compliance by conducting A&A & other cyber efforts delivering roadmaps to protection
We’ve fortified Smithsonian’s cyber for the better part of 2 decades

Our engineers have been embedded at Smithsonian longer than much of their own staff & we appreciate this honor & their trust to provide A&A, pen testing, training, business continuity, & more.
World’s most advanced & costly fighter jet. Who can fly in to secure it. TDI

TDI provided cybersecurity services to the Joint Strike Fighter for its enterprise of 14 networks, providing Certification and Accreditation management, security operations, and security consulting.

nSights Report


X