Our staff has supported many of the US Government agencies and services and a small number of commercial entities. While a list of deliverables does not adequately describe the support required for a trustworthy system implementation and operations, the list below is a detailed summary of the clients, roles and activities of our staff:
Our Clients:
Defense Information Systems Agency
Defense Information Systems Agency
• IT and Information Assurance Auditing
Department of State
• Operations and Maintenance
- Official Auditing Witness for the Department of State Machine Readable Travel Document (MRTD) Public Key Infrastructure (PKI) Key Generation Ceremony
- Developed and implemented internal audit processes and procedures
- Managed PKI CP/CPS Compliance Audit Process
- Developed and Implemented Incident Response Process and Procedures
Defense Logistics Agency
• Design, Engineering and Implementation Support
Department of Labor
• IT and Information Assurance Auditing
Department of Energy
• Design, Engineering and Implementation Support
Department of Treasury
• Design, Engineering and Implementation Support
Federal Bureau of Investigation
• Design, Engineering and Implementation Support
National Security Agency
• Security Design Evaluation
Department of Homeland Security
• Design, Engineering and Implementation Support
United States Navy – Space and Naval Warfare System Command (SPAWAR)
• Requirements Specification
Other Navy Support
• Training
United States Air Force
• Requirements Specification
United States Patent and Trademark Office (USPTO)
• Requirements Specification
Department of Justice (DoJ)
• Design, Engineering and Implementation Support
Department of Commerce (DoC)
• Certification and Accreditation Support
Department of State
Defense Logistics Agency
Department of Labor
Department of Energy
Department of Treasury
Federal Bureau of Investigation
National Security Agency
Department of Homeland Security
Navy – Space and Naval Warfare System Command (SPAWAR)
Air Force
United States Patent and Trademark Office (USPTO)
Department of Justice (DoJ)
Department of Commerce (DoC)
Our Experience:
- Primary Auditor for the Department of Defense (DoD) Public Key Infrastructure (PKI)
• Policy Development and Documentation
- Auditor for the Verisign DoD External Public Key Infrastructure (PKI)
- Auditor for the Operational Research Consultants (ORC) DoD External Public Key Infrastructure (PKI)
- Auditor for the DoD Public Key Infrastructure (PKI) Registration Authorities (RA) and Local Registration Authorities (LRA) at Air Force, Army, CIA, Defense Commissary Agency, Defense Finance and Accounting Service (DFAS), Defense Intellegence Agency (DIA), Department of Defense Education Activity (DoDEA), Defense Logistics Agency (DLA), Defense Threat Reduction Agency (DTRA), Navy, National Geospatial-Intelligence Agency (NGA), Tricare Management Agency, Marine Corp, and the Washington Headquarters Services (WHS) Office of the Secretary of Defense (OSD)
- Contributed to the development of the DoD Public Key Infrastructure (PKI) Audit Tool
- Contributed to the DoD Public Key Infrastructure Certification Practices Statement (CPS)
• Training
- Produced Requirements Compliance Training for the DoD Public Key Infrastructure (PKI)
• Design, Engineering and Implementation Support
- Developed Data Archive Strategy
- Produced Global Directory Service Architecture Load Balancing Study
- Operations Team for the Department of State Public Key Infrastructure (PKI)
• Design, Engineering and Implementation Support
- Performed Backup, Rekey and other security function operations for the Department of State Public Key Infrastructure (PKI)
- Operations Team for the Department of State Personal Identity Verification (PIV)/ Homeland Security Presidential Directive 12 (HSPD-12) System
- Operations Team for the Department of State Machine Readable Travel Document (MRTD) System (security system for the Electronic Passport System (e-passport))
- Developed and Implemented Change Request Process and Procedures
- Engineering support for the Department of State Public Key Infrastructure (PKI)
• IT and Information Assurance Auditing
- Engineering support for the Biometric Logical Access Development and Execution (BLADE) Project (smartcard/biometric network access implementation)
- Official Auditing Witness for the Department of State Active Directory Public Key Infrastructure (PKI) Key Generation Ceremony
• Certification and Accreditation Support
- Managed Certification and Accreditation Process for the DoS PKI, MRTD, and ClassNet PKI (CPKI) Systems
• Policy Development and Documentation
- Produced the Certification and Accreditation System Security Plan (SSP) for the DoS PKI, MRTD, and ClassNet PKI (CPKI) Systems
- Produced the Certification and Accreditation Contingency Plan (CP) for the DoS PKI, MRTD, and ClassNet PKI (CPKI) Systems
- Acted as internal certifier, producing the Certification and Accreditation Security Test and Evaluation Plan (STE Plan) and the Certification and Accreditation Security Test and Evaluation Results Report (STE Report) for the DoS PKI, and MRTD Systems
- Contributing author to the CPKI Certification Practices Statement (CPS)
- Recommended and Drafted Updates to the DoS PKI Certificate Policy (CP) and Certification Practices Statement (CPS)
- Produced Common Access Card (CAC) and Online Certificate Status Protocol (OCSP) Market Analysis
- Performed Automated Information Systems Risk Assessments for compliance with Presidential Decisions Directive 63 (PDD-63)
- Auditor for the Primary Certification Authority pre-Audit Review
- Upgraded the Department of Energy (DoE) Public Key Infrastructure (PKI) Systems at Pacific Northwest National Laboratories (PNNL) and DoE Headquarters
• Policy Development and Documentation
- Performed Migration of the Department of Energy (DoE) Directory Structure
- Implemented Federal Bridge Cross Certification
- Produced Build Scripts/Key Generation Scripts for the Department of Energy Primary Certification Authority (PCA) PKI
- Coordinated Build/Key Generation Ceremony for the Department of Energy Primary Certification Authority (PCA) PKI
- Contributed to the Department of Energy (DoE) Public Key Infrastructure (PKI) Certification Practices Statement (CPS)
- Drafted Department of Treasury Public Key Infrastructure (PKI) System Architecture
• Policy Development and Documentation
- Drafted and Implemented Department of Treasury Public Key Infrastructure (PKI) Backup Plan
- Technical Advisors for the Department of Treasury Bureau of Public Debt Certification Authority Implementation
- Produced Build Scripts/Key Generation Scripts for the Department of Treasury External Certification Authority (ECA)
- Coordinated Build/Key Generation Ceremony for the Department of Department of Treasury External Certification Authority (ECA)
- Produced Build Scripts/Key Generation Scripts for the Department of Treasury Root Certification Authority (RCA)
- Coordinated Build/Key Generation Ceremony for the Department of Department of Treasury Root Certification Authority (RCA)
- Operations and Engineering Support for the Department of the Treasury Public Key Infrastructure (PKI) and Directory Systems
- Drafted and Updated Treasury PKI Certification Practices Statement (CPS)
• Operations and Maintenance
- Maintained, Updated and Supported the Department of the Treasury PKI Systems
• IT and Information Assurance Auditing
- Support of the Department of the Treasury Root Certification Authority (CA) Audit
- Produced Federal Bureau of Investigation (FBI) Public Key Infrastructure (PKI) Failover Plan
• Operations and Maintenance
- Federal Bureau of Investigation (FBI) Public Key Infrastructure (PKI) Build Team and Key Generation Ceremony staff
- Implemented Cross Certification with the Federal Bridge PKI
- Drafted Federal Bureau of Investigation (FBI) Public Key Infrastructure (PKI) Operational Procedures
- Performed Software Patching and Maintenance
• IT and Information Assurance Auditing
- Provided Tier 2 User Support
- Implemented Backup Upgrade
- Recommended, Processed and Implemented Change Requests and upgrades
- Supported client rollout (30,000 Smartcards)
- Updated Federal Bureau of Investigation (FBI) Public Key Infrastructure (PKI) Installation plan and build procedures
- Updated Federal Bureau of Investigation (FBI) Public Key Infrastructure (PKI) Operations Manual
- Supported and Maintained the Federal Bureau of Investigation (FBI) Operational Test and Evaluation Facility (OTEF)
- Maintained and updated Federal Bureau of Investigation (FBI) directories
- Coordinated and Provided guidance for successful Federal Bridge Public Key Infrastructure (PKI) Audit
• Policy Development and Documentation
- Recommended and Drafted Policy Updates to the Certificate Policy (CP) and Certification Practices Statement (CPS)
• Training
- Developed and Contributed to training materials for Installations Teams and System Administrators
- Validators for the Common Criteria Evaluation and Validation Scheme (CCEVS)
• Design, Engineering and Implementation Support
- Security Certification Advocates for the Miniaturized Demand Assigned Multiple Access (Mini-DAMA) Terminal
- Systems Engineering for the MINTERM (KY-99) Secure voice/data terminal (miniaturized ANDVT)
• Training
- Produced Functional Design and Design test Procedures for the MINTERM Secure voice/data terminal
- Project Engineering for the Secure Telephone Unit III (STU-III) secure phones
- Produced System Documentation and handbooks for the use of cryptographic components
- Performed Test and Evaluation of the Secure Telephone Unit III (STU-III) secure phones
- Produced and presented training materials for the use of cryptographic components
- Produced and presented training materials for the Common Criteria Evaluation and Validation Scheme (CCEVS)
- Produced Build Scripts/Key Generation Scripts for the Department of Homeland Security Root Certification Authority (CA) PKI
- Coordinated Build/Key Generation for the Department of Homeland Security Root Certification Authority (CA) PKI
- Developed Requirements and Specifications for the Navy Key Distribution System
• Security Design Evaluation
- Project Engineering and Management for the SPAWAR Information Security Engineering Support (ISES) and Communications Security Engineering Support (CSES) Efforts
• Design, Engineering and Implementation Support
- Security and Cryptographic Engineering Guidance for multiple DoD and Navy projects including the Joint Tactical Information Distribution System (JTIDS), Multifunctional Information Distribution System (MIDS), Miniaturized Demand Assigned Multiple Access Terminal (Mini-DAMA), Message Oriented Data Security Module (MODSM) and other Navy systems
- Key Management Planning and Documentation for multiple cryptographic equipments including the Joint Tactical Information Distribution System (JTIDS), Multifunctional Information Distribution System (MIDS), Miniaturized Demand Assigned Multiple Access Terminal (Mini-DAMA), Message Oriented Data Security Module (MODSM) and other Navy systems
- Engineering Development and Documentation for the Navy Embeddable Infosec Product (EIP) program
• Certification and Accreditation Support
- Certification Documentation for the multiple DoD and Navy projects including the Joint Tactical Information Distribution System (JTIDS), Multifunctional Information Distribution System (MIDS), Miniaturized Demand Assigned Multiple Access Terminal (Mini-DAMA), Message Oriented Data Security Module (MODSM) and other Navy systems
- Developed Training Plan for Navy Public Key Infrastructure (PKI) Auditors
- Requirements Specification for the Air Force Electronic Key Distribution Specification (AFEKDS)
- Requirements Identification, Documentation and Management for the USPTO Enterprise Wide-Login (EWL) Single Sign-on System
• Design, Engineering and Implementation Support
- Coordinated and Evaluated Vendor Solutions for the USPTO Enterprise Wide-Login (EWL) Single Sign-on System
- Design and Implementation of the USPTO PKI System
• Policy Development and Documentation
- Design and Implementation to the Initial Electronic Filing System (EFS)
- Support to the Initial Trinet Truepass System
- Draft USPTO Public Key Infrastructure (PKI) Certification Practices Statement (CPS)
- Engineering support for the DoJ Root CA Public Key Infrastructure (PKI)
• Operations and Maintenance
- Tested and Implemented Federal Bridge Cross Certification
- Build team and Key Generation Ceremony staff
- Engineering support for the DoJ Root CA PKI
• IT and Information Assurance Auditing
- Coordinated Federal Bridge PKI Audit
• Policy Development and Documentation
- Recommended and Drafted Policy Updates to the Certificate Policy (CP) and Certification Practices Statement (CPS)
- Produced the Certification and Accreditation System Security Plan (SSP) for the DoC Backbone Network
- Produced the Certification and Accreditation Security Test and Evaluation Plan (STE Plan) for the DoC Backbone Network
- Produced the Certification and Accreditation Security Test and Evaluation Results Report (STE Report) for the DoC Backbone Network
- Produced the Certification and Accreditation Plan of Actions and Milestones (POA&M) for the DoC Backbone Network
- Contributed to the Certification and Accreditation Risk Assessment for the DoC Backbone Network
- Contributed to the Certification and Accreditation Configuration Management Plan for the DoC Backbone Network
- Contributed to the Certification and Accreditation Contingency Plan for the DoC Backbone Network