At Sevatec we view Information Assurance (IA) as a comprehensive security architecture that addresses the five principles of security: Confidentiality, Access Control, Systems Integrity, Audit and Non-Repudiation, and Identification and Authentication. Our approach to IA incorporates evolving federal regulations such as Presidential Decision Directive-63, the Government Information Security Reform Act (GISRA) of 2000 and the Office of Management and Budget (OMB) Circular A-130; NIH Information Security policies and guidelines; National Information Standards and Technology (NIST) guidelines; and industry best practices.

Our approach is to integrate Information Assurance (IA) into the Software Development Life Cycle and view information data as a process, not a singular event. From a security point of view, access to data must be protected and access restricted to only those known and permitted parties. Threats posed to data include unauthorized users such as internal staff, general Internet hackers and – most threatening – industrial espionage hackers. Additional concerns include the HIPAA, or the Healthcare Information Portability and Assurance Act, which requires that Federal agencies provide as complete as possible protection for citizen information such as Social Security numbers, illness information, genetic data, and other valuable data points.

The US Government is confronted with several security issues, such as compliance with Federal and State policies; information assurance, privacy, integrity, and unauthorized access; certification and accreditation; critical infrastructure protection including secure back-ups and redundancy to support disaster recovery and business resumption; and logging and auditing in support of security incident identification, escalation, reporting, and legal recourse. To address these issues, mitigate these risks and protect government enterprises form new threats and vulnerabilities, defining and enforcing security requirements, employing security engineers and architects, and conducting security analysis, assessments and penetration tests are critical to proactively hardening and guarding telecommunications and information systems. Sevatec's IA implementation builds confidence, assurance and integrity throughout the enterprise, component by component.

Sevatec is an experienced provider of security services for government clients. Our security services include the preparation of security requirements, system security plans, secure design solutions, risk assessments, and security evaluations and tests. We provide security requirements research, definition and validation supporting the preparation of testable, baseline security requirements that encompass government standards and policies, agency and department specific requirements, and industry best practices. From these baseline security requirements, we are able to provide overall security evaluations and assessments for government facilities including physical, information systems, telecommunications systems, and contingency preparedness. Furthermore, we provide system life cycle security engineering from system planning to system accreditation to ongoing system security maintenance.

Our Enterprise Security Life Cycle (ESLC) methodology implements security analyses, processes, techniques, and tools to proactively improve, harden, stabilize, and maintain a heightened security posture and to assist our clients in the development and promulgation of information technology management and information security programs across personnel, information, infrastructure and operating assets and risks. As support to the program management function, the proactive identification of security risks and a mitigation plan are crafted to ensure successful development and operations. Our approach allows for sequential execution (e.g., from establishing security requirements to providing engineering support to assessing and testing against the security requirements) and individual execution (e.g., only conducting a security assessment).

Contact us to learn more!