Information Technology Security Services

ARC IT Security Services: Information Security Solutions That Work!

The ARC Security Services, and Information System Security Line of Business (ISSLOB) Shared Services Center (SSC), provides agencies with proven Certification and Accreditation (C&A) services. Other services provided include continuous monitoring, vulnerability testing and assessment and security program review and consulting.

As an established leader, ARC's IT Security Services staff delivers security support to other federal agencies, while improving quality, accelerating delivery, and reducing costs.

Our proven reliable security services are executed by a highly skilled and respected staff working in conjunction with support staff and industry leading private-sector companies.

Our C&A process includes:

• Security Assessment
• Rules of Engagement
• Assessment Summary Reports
• Issue Resolution (IR) Documentation
• Plan of Action and Milestones
• Security Assessment Report

To help prepare your agency for C&A activities, we will work with you to develop or update:

• FIPS 199 Security Categorization
• System Security Plan
• Threat/Vulnerability Assessment
• Memorandums of Understanding/Interconnection Security Agreements
• Privacy Impact Assessment (PIA)
• E-Authentication Risk Assessment

Vulnerability Testing and Assessment

ARC security analysis utilizes advanced methods for vulnerability detection. An objective assessment is provided for each vulnerability and associated risk based on existing controls, probability of occurrence, and impact to the confidentiality, integrity, and availability of the system. The assessment includes the following security testing options:

• Application
• Database
• Website Application
• Network
• Server
• Workstation
• Public Branch Exchange (War Dialing)
• Perimeter
• Router Configuration Review

Security Review and Consulting

Call on ARC IT Professionals for in-depth security assessments and consulting services, including the following:

• Initial on-site review and assessment of your security program to determine C&A effort
• Performance of all security-related tasks and activities to assess the current state of information security programs and information systems according to federal regulations, laws and NIST standards including the review of security policies, processes, procedures, documentation, previous audits, and interviews of personnel involved in the management and operation of the information system. A full assessment report is prepared at the conclusion of the security review
• Assistance with compiling FISMA reports, as well as help with getting security programs into FISMA compliance
• Development of security documentation (e.g., security plan, business impact assessment)
• Continuous monitoring activities such as development of a continuous monitoring plan, review and update of security documentation, security controls testing, etc.
• Architecture Review
• Code Review

Service Availability

Hours of availability for security analysts are negotiated on a per-client basis.