The NOS OCIO has contracted with ERT to conduct the first ever penetration test for NOS systems across the SSMC. These tests, performed by highly skilled security engineers with Certified Ethical Hacker (CEH) and Certified information System Security Professional (CISSP) certifications, will provide a none intrusive real world perspective on potential vulnerabilities to common current threats, both internal and external to the NOS domain. This NOS initiative will provide system ISSOs and systems engineers a better understanding in order to justify and prioritize the critical tradeoffs necessary for informed risk management in today’s dynamic IT environment.
Penetration Testing at ERT
Penetration testing, an element of FISMA-required Continuous Monitoring, is a separate and specialized discipline within the IT Security profession. Pen Testers must be seasoned IT professionals with hands-on systems expertise, who understand the nuances of the latest technical and human security threats along with the importance of sensitivities of establishing and following a well-defined set of Rules of Engagement (ROE) coordinated across client domains.
Our Penetration Tests catalog and evaluate numerous dimensions of the system. Upon test completions we provide results in formal reports, logs, stakeholder briefings, and recommendations. In addition to the NOS project, ERT is also committed to providing a similar service as part of our ongoing support for the NESDIS CIO. These tasks are generally focused, firm fixed price efforts with immediate results and tangible benefits.