Information security is an integral and indispensable part of all mission operations that involves ongoing planning, assessment, protection, detection, response, mitigation, and training. ERT brings the full range of defensive cyber security capabilities to protect and secure our customers information assets and mission applications.
- Risk Management: ERT security experts work with customers to develop, review, and maintain system security plans, policies, procedures, and best practices to effectively identify and manage system and mission risks. Our approach based on the National Institute of Standards and Technology (NIST)’s Risk Management Framework, Federal Information Processing Standards (FIPS), and industry best practices provides customers with assurance against cyber threats and disasters – ensuring mission continuity and resilience.
- Network Defense: ERT is experienced in optimizing and applying network defense strategies suited for customers’ mission operational security needs. From Defense-in-Depth to Zero Trust Networks to Continuous Diagnostics and Mitigation, ERT has experience implementing the appropriate design, monitoring and control tools, incident response and countermeasures, and security procedures to protect system boundaries, interfaces and access – providing authorized users transparent security to their applications while preventing unauthorized access.
- Information Assurance: ERT IA practitioners help ISSOs and ISSMs to achieve and maintain system compliance with NIST Special Publication (SP) 800 series guidelines and FISMA regulations through assessment and authorization (A&A) processes. We provide expertise to evaluate and manage security controls, and conduct independent verification and validation (IV&V) through vulnerability scans and penetration tests. Our practitioners conduct reviews and audits to ensure IT security governance and compliance – so ISSOs and ISSMs can rest assured.
- DevSecOps: ERT tailors our Agile DevSecOps methodologies to effectively integrate security with software development and IT infrastructure operations. Our DevSecOps approach verifies security practices and requirements are incorporated into every step of the system and software development lifecycle process – providing customers assurance their applications and data are secure and protected.
Example projects: NOAA SARSAT, NOAA NCEI, NOAA NESDIS OCIO