Tetra Tech is providing end-to-end cybersecurity support for a large federal client, including threat mitigation and incident response, security architecture, vulnerability management, risk management, and awareness training.
The legacy program for this client was compliance-oriented and consisted of completing required tasks and reporting as needed without considering proactive security and risk management. Our approach began with stabling a multi-functional program management office that clearly defined a governance structure and standards, and automated manual processes, policies, and procedures. We identified and remediated gaps in existing procedures and standardized incident response security measures for major cyber events and provided implementation support for forensics tools. In part, this approach included the provision of ongoing award-winning cybersecurity training, not only to address general awareness, but also emerging trends and how they can be implemented.
Services
- Security engineering
- Vulnerability scanning
- FedRAMP security assessments
- Cloud services
- Risk management
- Information System Security Officer (ISSO) services
- Security assessment
Tetra Tech’s approach included:
- Providing Information System Security Officer services, including Federal Risk and Authorization Management Program (FedRAMP) security assessments of cloud systems, maintaining cloud system authorizations through annual audits, and auditing and reporting on high value asset (HVA) systems
- Defining security policies and procedures
- Implementing and validating privacy controls, privacy impact assessments, and security control testing
- Performing vulnerability scanning, including providing operations support and conducting HVA assessments in accordance with a standardized evaluation methodology developed by our team
- Providing technical expertise and policy guidance to increase the resiliency and security of systems and data, led by our award-winning FedRAMP team members who educate and train stakeholders on using cloud services to protect data at all sensitivity levels
- Managing vulnerability assessment penetration testing activities by maintaining artifacts for rules of engagement and the integrated master schedule, providing supporting documents, and reporting systemic findings to senior leadership on a monthly basis
- Establishing the enterprise risk management program and supporting its day-to-day operations and strategic planning, including several key initiatives: the FedRAMP program, Information Security Continuous Monitoring/Continuous Diagnostics and Mitigation (CDM) program, and the Governance, Risk, and Compliance program
- Performing enterprise security assessments to review management practices and policies, performing baseline HVAs, and identifying ways to leverage continuous monitoring capabilities through the CDM program
- Performing assessments of engineering systems, system administration practices, storage engineering practices, and virtual machines, and documenting security infrastructure and architecture
Awards
- Federal Information System Security Educators Association (FISSEA) Award
- General Services Administration FedRAMP Five Award
- Information Technology Innovation Award
- Information Security Leadership Award for Community Awareness in the Government category