Security Is In Our DNAsm
................................................................................................................................................................... Learn more about Nova Datacom below> Continuity Planning
> Security Solutions
> Technology Life Cycle Management
> Acquisition Management
..................................................................................................................................................................
Security Solutions
Nova Datacom provides solutions to meet these requirements by providing a wide range of services that ensure compliance with myriad legal and policy requirements of both public and private organizations. Security is in our DNASM.
> Federal Certification and Accreditation
> Commercial Certification and Accreditation
> Independent Verification and Validation
> Enterprise Architecture
> Critical Infrastructure Protection
> Network Infrastructure Services
> Server Infrastructure Services
> Security Services
...................................................................................................................................................................
Compliance Practice
The sharing of information among government and commercial organizations in today’s internet-centric world has made information security a critical objective. Organizations must develop and implement effective security programs for their information technology (IT) systems, which allow them to share information electronically while at the same time ensuring its confidentiality, integrity, and availability. Faced with a multitude of federal, state, and local security regulations, all organizations are balancing the primary mission of the organization with the costs and resources required to comply with these regulations. Effective compliance is a complex task and requires an integrated approach that incorporates security compliance into the organization’s business model.
Nova Datacom’s Compliance Practice within the Security Solutions offering responds to these security-related challenges by providing a wide range of services that ensure compliance with the myriad legal and policy requirements affecting both public and private sector organizations today.
Federal Compliance
The federal government realized the importance of ensuring confidentiality, integrity, and availability of critical information and instituted regulations and mandates encouraging government agencies to implement sound practices for protecting information. In order to ensure that security received the proper level of attention, federal government compliance with security requirements was tied to funding and the budgetary process. This was accomplished with the E-Government Act (Public Law 107-347), which was passed by the 107th Congress and signed into law by the President in December 2002. Furthermore, Title III of the E-Government Act, entitled the Federal Information Security Management Act (FISMA), requires each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source.
Supporting the implementation of FISMA in the Executive Branch is fundamentally a management responsibility of the Office of Management and Budget (OMB). For government agencies, OMB Circular A-130, Appendix III, Security of Federal Automated Information Resources, specifically required that IT systems be compliant with all federal mandates. Along with the Paperwork Reduction Act of 1995 and the Information Technology Management Reform Act of 1996 (Clinger-Cohen Act), FISMA explicitly emphasizes a risk-based approach for cost-effective security. Using the National Institute of Standards and Technology (NIST) Special Publication (SP) series as guidance, federal agencies must:
• Plan for security;
• Ensure that appropriate officials are assigned security responsibility;
• Periodically review the security controls in their information systems;
• Authorize system processing prior to operations and, periodically, thereafter.
Compliance begins with an evaluation of the management, operational, and technical controls in place for the security of an IT system and is the basis of certification and accreditation (C&A). Applied to individual systems, the C&A activities provide verification that the system’s security requirements are satisfied and the system is in compliance with FISMA and other government mandates and standards.