Case StudySCRGT’s responsive solutions make positive impacts on missions and lives.
Case Study: Cyber Security
Customer: Federal Bureau of Investigation (FBI), Office of the Chief Information Officer (OCIO)
The FBI’s Office of the Chief Information Officer (OCIO) leads the agency’s efforts to protect information, defend information systems and cyber networks, provide integrated situational awareness, transform and enable information assurance (IA) capabilities, and create an IA-empowered workforce. The OCIO’s Information Assurance Section (IAS) program requirements are driven by mission needs. Given the FBI’s intelligence, national security, and law enforcement missions, it’s IA programs must be compliant with federal regulations, policies, and standards, including those of the Office of the Director of National Intelligence (ODNI), Committee on National Security Systems (CNSS), and Department of Justice (DoJ).
With growing cyber threats and technological advances of malicious actors, the FBI needed a broad range of technical and analytical services to support its cyber security program in a flexible and expedient manner. The FBI needed the expertise to:
- Provide frameworks for security engineering, security architecture, and cyber security governance. Assist in formulating strategies and then developing cyber security policies and information security (InfoSec) awareness materials.
- Develop scorecards for cyber security-related metrics to show the health of the FBI’s overall cyber security posture.
- Operate a cyber security help desk to support the FBI InfoSec community by establishing a new team of Virtual Information Systems Security Officers.
- Enforce and maintain the Federal Information Security Modernization Act (FISMA) by delivering a team of cyber security auditors to facilitate audits and remediate findings and recommendations.
In 2018, the FBI selected Salient CRGT (SCRGT) to provide a diverse set of highly cleared cyber security talent, including Information Systems Security Officers (ISSOs), cyber security engineers, information system auditors, data analysts, and incident responders. We delivered a comprehensive approach, enabling oversight of all activities using well-defined, FBI-aligned processes that efficiently and flexibly supported FBI’s programs by enhancing its systems’ security posture. In support of the Security Assessment and Authorization process, we provided near real-time risk management and continuous authorization of IT systems through an effective continuous monitoring process.
SCRGT employed tools such as Cisco FireSIGHT management console and FirePOWER IDS/IPS, McAfee Endpoint Security, Splunk, and Wireshark, as well as in-house developed tools to support FISMA requirements, maintain documentation, assist with adjudication of security controls, and perform system and security engineering tasks in support of the FBI’s 24x7x365 operations.
We deliver cyber security engineering projects using a hybrid agile methodology, including Kanban and Scrum practices. These projects include designing strategies to mitigate known risks within the FBI’s infrastructure and making recommendations for cloud, on-premise, and hybrid environments.
SCRGT has exceeded requirements for all program criteria and measurements, including delivery of highly cleared, sought-after cyber security talent in an expedient manner. We successfully deployed cyber security engineers and ISSOs to seven discrete FBI divisions and offices. Our Virtual Information Systems Security Officers team quickly became known as the “center of excellence” for the FBI InfoSec community by providing unparalleled support and training. Our engineers have been recognized through multiple customer awards, including the prestigious Assistant Director’s Award for Teamwork. Our cyber security audit team was also recognized by multiple Unit Chiefs and received four official FBI commendations due to the significant improvement of FISMA audit results.