Information Assurance Specialist

Company: Amyx

Apply Now
General Information
US-OK-Oklahoma City
N/A
Not Specified
Full-Time
At least 5 year(s)
Not Specified
False
False
Job Description

DLA Document Services is a field activity of the Defense Logistics Agency (DLA) and is assigned by DOD policy the responsibility to provide document output, management, and automation services encompassing electronic conversion, retrieval, output and distribution of digital and hardcopy information. DLA Document Services has developed many Electronic Document Management (EDM) solutions over the years, tailored for the customer and individually designed, acquired, and deployed at various DLA Document Services locations. As part of the Federal Data Center Consolidation Initiative (FDCCI) DLA Document Services has consolidated systems and applications at facilities in Philadelphia, PA, and Oklahoma City, OK. The consolidation of systems and applications into these locations will improve DLA Document Services critical infrastructure protection, ensure standardization of continuity of operations (COOP), increase enterprise utilization of resources, and reduce overall operating costs.

Provide security architecture, policy and design guidance for business systems and networks. Contractor resource will also provide Information Security Certification and Accreditation Support for applications, systems and networks in accordance with appropriate DOD and DLA policies and processes.

Overall IA Support
The vendor will review, coordinate, and recommend IA standards and protocols for cost effective application in accordance with the Department of Defense’s (DOD) Defense in Depth (DID) strategies and supporting documentation as specified in the individual tasks. The vendor will ensure compliance with Federal, DOD and DLA information technology and security requirements, policies, procedures and standards as applicable.

Certification and Accreditation Process Execution
The vendor will provide IA program support to DLA to ensure compliance with DOD and DLA IA policy. Vendor personnel performing under this task order shall have extensive knowledge of the DOD Information Assurance Certification and Accreditation Process (DIACAP)). In addition, to support DLA’s Federal Information Security Management Act (FISMA) reporting requirements, contractor program and project management personnel shall possess an in-depth knowledge of general Certification and Accreditation principles as stated in the NIST 800-37 and 53 standards.

The vendor will provide support to include, but not be limited to:

  • Support DLA in the implementation of the DIACAP, Recommend processes in accordance with the DIACAP; Participate in process activities; Document the results of those activities.
  • Track the expiration of all Accreditation Decisions (for example interim, denial and authority to operate) and the submission of DIACAP packages throughout the system’s development lifecycle.
  • Track incomplete DIACAP packages and completed accreditations (IATO &ATO) through the HQ DLA review and approval process until signed by the Designated Approving Authority (DAA).

    Maintain status tracking and vulnerability information in the DLA approved status tracking tools.

    Analysis Support
    The vendor will perform analyses to validate established security requirements and to recommend additional security requirements. This shall include, but not be limited to: Analyze the DIACAP package, assess the adequacy of the required protective measures, assess residual risk, and provide support to DLA to determine the readiness of the system for accreditation. Recommend, for detected vulnerabilities that could preclude accreditation, management, operational, or technical controls to include human procedures, software configuration parameters, system changes, or combinations thereof to mitigate the risk associated with the vulnerability.
  • Perform technical reviews of documented security certification results normally submitted in the DIACAP format to assess their completeness and identify system vulnerabilities and weaknesses.
  • Perform security certification and accreditation reviews, and verify and validate implementation of DODI 8500.2 controls based on the Mission Assurance Category (MAC) and data sensitivity levels.
  • Verify compliance with DODI 8510.01 (DIACAP) and DLA policy requirements.
  • Analyze vulnerability scans and Security Readiness Review (SRR) results, STIG compliance and deficiencies of all forms identified during internal and external IA reviews. Vendor support personnel will ensure that deficiencies and vulnerabilities are included in a Plan of Action and Milestones (POA&M) and are tracked until the Government has implemented adequate mitigation measures.

    Security Documentation Support
    Document DIACAP packages, and provide accreditation recommendations that are supported by the identified vulnerabilities, weaknesses and status of packages As required, develop inputs for the update of policy, guides, handbooks, and training material on the DOD and Defense Logistics Agency Certification and Accreditation (DLA C&A) process, operating procedures and best practices Support DLA in its compliance assessment efforts by developing, implementing and operating an IACV compliance assessment program. The evidence gathered and archived during these IACV site assessment visits will be analyzed against the security findings detailed in the target system’s C&A package to determine the level of adequateness with which the developed DIACAP packages are authored. Provide security architecture, policy and design guidance for business systems and networks. Contractor resource will also provide Information Security Certification and Accreditation Support for applications, systems and networks in accordance with appropriate DOD and DLA policies and processes.
    • Job Requirements

    Certification and Accreditation (C&A) in DIACAP disciplines. They should have in-depth experience with regards to the following DIACAP technical and functional capabilities..

     

    • Must hold a DOD 8570 IAM III certification
    • Four years general IT experience.
    • Six years IA experience
    • Six years C&A experience
    • Ten years Information Security experience
    • DIACAP C&A program overview, gap analysis and policy creation experience
    • DIACAP Independent Verification and Validation (IV&V) experience
    • DIACAP Subject Matter Expertise (SME) and consulting experience
    • DIACAP Security Testing and Evaluations (ST&E) experience
    • Information Assurance Officer (IAO) staffing augmentation experience
    • NIST & DIACAP technical writing support experience
     

    • Must have an active DOD Secret Clearance

     

     

    Apply Now