success stories

NWS Assessment and Authorization / Penetration Testing

Background:

GAMA-1’s NWS EWSS AA contract, we manage and develop an IT security program and operational environment which involves assessing, penetration testing, analyzing, monitoring, and mitigating risks

Solution:

GAMA-1 ensures consistency of our product and service, which is key to our customer satisfaction the A&A team conducts assessment findings reviews to assure that the finding, vulnerability, threat, threat agent, existing safeguards, consequence, and recommended mitigation tasks, procedures / processes are executed exactly as intended every time. In addition, consistent datasets are used as baselines to attest to the quality of our data. Agile continuous improvement  plans re-define the product to make certain we are always ahead of the curve by proactively integrating new IT security policies, procedures, templates, and checklists. Skilled Project Managers and Leadership provide collaboration sessions to encourage multidisciplinary collaboration while creating a unified vision to manage the overall contract so that support staff can execute a comprehensive IT security program within the National Weather Service (NWS) in support of the ACIO.

Outcomes:

For FY2019 our Information Security Assessment and Accreditation (A&A) Specialist support an enterprise wide service performing 19 standardized, reliable, and high quality annual assessments for all the NWS FISMA high, and moderate systems, to include 13 penetration tests for 5 high, and 8 moderate FISMA systems. 

Our 30+ CISSP certified professionals ensure that all 25 high, moderate, and low NWS FISMA systems maintain continuous quality for system security plans, IT security policies and procedures, corrective action plans (POA&Ms); and all other core system documentation located in CSAM.

 

“NWS/OCIO – I wanted to let you know how much the Alaska Region appreciated your team (GAMA-1), and how they conducted the A&A Review. Andrew and his team were consummate professionals there to provide meaningful assistance and feedback to solve problems. I received extremely positive feedback from the Alaska Region participants regarding the team, and their performance. This is a testimony to both yours and Andrew’s leadership, and the quality and competence of the individuals on the A&A team. Thank you (GAMA-1) for the proactive, professional attitude you brought to the Alaska Region A&A to improve our IT security posture.” 

~ Carven Scott – Regional Director

CLIENT
National Weather Service
SERVICES
  • Conduct system assessment to validate compliance with NIST RMF, DOC, NOAA, and NWS, IT standards and security policies to provide sound decision guidance to the Authorizing Official (AO) that explicitly accepts the risk to agency operations to grant the system the Authorization to Operate (ATO).
  • Conduct system assessment findings to assure that the findings, vulnerability, threat, threat agent, existing safeguards, consequence, recommended mitigation tasks, procedures / processes are communicated to the Authorizing Official (AO) and System Owner (SO) so that they may eliminate gaps in their risk management program.
YEAR(S)
2018 – Present