Protecting and Defending Critical Information Systems

What is IA?

IA stands for Information Assurance and is formally defined as: "Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities." (DoDDI) 8500.01E

Information Assurance can be thought of as the universe within which Information Security resides. Information Security provides the tactical application of tools and techniques that support the objectives of the security architecture and design, such as firewall configuration and vulnerability analysis. Cyber Security, a sub set of Information Security, is the term we use to describe the operational activities that combat the threats.

In all cases, the goal is to protect the data and the system(s) that store and process that data, by providing appropriate levels of Confidentiality, Integrity, Availability, and Audit capabilities of the data -  and Identity and Access Management of the users.

Core Services:

IA Decisions  has the real world experience to bring your system to a successful Approval To Operate status, whether it’s network or cloud, within full ICD 503 compliance - from the start or transitioning from DCID 6/3. IA Decisions provides subject matter expertise in developing the Body of Evidence needed for the Authorization package, to include developing the security architecture that will meet your categorized level of controls.

IA Decisions provides end-to-end program support, from requirements collection and mapping, systems security architecture and design, and technology evaluation  to final functional testing. Cconcentrations in Identity and Access Management, Continuous Monitoring, and multiple levels of access across security domains as well as the enterprise.

Primary Industries / Communities of focus:

Since IA is where the Certification and Accreditation process resides, there is a C&A process that is specific to every industry. IA Decisions is experienced in the certification / accreditation processes in the Financial, Health, DOD, and Intelligence Communities, with heavy focus on the Intelligence Community (IC).

The C&A process in the IC is currently undergoing changes - changes  in how it perceives threats as well as technological advances that further advances the mission. It is moving from DCID 6/3 to ICD 503.  And, at the same time, it is moving from classic network to cloud infrastructure. IA Decisions understands these changes and can help you achieve the level of security that meets your system's mission.