Services

Cyber Security

Complete and comprehensive support for security offerings and Information assurance (IA) programs. Access and Implement integrated solutions for physical, technical, operations, personnel, computer and communication security requirements.  From Vulnerability Assessments to Information Assurance, Monitoring and Traffic Analysis to Information Operations, RJIT's integrated cybersecurity solutions safeguard mission-critical systems against the widest range of internal and external threats. RJIT’s end-to-end defense in depth solutions constantly monitor and protect against breach, fraud, theft and sabotage.

No matter how complex the system or threat, RJIT is trusted to deliver a proven, powerful line of cyber defense solutions. 

  • Information Security Program Development- Assist client senior management in policy development, standard operating procedure implementation, guide/manage critical projects, and metrics reporting and technical documentation template development.
  • Security Control Framework implementation- navigate the complexities of industry frameworks such as RMF, ISO, and PCI-DSS to identify the most appropriate standard(s) for client organizations.
  • Security Assessment and Authorization (SA&A) - SA&A package artifact preparation (FIPS 199, Control implementation summary (CIS), System Security Plan (SSP), Contingency plan (CP), Incident response plan (IRP), Configuration management plan (CMP), Privacy impact assessment (PIA), e-Authentication workbook, and Policies/procedures) and Security Control Assessment (SCA) activities.
  • Security architectural engineering and systems integration- Plan, design, and deploy security-enabling tools, technologies, and services across all system layers and embed security into all phases of the system development lifecycle (SDLC).
  • Continuous Diagnostics and Mitigation (CDM) and Vulnerability management- Provide on premise services for continuous monitoring of information systems. Provide asset detection, vulnerability assessment, configuration deviation detection, and event log management and monitoring.
  • Business & Requirements Analysis & Modeling- Using Business case analysis to help determine the cost/benefits, while approaching information technology services from the business perspective as the driving force for architecting systems solutions.
  • Privacy Risk Management- Identify privacy requirements, inventory organizational data, design data classification schemes, develop policies and procedures, and conduct training and awareness.
  • Security Compliance Assessments- Perform audits and compliance assessments against standards and regulations such as FedRAMP, NIST/FISMA, ISO 27001, HIPAA/HITECH, and A-123.
  • Managed Network Operations Center (NOC)/ Security Operation Center (SOC) services
  • Flow-based network monitoring- help identify network layer DDoS attacks in real time
  • Malware and malicious traffic analysis
  • Endpoint / insider threat protection
  • Centralized Log management solution implementation- ArcSight, Splunk, TripWire
  • Forensics and Incident Response- Help organizations prepare for an incident by defining response procedures and clarifying roles and responsibilities. Investigate security breaches and other incidents to determine the extent of damage. Review system activity logs to reconstruct events and identify the root cause and source of the attack
  • Network Perimeter defense and DDoS protection

Capabilities

Robust Portfolio of Cybersecurity Products and Technologies

Enterprise Information Assurance (IA) Solutions and Services

  • Security Program Development
  • Risk Management Framework
  • Cross-Domain Information Sharing
  • Data protection
  • Perimeter defense
  • Cryptographic solutions
  • Public Key Infrastructure (PKI)
  • Certification and accreditation (C&A)
  • Firewall installation and management
  • Security architectural engineering and systems integration
  • Threat and vulnerability management and remediation

Monitoring and Traffic Analysis

  • Network monitoring / auditing
  • Endpoint / insider threat protection
  • Real-time network traffic analysis
  • Log management solutions (ArcSight, Splunk)

Advanced Persistent Threat (APT) Solutions

  • Zero-day behavior-based detection
  • Malware detection and mitigation
  • Anomaly detection
  • Cyber threat analysis
  • On-site CERT and SOC support
  • Continuous Monitoring of Security Controls for systems and applications

Vulnerability and Security Assessments

  • Physical and information security assessments
  • Software vulnerability testing
  • Penetration testing / red teaming
  • Compliance and security audits

Identity and Access Management

  • Develop ICAM Frameworks for Enabling Agile and Flexible service delivery
  • Experience with all components of FICAM Service Framework - Identity Management, Credential Management, Access

Management and Federation, Audit and Reporting

  • Identity Governance through Provisioning and Certification.
  • PII Protection and Data Redaction
  • Integration of FICAM solution with Agency workflows and application access control mechanism

RJ IT NIH Specific SA&A Capabilities

RJ IT Solutions Inc. has significant experience is supporting the NIHs many Institutes and Centers (ICs). We currently have contracts with multiple NIH mission critical systems and employ consultants with extensive NIH Information Security Program experience. We utilize this expertise to deliver quality services to ensure our IC ISSOs, CIOs and security teams meet and exceed NIH security requirements by balancing security and compliance.

NIH Security Assessment Tool (NSAT)- Our consultants have a unique expertise of the NSAT tool. We employ multiple Subject Matter Experts (SMEs) who have years of experience not only using the tool, but also conducting NSAT training at the NIH information Security Program to the NIH ISSO community. We understand the NIH common control provider inheritance matrix and can assist with NSAT control provider configuration and management. Additionally, our consultants have established relationships in the NIH Information Security Program Office to expedite request and escalate issues to ensure timely resolutions.

Information Security Program Development- Assist client senior management in policy development, standard operating procedure implementation, guide/manage critical projects, and metrics reporting and technical documentation template development.

Security architectural engineering and systems integration- Plan, design, and deploy security-enabling tools, technologies, and services across all system layers and embed security into all phases of the system development lifecycle (SDLC).

Continuous Diagnostics and Mitigation (CDM) and Vulnerability management- Provide on premise services for continuous monitoring of information systems. Provide asset detection, vulnerability assessment; configuration deviation detection, and event log management and monitoring.

Inventory Realignment Project – RJ IT consultants assisted in the initial creation and implementation of the inventory realignment models during their stents of service with the Information Security Program. With our in-depth knowledge of the guidance and implementation requirements, we can assist IC ISSOs in navigate the nuances of the process to balance the security posture of their systems with the compliance requirements of the NIH Information Security Program and the Risk Management Framework. We currently provide these services to multiple ICs across NIH as well as NIH mission critical systems and HHS high valued assets.

NIST SP 800-53 Rev3 to 800-53 Rev4- RJ IT consultants have conducted application and enterprise gap analyses to identify controls that require System Security Plan (SSP) updates to compliance descriptions and implementation details. Once the SSP updates are baselined and approved by the IC security office, our team of Security Control Assessors (SCA) creates Security Assessment Test Plans (SAP), execute testing in accordance with NIH and HHS requirements, collect evidentiary artifacts to support test results, perform risk analysis identifying associated risk, and develop risk management and mitigation Corrective Action Plans (CAP). RJ IT Solutions is providing these services to multiple ICs across NIH as well as NIH mission critical systems (eRA and CRIS).

NIH Privacy Controls Implementation and Privacy Impact Analysis (PIA) development- RJ IT Consultants provide IC privacy coordinators with documentation development and organizational implementation of new privacy policies and procedures. Our Consultants are responsible to assisting the only two Applications at NIH with HHS approved PIAs (eRA and CRIS).

On-going authorization and Assessments- Ongoing authorization aims to merge meaningful initial security planning with ongoing operational security monitoring in order to streamline the ongoing security authorization process, obtain more timely security insights into a systems current state, improve characterization of risk and support more effective decision making. RJ IT consultants have extensive experience developing, implementing, and managing Ongoing Authorization (OA) programs that are tailored to meet individual IC needs. We have assisted multiple ICs in transitioning from static, point-in-time Security Assessments and Authorization (SA&A) to Ongoing Authorization (OA) across the federal government and private sector for both cloud based and traditional IT systems.

NIH Quarterly CIO Reports- RJ IT consultants leverage their intimate knowledge of the NIH Information Security program requirements and reporting structure to assist ICs in addressing discrepancies in security posture reporting and dashboards that are presented to IC senior management. We review the reports with our IC security teams to identify issues and work with the NIH Information Security Program to adjust ratings for each service area. We assist our clients with implementing action plans to improve overall security postures and dashboard ratings to ensure the IC senior management receives an accurate depiction of the state of security and risk at their organization. We have a deep understanding of the requirements associated with reducing high risk vulnerabilities (mitigation for critical/high- 30 days, moderate-60 days, and lows- 90 days), improving visibility of IT assets across the enterprise (ensure credentialed scanned using NIH scanning tool set on all public facing assets), and strengthening protection (HTTPS/HSTS implementation, ensuring all public facing IPs are in a DMZ, and implementing MFA for remote access).

Policy and Procedure Development and Implementation- RJ IT consultants have significant experience in utilizing their knowledge of NIH Information Security Program to assist ICs in developing policies and procedures that meet the NIH and HHS requirements. We work with IC security teams to request, review, and update policies and procedures to ensure they align with IT operations and business requirements. In cases where policies and standard operating procedure do not exist, our team of consultants works with the IC security and operations teams to formally document the internal processes and submit for senior management approval.

Cloud Security and FedRAMP Advisory Services - The four major area of concern for customers considering moving to the cloud: Migration Strategy, Security, Compliance and Management. RJ IT Solutions has established robust methodologies in all four areas to identify costs and constraints for each project. We provide FedRAMP advisory and assessment services for public, private, community, and hybrid cloud service offerings, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Additionally, RJ IT has established partnerships with multiple FedRAMP PMO approved Third Party Assessment organizations (3PAO) to ensure full lifecycle support from Security Package development, security posture and documentation assessment, to package submission to help navigate and simplify the intricacies to the FedRAMP processes. RJIT’s Cloud Services include:

  • Cloud Security, Compliance & Governance- Risk Management Framework, FedRAMP, HIPAA, FISMA, ISO, FISCAM, SSAE 16, and A-123 expertise.
  • FedRAMP Advisory Services- Assist Government Agencies and Cloud Service Providers (CSP) in achieving FedRAMP certification of government owned/controlled cloud solutions. Perform FedRAMP Readiness Review Assessments (RAR) and gap analyses. Develop required FedRAMP artifacts. Assist with security control implementation, policy/procedure development, and continuous monitoring program implementation and/or enrollment (GSA ConMon Program).
  • FedRAMP A&A Package Preparation- FIPS 199, Control implementation summary (CIS), System Security Plan (SSP), Contingency plan (CP), Incident response plan (IRP), Configuration management plan (CMP), Privacy impact assessment (PIA), e-Authentication workbook, Policies/procedures
  • 3PAO Security Testing- Liaison between CSPs, Federal Agency partners, and Assessment partners to ensure the security posture of the system is compliant with FedRAMP requirements via (Vulnerability scanning on applications and infrastructure, penetration testing, system and software hardening). We work with our 3PAO partners to conduct reviews of package artifacts to ensure they meet the requirements (detail and quality) necessary to achieve an Authority to Operate (ATO).
  • Cloud Security Architecture- Infrastructure as a Service(IaaS), Platform as a Service(PaaS), Software as a Service(SaaS) and application migration into the cloud.
  • Cloud Migration Management and Readiness Assessment- Assist the client in selecting the best Cloud Service Provider (CSP) to support the business needs, creating migration plans for infrastructure, platforms, and applications and developing operational, management, and security procedures for cloud operations.
  • Cloud Migration Management and Readiness Assessment- Assist the client in selecting the best Cloud Service Provider (CSP) to support the business needs, creating migration plans for infrastructure, platforms, and applications and developing operational, management, and security procedures for cloud operations.

 
Back to Home Home