As part of the DITSCAP and DIACAP C&A processes, SpinSys brings decades of security experience to include application and operating system hardening, network intrusion detection, vulnerability assessment and penetration testing, vulnerability remediation and validation, and data or database security.

SpinSys is experienced in using industry standard security assessment tools such as Retina, TripWire, Nessus, WebInspect, and DOD tools, to include STIG, SRR, and GoldDisk.  We provide experience in network infrastructure security with technologies such as Cisco PIX Firewalls, network intrusion detection, and network access control lists.

The SpinSys team has instrumental in securing and accrediting several major US Air Force (USAF) applications within the USAF application infrastructure.  In order to obtain the DITSCAP and DIACAP certification and accreditation we provided the underlying network and application security to meet the strict Department of Defense standards.  Our team was able to provide this expertise on two major applications and this continues to date with yearly re-accreditations.

Our security engineers are ISC2 Certified Information Systems Security Professionals (CISSP). In support of the United States Air Force, they have assisted at differing levels of compliance execution of the DIACAP Implementation Plan. Their efforts have resulted in obtaining and maintaining a positive accreditation decision (IATT – Interim Authority to Test, IATO – Interim Authority to Operate, and ATO – Authority to Operate).

Our services are tailored to the needs of the organization based on certification standards utilized for the Certification and Accreditation for DoD or NIST. We support organizations from all branches of the DoD; the US Army, Department of the Navy, US Air Force, TRICARE, and other Federal Agencies.

As part of the hardening of the application security posture, we improve application security by:

  • Analysis

    Analysis of the application architecture and documentation to better understand and evaluate risk

  • Application Security Assessment

    Application Security Assessment integrating technical layered defenses

  • Testing and verification

    Testing and verification both manual and automated with partner tools

  • Application Vulnerability Assessment

    Application Vulnerability Assessment and remediation and mitigation planning

  • Maintaining Situational Awareness

    Maintaining situational awareness and continuous monitoring throughout the SDLC phases