Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Integrated security management system for US navy

Smartronix : 18 September, 2008  (Application Story)
Naval Research Laboratory contracts Smartronix to supply security management system and provide integration between diverse systems
Through an existing prime contract, the Naval Research Laboratory (NRL) has awarded a task to Smartronix for software and services that will be used within a comprehensive security management solution that the Office of Naval Research (ONR) is building. The solution will combine multiple security functions into an integrated, interoperable whole. The task covers the program management and integration efforts of Smartronix and combines software and services from Telos for its Xacta IA Manager solution and from IBM for its Internet Security Systems (ISS) solution.

The goal of this project is to remove stovepipes between security systems to ensure that US Navy information systems security encompasses configuration management, vulnerability management and asset management as well as security compliance testing and reporting. By tying multiple security solutions together, Navy programs will be able to create and tailor security workflows more effectively and build repeatable security solutions.

When asked about the new solution, John Parris, Smartronix's CEO said, "The work we're doing for ONR is just one example of how Smartronix integrates leading commercial technologies into unique security solutions to meet complex customer challenges."

The combined security solution has been deployed across ONR, and ultimately, it will be used as an example throughout the Navy and the Department of Defence (DoD) to illustrate the value of integrating security management solutions.

"The combination of Xacta IA Manager and IBM ISS will provide ONR with a security solution that addresses previously stove-piped security operations, including asset management, configuration management, incident detection and response, information assurance vulnerability management and regulatory compliance," said Ron Dorman, vice president of information assurance solutions for Telos. "IBM ISS and Xacta IA Manager will provide the front line of detection and asset management, and the Xacta product will incorporate this information into its risk assessment and compliance solution. ONR will be able to access critical security data from the entire organization, analyse its security posture and report on compliance."

IBM ISS has a suite of technologies for vulnerability scanning, anomaly detection and intrusion detection. If a new system is plugged into a network, the ISS suite will detect it and identify any associated vulnerabilities. The information is sent as an alert to operational security managers.

The vulnerability and new asset information is imported into Xacta IA Manager checked against the manifest of technology assets that could be affected, and then the information is analysed within a regulatory compliance and reporting framework. Security personnel use Xacta IA Manager to determine which certification and accreditation (C&A) projects it impacts and incorporates the new findings within those C&A processes. If vulnerabilities are detected for the new asset, personnel use Xacta IA Manager to create the plan of action and milestones (POA&M) document required as part of the Federal Information Security Management Act (FISMA). The POA&M includes the plan for mitigating the risk.

In addition to deploying an integrated solution, the Smartronix/Telos team will tie in security sensors already used in the DoD, such as the eEYE Retina Vulnerability Scanner and Remedy help desk products. These products will feed information into the combined deployment, providing the information to determine if security controls are in place, if regulations are being followed, and if security remediation is required.

"The DoD has access to a large number of security solutions. This effort is focused on tying them together in a cohesive way to improve visibility into security processes and tweak these processes over time to maintain the highest level of security. We look forward to applying a best-of-breed approach to ONR's security needs," said Rob Baker, Smartronix, vice president of Navy and Marine Corps programs.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo