Information Assurance

Certification and Accreditation

Taurean’s Information Assurance (IA) team provides comprehensive Certification and Accreditation (C&A) support under both DoD and National Institute of Standards and Technology (NIST) processes. Key Team Members were responsible for the development of the Risk Management Framework (RMF) for the DoD CIO.

Our penetration testing professionals support Security Control Assessments (SCAs) by providing vulnerability assessments and web application testing to identify weaknesses within systems. Our SCA support is designed to assure the Confidentiality, Integrity, Availability and non-repudiation, of the data and systems that reside within the network support infrastructure. Taurean achieves this objective by implementing infrastructure enumeration, vulnerability scanning, and exploitation methods that feign realistic attacks. These simulated attacks are derived from nationally recognized security authorities such as: OWASP, SANS, NIST Cybersecurity Framework, DISA Security Technical Implementation Guides (STIG), National Vulnerability Database, and US-CERT Cyber Resilience Review.

Taurean accomplishes this by utilizing an experienced team of seasoned professionals, who have experience delivering the following items:
  • Gathering target environment and system information
  • Conducting security audits to identify internal and external cyber threats
  • Assessing Web Application Services
  • Evaluating security levels of hosted sites and network provisioning
  • Identifying open security flaws and web application vulnerabilities

Taurean has a long history of C&A support, with a successful track record of providing on time deliverables and obtaining the necessary Authority to Operate (ATO) from Designated Approving Authorities (DAAs) for systems deployed across the DoD and federal civilian agencies

  • COMSEC (Communications Security)
  • EMSEC (Emissions Security)
  • COMPUSEC (Computer Security)

Our team has worked with:

  • Defense Information Systems Agency (DISA)
  • Joint Task Force, Global Network Operations (JTF-GNO)
  • National Aeronautics and Space Administration (NASA)
  • National Oceanic and Atmospheric Administration (NOAA)
  • National Weather Service (NWS)
  • Department of Justice (DOJ)
  • Alaska Land Mobile Radio System (ALMR)
  • Office of Management and Budget (OMB)
  • Army Installation and Management Command (IMCOM)
  • Air Force Cryptologic System Group (CPSG)
  • Army Proactive Real-property Interactive Space Management System (PRISMS)