Information Technology Company, LLC (ITC) provides Security Test & Evaluation (ST&E) services in support of Certification and Accreditation (C&A) requirements. The company helps prepare Federal Agencies for GAO or OIG information security audits, and provides agencies with in-depth reviews to assure GAO or OIG audit conformity.
Security Test & Evaluation (ST&E)
ITC services offer a comprehensive assessment of the management, operational, and technical security controls in an information system to determine correct implementation, intended operating procedures and desired outcomes. ITC aids agencies in their effort to achieve total system security by creating comprehensive, periodic evaluation plans including network vulnerability and infrastructure penetration assessments.
ITC specializes in pinpointing security deficiencies present in mainframe, server, LAN and application databases specifically related to user identification and authentication, authorization, boundary protections, cryptography, audit and monitoring, and physical security.
Proven Methodologies & Experience
ITC procedures involve examination of the agency’s total environment and correcting weaknesses in risk assessments, security policies and procedures, security planning, security training, system tests and evaluations, and remedial actions.
ITC combines technology, proven methodologies and experience to help its customers reduce risk and achieve maximum security. The process is an aggressive evaluation of the agency’s information systems enterprise to ensure not only FISMA compliance, but total risk mitigation.
ITC follows procedures laid out in the Federal Information System Controls Manual (FISCAM) and standards published by NIST and DISA that evaluate the reliability of computer-generated data supporting financial statements or to evaluate the adequacy of controls in systems to help reduce the risk of loss due to errors, fraud and other illegal acts and disasters, or other incidents that cause the systems to be unavailable.