Information Assurance

Information Assurance

Information systems exhibit inherent security vulnerabilities. Information Assurance (IA) is defined by the techniques and methods we use to protect and defend automated information and information systems through risk management techniques in order to provide reasonable layers of availability, integrity, authentication, confidentiality, and non-repudiation. MHM fully appreciates the importance of the IA security requirements as such relate to cutting-edge technologies. Several of our employees are former DIA IA Certifiers (GSEC, CISSP, CICP, CISM, CompTIA Security certified) and have specific experience in utilizing innovative IA techniques. This ensures that security requirements are satisfied with sound, well-engineered, documented, and tested solutions, thereby making Certification and Accreditation (C&A) a cost effective confirmation and residual risk analysis process.

Specifically MHM can:

Provide technical assistance during the entire software development lifecycle process to ensure applications comply with applicable C&A requirements. IA across a system enterprise is essential to ensure information confidentiality, integrity and availability.
Assist with the enhancement of the security posture of a system enterprise by performing numerous information Systems Security Engineering activities and information assurance analyses.
Employ systems and IA best business practices that span product evaluation, testing, analysis, and resulting decisions and recommendations, while keeping pace with client development requirements.
Make assessments and provide guidance for the efficiency of systems and information assurance implementations, and the validation and verification of related activities to determine if they are adequate to meet the thresholds set for undetermined threats.

Information Assurance:

MHM IA staff includes multiple former Defense Intelligence Agency certifiers.
MHM maintains IA expertise in both full system accreditation and certifying in a prototyping/software integration laboratory environment.
MHM understands that certifying a constantly moving target is very difficult. Certification requirements, documentation and testing methods are normally based on a stable system targeted for operation. In response to this challenging environment, MHM developed a concept of a process certification where rather than certify the end state of the equipment and software, we certify the base system and the processes and methods used to add, remove or alter any part of the system.
Our process-oriented certification methodology supports the dynamic nature of the System Integration Lab (SIL) environment while simultaneously lays a basic foundation for systems moving from the prototyping environment into a formal individual system accreditation.

Cross Domain Solutions:

MHM’s expertise is in the design and deployment of a Multi-Level Security (MLS) solution that provides a PL4 storage and retrieval of documents on a single database with security classifications from different networks and sources. The data is stored with the proper CAPCO security labels and allows retrieval of the data with a PL4 protection by analysts according to their personal security clearance and the classification of the network they are using.
Our objective development is the deployment of solutions that minimize the requirement for multiple systems and integrates the analytical function and data availability on only one physical database machine.
MHM maintains a strong team of both system and software engineers coupled with highly experienced Information Assurance professionals to achieve realistic and operationally relevant cross domain solutions.