capabilities - gns corporate capabilities.pdfcapabilities & solutions global network systems,...
TRANSCRIPT
Capabilities & Solutions
GLOBAL NETWORK SYSTEMS, INC. (GNS) 2400 RESEARCH BOULEVARD SUITE 360 ROCKVILLE, MD 20850
BD-CC-4001 12.15 v1
www.gns-us.com [email protected] 301-987-8750
GNS, Inc. was established in 2000 with a sole purpose of providing IT security solutions.
GNS Mission and Vision
Our mission is to contribute to our clients’ success by
ensuring their information systems are secure and productive
and to achieve the optimal level of security and productivity
in a cost-effective manner.
GNS, is committed to building long-term relationships. We
believe in providing quality services and focusing on our
tasks to ensure 100% client satisfaction.
GNS at a Glance In addition to our technical and program management expertise, GNS continues to invest in the infrastructure required to grow a business while maintaining quality of services.
Examples include:
We are ISO 9001-2008 certified for our Quality Management System (QMS);
We are ISO 27001-2013 certified for our Information Security Management System(ISMS);
We use Deltek GCS Premier as our primary financial and accounting system;
GNS has a full suite of Microsoft applications to support activities such as collaboration with clients, team members and the public (SharePoint) and ensure 100% compatibility with client;
GNS maintains more than 80% cleared staff at a Secret or higher level and maintains above industry level retention rates;
Our Operation staff is implementing a self-certified Earned Value Management System (EVMS) to support EVM projects; and
GNS exhibits strong financial stability, zero debts and holds the highest rating from Dun & Bradstreet.
Small Business Women Owned Small Business Minority Owned
2
Capabilities Core
IT/Cyber Security Solutions Certification & Accreditation (C&A)
Risk Management Framework
Continuous Monitoring
FISMA Compliance
Computer Incident Response Team (CIRT)
Independent Validation & Verification (IV&V)
Penetration and Vulnerability Testing
Security Operations Center (SOC)
Software Testing
508 Compliance Testing
GNS has expertise in all National Institute of Standards and Technology (NIST), Office of Management and Budget (OMB) and related standards and experience in using them to create organization-specific policies, procedures and guidance. For example, we are supporting clients developing policies to address IPv6, TIC, cloud computing, FISMA 2.0, and other federally mandated standards. GNS provides OCIO-level support for diverse and dispersed organizations comprising simple-to-complex systems at unclassified to classified levels including:
IV&V and QA of technical and budgetary performance, gap analysis and performance improvement;
Critical Infrastructure Protection (CIP ) support; Policy and procedure development; Risk management; Compliance.
Infrastructure Solutions
Internet/Intranet/Extranet Implementation
SharePoint Solutions
Project/Program Quality Assurance
Continuity of Operation Planning (COOP)
Disaster Recovery Planning (DRP)
Independent Software Testing and Evaluation including 508 Compliance, Automation and Performance Testing
Project and Process Improvement and Support
Quality Assurance Planning
3
IT/CYBER SECURITY SOLUTIONS
Security Management
Network Security
Conducting vulnerability and intrusion detection assessments;
Designing and implementing: Local and wide area network security (LAN/WAN), firewalls,
intrusion detection, routers and switches, protocol analysis and encryption;
Access controls for network infrastructure — routers, switches and servers.
Web server and DNS security, DMZ configuration;
Unix, Windows, mainframe security reviews;
Network management systems for total control of network environment.
GNS has expertise in all National Institute of Standards and Technology (NIST), Office of Management
and Budget (OMB) and all relevant Federal standards, directives and guidance. Our certified staff
support: risk management, audits and compliance, continuous monitoring, and critical infrastructure
protection (CIP) to include: incident response and forensics, security operations, ST&E, vulnerability
scanning, contingency planning and disaster recovery. We are experts in analyzing the security impacts
from new initiatives and technologies such as IPv6, TIC, cloud computing, FISMA 2.0, etc.
Conducting threat, vulnerability and risk assessments;
Developing an integrated plan including security organization, policies, standards and best
practices;
Developing technical, procedural and administrative controls using standards and best practices;
Creating agency-specific policies for email and internet usage, firewall and antivirus software, data
protection and backup; application development and new technologies;
Developing and implementing incident and emergency response procedures;
Supporting CIRT/CERT operations.
Core Capabilities
Application Security
Conducting threat, vulnerability and risk assessments;
Developing an integrated plan including security organization, policies, standards and best
practices;
Developing technical, procedural and administrative controls using standards and best practices;
Creating agency-specific policies for email and internet usage, firewall and antivirus software, data
protection and backup; application development and new technologies;
Developing and implementing incident and emergency response procedures;
Supporting CIRT/CERT operations.
4
IT/CYBER SECURITY SOLUTIONS
Information Technology (IT) Auditing
Access Control
Develop policies and procedures for authorization, authentication and auditing (AAA);
Evaluation of AAA effectiveness.
Risk assessments and control of systems, networks and applications;
Technical audit and review of confidentiality, integrity, and availability controls;
Compliance with government regulations;
Flowcharting of network data.
Core Capabilities
Security Awareness and Training
Developing training programs which provide mandatory periodic computer security training for all
employees who are involved with the management, use, or operation of Federal computer systems;
Conduct skills assessments, audits and develop performance metrics to track training effectiveness.
Risk Manager (CISO) Support
Developing strategies for IT security, control and audit;
Assessing and selecting security vendors, technology and products;
Liaison to management for security operations, risk management and IT audits;
Project management for security technology implementation.
Risk Management Framework
Expertise in NIST SP 800-37 implementation;
Developing and managing a continuous monitoring program;
Conducting independent security test and evaluation.
Transition to Risk Management Framework (RMF)
5
INFRASTRUCTURE SOLUTIONS
Internet/Intranet/Extranet Implementation
SharePoint Solutions
Initial installation and upgrades;
Administration.
GNS applies a systems development lifecycle approach comprising of:
GNS designs and develops secure web content management for networking, E-Business, and systems
design. We define desired features and operation in detail, screen layouts, process key documentation.
Core Capabilities
Project/Program Quality Assurance
Assessments of existing internal QA functions;
Implementing and managing the QA function as part of Project/Program oversight.
Continuity of Operation Planning (COOP)/ Disaster Recovery Planning (DRP)
Designing systems and networks to ensure high availability, fault tolerance and redundancy;
Planning: hardware, software, infrastructure and staff.
Independent evaluation and testing of COOP and DRP
6
7
Current Clients
DHS - NPPD
DHS - CBP DHS - CIS
DOC
DHS - ICE
Past Clients Bureau of Engraving and Printing
U.S. Department of Agriculture
U.S. Department of Energy
U.S. Department of Interior
NIST (National Institute of Standards and Technology)
U.S. Department of Health and Human Resources
D.C. Lottery Board Advisory
U.S. Department of Commerce, OCIO
National Oceanic and Atmospheric Administration (NOAA)
U.S. Securities and Exchange Commission (SEC)
DHS - OBIM
ISS LOB RMF BPA
8(a) STARS II Schedule 70 GS-35F-0582M
VETS
NOAALink ITS-SB ITES-2S
R23G
TIPSS IV ITS & SB
eFAST
EAGLE II BOSS-R MD CATS II FL IT Consulting
8
Contract Vehicles
GNS supported the SEC’s IT
security program in IA, C&A and
FISMA compliance management
and reporting efforts. Our staff
reviews existing and draft
legislation and standards,
commercial best practices and
report on potential impacts. We
provide quarterly reports of the
status of weaknesses tracked in
the POA&M for FIPS 199 and
discuss with system owners. Our
staff collected metrics for the
CIO dashboard tool to assist
with analysis of efforts to
mitigate identified weaknesses.
Sample Past Performance
U.S. Department of Energy
U.S. Securities and Exchange Commission
GNS reviews and updates the
SEC’s five-year strategic
security plan. We provided
program-level support to the
SEC staff assessing high-level
security-related, IT security
policies and procedures
pursuant to OMB circulars. Our
experts support the SEC
Technical Manager with risk
management including risk
assessment of internal and
external threats; risk-based
security policies and procedures;
and review of others’ risks
assessments.
GNS supported the DOE OCIO
management team overseeing
the one-billion dollar IT
infrastructure program. We have
established Independent
Validation & Verification (IV&V)
technical, schedule and cost
oversight and quality assurance
compliance with the Federal
Acquisition Regulation (FAR)
46.401(a), Office of
Management and Budget (OMB)
Circular A-130, the Government
Accountability Office (GAC)
Federal Information System
Controls Audit Manual (FISCAM)
and OMB Circular A-76 to
support Business Guide
Benchmarking Standards. As
part of our support, GNS
provided objective and
knowledgeable analysis of IT
security policy and systems
documentation and
management issues.
9
Sample Past Performance
U.S. Treasury Bureau of Engraving and Printing
Department of Commerce
GNS supported the Office of the
Secretary/OCIO and Operating
Unites (OUs) in the review and
analysis of IT security policy,
system documentation and
security program management
issues for unclassified and
classified systems, networks and
applications. GNS developed
and/or reviewed and assessed
existing security plans, C&A
packages and other security
related tasks and documents
throughout the enterprise life
cycle. GNS also assisted with
implementing and maintaining
DOC-wide standards in line with
applicable OMB, NIST, FISMA,
and other government
regulations and industry best
practices. Additional activities
included: CIRT support (incident
reporting, tracking, handling);
COOP; DR; penetration and
vulnerability testing; security
awareness training; specialized
training; security operations
center (SOC) implementation
and integration.
GNS supported the
development, review and
analysis of IT security policy,
systems documentation and IT
security management issues as
well as C&A projects and
compliance monitoring. Our on-
site staff provided technical,
analytical, and program
management support to the
Office of Critical Infrastructure
and IT Security including:
identifying policy and procedural
gaps; recommending and
documenting standards for
implementing security controls;
developing security test and
evaluation (ST&E) plans;
conducting ST&E testing,
analysis, and reporting;
monitoring industry security
trends and reporting on services;
supporting security analysis,
monitoring, and defense (IDS,
IPS, firewalls, etc.); incident
support and management
including installing patches and
upgrades; auditing IBM
Mainframe, LAN/WAN, and
other systems; performing
continuous monitoring to ensure
security controls remain
effective; and providing IT
Contingency Plan Testing
Support.
10
Awards & Recognitions
Certifications
Awards & Recognitions
ISO 9001:2008 Certified;
ISO 27001:2013 Certified
EVMS Self Certified;
Women-Owned Small Business (WOSB);
11
INC 5000 Awardee;
Washington Technology’s Fast 50;
SBA Best Small Business of the Year Nominee;
Exceptional rating by GSA;
Highest Rating by Dun and Bradstreet;
Recognition for the support of the National Guard and Reserve.
Client Commendations
12
“GNS has consistently provided highly qualified contractors to each contract task. The contractors provided by GNS are well trained and have excellent experience. The GNS contractors quickly integrated themselves into the Commerce environment and quickly became very productive. I have found the GNS management team to be extremely responsive to the needs of Commerce and have always worked diligently to exceed our expectations.“
William Lay Associate Deputy CIO, U.S. Department of Energy
“When we need information technology products or services to complete our mission in a hurry, we look to Global Network Systems because they are responsive, honest and highly professional. They are focused and produce high quality deliverables at a fair price. “
John Ogungbemi Project Manager, DC Lottery Board
“GNS engineers have proven themselves as reliable support staff, hard workers, and talented individuals. They are extremely cooperative and possess the capacity to contribute positively while working as part of a team. “
Michael Sheaver Contracting Officer Technical Manager, USDA, NRCS
“I am pleased to share with you a commendation for the exceptional performance shown by GNS’ [staff] for the ST&E of the FM&E TRIRIGA system. [GNS] showed exceptional dedication and professionalism in completing a difficult ST&E. These examples speak of high standards, leadership, time management skills, dedication and professionalism and we are proud to have [GNS] as a member of our team.”
Rick King OIT/EDME/STP, U.S. Customs and Border Protection
CONTACT GNS Global Network Systems, Inc. 2400 Research Boulevard, Suite 360 Rockville, MD 20850-3243 [email protected] P: 301.987.8750 www.gns-us.com
13