For Secure Computer Systems that Meet Certification Standards
The mission of the Agent of the Certification Authority (ACA), located at ERDC Information Technology Laboratory (ITL) in Vicksburg, Miss., is to assess your system’s security posture in accordance with Department of Defense and Army regulations. ACA certifiers accomplish this through an interactive, customer-focused approach. As an independent observer, the ACA highlights both the weaknesses and strengths of your system’s security posture, operations, and training so the shortcomings can be overcome and the strengths can be reinforced. Moving forward as one Army that is protected against its enemies in the physical and cyber world, ACA strives to ensure the best possible support for the ultimate customer—the WARFIGHTER.
Information assurance is an ever-changing and developing field — one that requires constant attention and constant evolution. The staff at ACA stays abreast of developing technologies that are shaping cyber warfare defenses so that they can examine and identify the new vulnerabilities and weaknesses that you will be facing. Realizing your organization is only as strong as your weakest link, ACA’s experience and perspective can offer that big picture view in the role as your Agent of the Certification Authority.
Proactive Staff Enables Compliance
The goal of the ACA is to enable organizations with knowledge so they can integrate security into their systems design and culture. ACA staff stays abreast of developing technologies that shape cyber defense so that new system vulnerabilities and weaknesses may be identified and examined. ACA staff holds more than 15 diverse security certifications and expertise in these specialty areas:
- Application security
- Web services
- Network design and border defenses
- Database security
- Enclave and data center design
- Windows system administration
- UNIX system administration
- Source code analysis
Additionally, ACA staff specializes in the evolving area of Supervisory Control and Data Acquisition (SCADA) security. Past projects have taken us to hydropower facilities, locks and dams, and municipal water supplies throughout the country. The ACA’s unmatched experience and training in the SCADA arena allows us to always provide a quality product tailored to your environment.
From security engineering and documentation creation to Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) verification and validation, put the ITL security experts to work for you. ACA’s goal is to equip organizations with the knowledge and skills necessary to securely design, implement and maintain their systems and integrate security into the culture. Working together with numerous systems owners to preserve the confidentiality, integrity, and availability of their systems, ACA security experts have configured network devices and firewalls, hardened Windows and Unix servers, installed applications, developed Backup and Restore, Configuration Management and Continuity of Operations processes, drafted and documented Security Concept of Operations (CONOPS), System Design, standard operating procedures and other procedures, and trained personnel.
ITL internally employs many capable automated tools to aid in security engineering and testing, such as:
- Fortify for source code security analysis
- Ignite for database monitoring
- Edgesight for Citrix load testing and performance monitoring
- Rational Robot for application testing
- AppDetective for database vulnerability assessments
- VMWare virtualization center testbed
- Flying Squirrel to detect rogue wireless networks and access points
- Nipper Studio for network device configuration security scanning
“Thank you for all your patience and assistance with the DIACAP documentation. We could not have accomplished all that we have without your professional expertise and your willingness to share your knowledge, templates, tools, etc. Your sincere interest in helping us establish a sound information assurance program for South Atlantic Division SCADA has been demonstrated over and over again throughout this process. You are a great team and a great asset to the US Army Corps of Engineers, truly!” — Prudence J. Meadors, USACE South Atlantic Division Hydropower Information Assurance Security Officer
ERDC Points of Contact
Questions about ACA?
Contact: Krisa Rowland