Padlock that says security on a background of computer code.

Information Systems


Information Systems Security

The ESC's Information Systems Security (ISS) group is an Office of Management and Budget (OMB) designated Shared Services Center for Risk Management Framework (RMF) services under the Information Systems Security Line of Business (ISSLoB) program. Under this designation, the ESC ISS group provides independent and operational security services to assist federal customers with achieving and maintaining Federal Information Security Management Act (FISMA) compliance.

Available services include: Independent Security Assessments, ongoing assessments in support of a system's Continuous Monitoring, Information System Contingency Planning (ISCP) consultation, Penetration Testing, comprehensive Vulnerability Scanning (e.g., database, web, application, wireless, etc.), Red Teaming and Information Systems Security Officer (ISSO) services, to include creation and maintenance of system security documentation.

ESC's ISS group is also an accredited Third Party Assessment Organization (3PAO) under the General Services Administration's (GSA) Federal Risk and Authorization Management Program (FedRAMP), independently evaluating the security posture of Cloud computing environments. ESC was the first federal organization accredited as a FedRAMP 3PAO. Independent assessments performed by ESC follow National Institute of Standards and Technology (NIST) guidelines, with FedRAMP guidelines being followed when assessing Cloud environments.

As a Fed-to-Fed, fee-for-service service provider, ESC's security teams have assessed countless systems at hundreds of hosting sites across the nation in the past decade alone. Our predominantly federal security staff provides considerable continuity – indispensable for systems under Ongoing Authorization and for systems in environments with considerable control inheritance. ESC's ISS group is certified under ISO 9001:2008 and accredited by the American Association for Laboratory Accreditation (A2LA) under ISO 17020:2012 (Certificate #3632.01) and also integrates Lean Six Sigma optimization approaches to continually streamline services.

∼ Security Services for Feds, by Feds ∼