Southwest Information Assurance
Services

Program Management

• A documented, defensible process for the evaluation, selection, and ongoing life cycle management of safeguards and controls not limited to direct linkage to technical, functional, or business requirements or recommendations resulting from the Risk Management process; cost/benefit evaluation, review, and approval; regulatory compliance criteria
• A documented, defensible process for information security process improvement not limited to the Systems Security Engineering Capability Maturity Model (SSE-CMM); security architecture development and modeling methods and practices; membership and participation in industry-recognized professional organizations; subscription to industry-recognized research and analysis services
• Industry-recognized project management methods and practices, specifically, the Project Management Institute Project Management Body of Knowledge (PMBOK)
• Systems Development Life Cycle (SDLC) methodologies not limited to the "Waterfall" method of iterative, incremental development; the "Modified Waterfall" method including complementary verification and validation processes linking development phases; the "Spiral" method including risk analysis in each phase and based on the iterative development of increasingly functional prototypes; or a hybrid SDLC incorporating elements of one or more of these SDLCs as may be most appropriate for the client.
• Industry-recognized and U.S. government-recognized certification and accreditation standards and guidelines not limited to Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP); Defense Information Assurance Certification and Accreditation Process (DIACAP), currently in draft and will supersede DITSCAP; National Information Assurance Certification and Accreditation Process (NIACAP); Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (NIST Special Publication 800-66)