IA & Trust Engineering
Print this Page  Print Page
Information Assurance (IA) and Trust Engineering

Information Assurance Policy Evaluations

Minerva Engineering has extensive knowledge and a practical understanding of IA policies including but not limited to NIST 800-53, IATF 8500, CNSS-1253 and CJCSI 6510. This experience was garnered through years of IA assessment of systems and components for compliance with DoD and IC policies for strategic and tactical systems or for any National Security Systems that collect, generate, process, store, display, transmit or receive National Security Information. Of particular importance is that we understand how security policy needs to be built into systems from the beginning and how policies are implemented such that the system functions as intended but in a secure manner by understanding the level of potential impact (or loss) to confidentiality, integrity and availability.

Certification & Accreditation of Software, Hardware & Network Systems

Our C&A Systems Engineers are well versed in a broad variety of C&A processes for evaluating, testing and authorizing components and systems including ICD 503, DIACAP, NIACAP, FISMA and legacy DCID 6/3. Because Minerva Engineering has extensive knowledge of the design, development and mission operations of tactical and strategic systems (including space systems) we understand that there is a balance between securing information systems and ensuring the system’s ability to perform its mission. This awareness enables us to effectively tailor and support C&A processes to enable decision makers to consider the operational and economic costs of protective measures weighed against requirements for mission accomplishment.

Our engineers provide critical support to C&A activities in identifying, implementing and validating standardized IA controls, authorizing the operation of DoD and IC information systems and supporting the management of IA posture across these systems. These C&A activities include the development of processes and documentation supporting the DIACAP-based dynamic environment model or the broader ICD 503-based risk management strategies.

Secure Hardware, Software & Network Architecture Development

The key to building a strong security plan is to ensure that each individual component on your infrastructure is as strong as the next. It only takes one weak link in your infrastructure to provide a hacker an opening wide enough to bypass even the best security plan. We provide the expertise to help our clients secure their infrastructure from the ground up. Our team of engineers can help you evaluate and harden an individual software package or an entire network system and include analysis of the system in the context of FIPS 199 and other standards for categorizing the information in terms of its security content. Big or small, from the smallest embedded system to satellite control systems, we have experience with it all.

Minerva Engineering understands that the selection and implementation of appropriate security controls for any information system or “system of systems” can have major implications on the operations and assets of an organization. These controls are the management, operational and technical safeguards to protect the confidentiality, integrity and availability of the system and its information. As such, we bring our detailed knowledge of systems engineering, architecture synthesis and system analysis to domain specific applications to ensure that the systems being developed build in security from the beginning.

COTS Secure Integration & Test – Trust Engineering

The emerging field of Trust Engineering includes demonstrating how it is possible to compose and configure relatively untrusted components to form reasonably trustworthy systems. Minerva Engineering has a demonstrated history of integrating technologies in a secure manner and evaluating their vulnerability against common vulnerability assessment mechanisms such as the Common Weakness Enumeration (CWE) and the Common Vulnerability Scoring System (CVSS) among others. With an extensive background in integrating information technology components for the Department of Defense and the Intelligence Community, Minerva Engineering’s “Integrationeers” have been using innovative integration approaches to develop secure system solutions.

By carefully integrating various components to create a secure solution, Minerva Engineering measurably improves our customers’ security posture and rapidly increases functionality and usability through the use of commercial products. In effect, Minerva Engineering enables our customers that are concerned about the security implications of using COTS products to “Say Yes to Commercial Technology”.

Software Assurance – An Essential Element of Trust Engineering

Trust Engineering includes the critical area of Software Assurance because the use of commercial technology includes the expectation for formal software development methodologies including, but not limited to Trusted Software Development Methodologies (TSDM), CMMI, “Correct By Design”, etc.). At its core, Software Assurance is the development and implementation of software development processes for ensuring that software functions as intended while mitigating the risks of vulnerabilities, malicious code or defects that could bring harm to the end user. Minerva Engineering specializes in the development of software using secure software development best practice processes that reduce vulnerabilities, improve resistance to attack and protect the integrity of software.

In addition, we have a series of approaches to evaluate the security of COTS products so that users can have a high level of confidence that their software is as secure as possible. Our Vulnerability Assessment Lab enables us to use current binary and source scanning tools and support dynamic and static analyses which can be used by the software developer in an incremental manner to ensure that software under development is as secure as possible.

Login to view restricted content.

IA & Trust Engineering

Discover Minerva

  • Download Company Profile and learn more about what
    we can do to identify
    technologies and processes
    that can help your programs
    to be more effective.