Ensuring TSA’s Security Posture
in the Cloud
KEY SCOPE AREAS
• Review, assess, and test cybersecurity threats in TSA’s portfolio of enterprise systems.
• Provide Security Control Audit (SCA) support.
• Develop TSA’s Cloud Security Assessment Playbook
• Provide Cloud cybersecurity Subject Matter Expert (SME) Support as TSA migrates its systems to the cloud.
• Provide ISSO, GRC, and Penetration Testing support
KEY STATS
• Employee Cloud (AWS)
• Okta
• DocuSign
• Mobile Device Management (MDM)
The Transportation Security Administration (TSA) is responsible for screening the 2+ billion passengers that move through the nation’s approximately 440 airports each day. TSA is also responsible for screening 100% of the cargo – 1.4 million checked items and 5.5 million carry-on items – that is transported on passenger airlines on a daily basis. In addition, TSA develops policy that helps to protect highways, railroads, buses, mass transit systems, ports, and pipelines. The TSA employs a workforce of 60,000 employees that carry out its mission across the nation.
TSA made the decision to move its enterprise systems from data centers to the cloud. As one of the largest agencies within the Department of Homeland Security, its systems are broad in scope and many in number, involving tens of thousands of devices connected to different cloud systems, such as IaaS, PaaS, and SaaS, that are controlled by outside vendors. In addition, each cloud system came with multiple inherited security authorizations that added to the challenge. The agency wanted to ensure that as it moved its systems to the cloud, it could still adequately evaluate its security posture and architecture in the new paradigm. The agency required a process and methodology for security assessments and best practices. In addition, TSA needed assistance in auditing its many systems to determine whether they complied with the recommended processes and architecture.
Working with the prime contractor, Karthik Consulting helped TSA develop a plan that centered around, investigating security threats, identifying vulnerabilities and analyzing risk, assisting with security audits, and providing support to the information security system officers (ISSOs). KC also validated the implementation of the recommendations.
INVESTIGATE SECURITY TREATS AGAINST TSA TECHNOLOGIES PORTFOLIO
• Provided information security engineering support activities, which included providing subject matter expertise to the security requirements allocation and security architecture processes for the TSA portfolio of systems.
• Conducted security architecture/design reviews; developed whitepapers that address the security risks, design considerations, security requirements, use cases (assumptions, high level & detailed use cases), system/application specific requirements; and provides recommended mitigations/modifications.
RISK ASSESSMENT OF TSA SECURITY VULNERABILITIES
• Scheduled and performed exhaustive and authenticated scanning of all assets within the TSA FISMA system boundary.
• Coordinated with support contractors of the respective systems to track progress of patching and opened POA&Ms as necessary.
• Tracked all identified weaknesses found within the systems environment from identification through remediation and validation including Information Security Vulnerability Management (ISVM) Alerts & Bulletins and POA&Ms.
• Tracked the remediation progress for all POA&Ms provided by the government.
• Supported the review and triage of vulnerabilities prior to developing the POA&M, including POA&M triage, remediation, and planning a POA&M review meeting.
SECURITY ENGINEERING
• Provided Information Systems Security Engineering (ISSE) support to help identify security vulnerabilities and minimize or contains risks associated with these vulnerabilities spanning the Systems Development Life Cycle (SDLC).
• Security Areas of Focus: Perimeter security, network security, endpoint security, application security, physical security, and data security.
SECURITY CONTROL AUDIT (SCA) SUPPORT
• Researched, assessed, and recommended tools and capabilities to the TSA IAD team.
• Supports HVA Assessments including RVA.
• Conducted Risk Management Framework (RMF) assessments for cloud and on-prem based enclaves and major applications throughout the TSA.
• Supported testing of all applicable security controls as defined in NIST SP800-53 for the specific system based on Confidential Availability and Integrity (CIA) with applicable overlays.
• Planed and/or performed security controls assessments for customer systems in accordance with cybersecurity standards.
• Assisted with identification and remediation of POA&Ms.
• Prepared and/or assisted in the preparation of reports and presentations required for communicating findings of the security control assessments.
TSA’s SUPPORT TSA’s INFORMATION SYSTEMS SECURITY OFFICERS (ISSOs)
• Supported integrated external audits by attending kickoff meetings, compiling and submitting test artifacts, and participating in data center/infrastructure security processes and system walkthroughs.
• Supported the maintenance of the ATO for all of the TSA FISMA systems in our ISSO’s portfolio through the A&A process.
• Maintained the Security Plan, Contingency Plan, Contingency Plan Test, and the Configuration Management Plan.
• Supported planned and unplanned security assessments by collecting and reviewing documentation, created new system/policy/procedure documents, reviewed and validated artifacts/evidence points.
• Assisted in triage of all TSA Security Operations Center (SOC) notifications, developed initial response processes, and communicatee notification(s) to the administrators, including, but not limited to: attending incident meetings, providing 24/7 support for incident management, reviewing security logs to ensure compliance, working to help identify, remediate, and/or research solutions to exceptions or false positives identified in the review of security logs and alerts, and managed the process for documenting those exceptions.
Take a look at what KC is doing to contribute to global cyber security, agile software development and cloud services.
ABOUT US
Our Cyber Security, Software Development and Program Management focus areas (and work methodology) ensure that we can deliver not just solutions, but architecture that scales and grows with the customer's needs over time. We are able to assist in projects ranging from short advisory engagements to assembling a full team to deliver a solution from concept through implementation and on-going management. KC has access to industry experts in various technologies and teaming partners to meet any of your IT challenges. The vision of KC is to bring the innovation, passion and agility of the commercial IT industry to meet the unique challenges of the federal government. We are a DOD Cleared Facility with a DCAA-approved accounting system.
Felix Martin, 571 435 7632 fmartin@karthikconsulting.com
CAGE: 56GH3
DUNS: 828199880 UEI: FGNNM7KNUPF6
PRIME CONTRACT VEHICLES:
GSA MAS
GSA OASIS Pool 1 and 3
NIH CIO-SP3 8(a) & SB
GSA STARS III 8(a)
Air Force SBEAS
Army RS3
Navy Seaport-NexGen
FAA eFAST
