Press Release – November 2007

NIH CIT Information Security Program Support Contract Award

Richard S. Carson & Associates, Inc. has been awarded a contract to provide IT security program support services for the National Institute of health (NIH) Center for Information Technology (CIT). The objective of this contract is to develop, implement, and maintain the CIT Information Security program.

The scope of this project is to provide IT security support services to support the CIT IT Security Program including security program management support, system certification and accreditation (C&A) services, and security training and testing (e.g., penetration testing, vulnerability assessments, contingency plan testing, disaster recovery plan testing, and application and General Support System (GSS) testing) for 25+ CIT systems.

IT SECURE, the Carson approach to project performance, is a repeatable, quality-based methodology perfected over numerous successful IT security engagements. The IT SECURE approach conforms to ISO 9000 process control elements. Our approach is flexible and custom blends established auditing standards, industry best practices, and commercial off-the-shelf products tailored to meet CIT’s unique information security program requirements. In addition to quality assurance and tailorability, IT SECURE has a technical-functional staffing imperative. IT SECURE recognizes that security planning cannot be done in isolation, but rather, must consider both technical and business perspectives. For this reason, both our technical and functional staff are well versed in the latest federal laws, regulations, and guidelines.

The work performed under this contract will comply with NIST Special Publications, OMB Memoranda and guidance, FISMA, FIPS, and other Federal Government laws, regulations, and guidelines.