|
|
 |
 |
| United States Agency for
International Development (USAID) |
Provide Wide Scope IT Support
AINS, Inc., as the prime contractor, is providing the USAID with all
aspects of IT support services, including project management, system
design, system selection, procurement, software development, data
migration, system integration, testing, training, and software
maintenance. AINS has received two awards spanning 25 task orders valued
at over $6M. AINS developed all of the user and system documentation in
accordance with client's SEI CMM or equivalent standards.
Responsibilities include providing the project management, budgeting and
estimating, cost control, reporting, scheduling, project team
management, quality assurance, and other project management tasks, as
well as providing all user and administrator level training. The
projects also entailed development of the user and systems documentation
in accordance with USAID's SEI CMM or equivalent standards.
Additional successful projects completed as part of the awards include
the design and development of the web-based Mission Staffing Pattern
System (WebMSPS). AINS has successfully delivered USAID's STARS system.
This system is a client-server design using Delphi and MS Access. It
allows the USAID Office of Personnel to track the personal property of
staff while they are on assignment to USAID missions world wide.
The technology environment for these efforts included OpenText Livelink;
FileNet Panagon Products; Documentum eContentServer; IBM Content
Manager; Oracle 8i; Delphi; MS Access; Lotus Notes/Domino R5; Crystal
Enterprise; MS Project; and Documentum.
AINS plays an important role in supporting USAID security, as noted
below
Assist in the Management of Security Programs
We have managed two security programs under the Chief Information System
Security Officer (CISSO); rewritten the information security policy and
are currently formalizing it for release; analyzed the security posture
and architecture and supplemented them with intrusion detection and
vulnerability analysis tools; developed and deployed the Security Tips
of the Day awareness and training application. We manage multiple
databases that support the information security data collection efforts;
have lead the participation for the Agency in the e-Authentication
initiative; and worked with the other e-Government managers to determine
cross-cutting risks and provide support. We have also conducted several
proof-of-concept studies in the security area.
Help to improve the USAID security posture
Over the past several years, our team members have worked aggressively
in support of the CISSO to improve the USAID security posture. We have
developed security policies, conducted information security training
sessions, deployed COTS hardware and software, and developed security
awareness and training software that have successfully contributed to
the annual agency FISMA report. The FISMA report, prepared by our team
for USAID, passed the USAID/IG audit. This report documented a
top-to-bottom overhaul and improvement of the USAID information security
program that was implemented by our team.
Coordinate Updates to USAID the Security Policy
We coordinate updates to the security policy and supporting
documentation with the Automated Directives System (ADS) support staff;
meet with them, as necessary, to coordinate releases of Chapter 545 and
its supporting subdocuments; deliver the documentation; and assist with
the development and hyper-linking of the ADS released on CD-ROM, and on
the ADS portion of the USAID web sites. We coordinate the release of the
ADS Chapter 545 through the formal ADS review process; send the
documents to the reviewers; accept comments through the CISSO mailbox
during the prescribed comment period; respond to the comments and dialog
with the reviewers; and where beneficial, incorporate the comments into
the ADS. We also schedule and coordinate meetings with other ADS Chapter
authors when there are conflicts that arise from CISSO-issued security
policies, changes from issued Federal regulations, or adopted industry
best practices (IBP). The purpose of these meetings is be to adopt a
uniform security posture throughout all USAID ADS Chapters that complies
with the applicable Federal regulations or IBP.
Identify new laws, regulations, and procedures that will affect existing
USAID policies, procedures, governance models and rules of behavior.
In order to identify new laws, regulations, procedures and best
practices that will affect the USAID security posture, we monitor known
sources of these items. For laws, regulations and procedures, we monitor
various federal sources that can issue regulations and procedures that
affect security policies. These sources include, but are not limited to,
the Federal Register, the web sites for the US Senate and House of
Representatives (to include the sites for their Technology
subcommittees), the White House (for Presidential Directives and
Executive Orders), and the independent agencies, such as the Office of
Management and Budget (OMB), the General Services Administration (GSA),
the National Institute of Standards and Technology (NIST), and the
Office of Personnel Management (OPM).
Advise USAID on pending and new laws, regulations, procedures and rules
of behavior.
We evaluate identified items from our “watch list” for their effects to
USAID’s security posture; and analyze the requirements within the item
and perform a gap analysis to determine which Bureaus and which
personnel should be informed of the coming changes.
Provide USAID staff written recommendations on how to implement the
changes of pending and new laws, regulations, procedures and rules of
behavior.
When technical regulations, such as new password requirements, are
released by NIST, we conduct analyses against the existing USAID
security posture, as represented by the security policy, to determine
what the effect on USAID will be. We determine where changes are needed
within the security policy to accommodate the regulation and present the
recommendations to the CISSO in an “as-is” and “to-be” document. We then
advise the CISSO on the consequences of the new regulations. Where
changes to policy are required, we prepare the policy updates and
coordinate their vetting and release through the ADS. Where changes to
technology are required, we prepare engineering change requests for
submission to the appropriate IRM or TSI CCB. |
|
 |
|
Terms of use
