Security Assurance and Engineering
NIST 800-53 / Risk Management Framework (RMF)
UI’s team is highly experienced in RMF compliance and package completion for all types of systems. We provide services to companies so they may obtain initial ATO as well as continuing support after ATO has been granted. Our services include:
- Initial System categorization and Risk Assessment Report (RAR)
- Baseline control selection and policy, procedural and technical implementation
- Policy Document for all 18 Families
- Standard Operating Procedure (SOP) for required Roles
Security Control Effectiveness Review and Remediation
- Manual review utilizing STIG viewer and checklist to evaluate and harden IS components
- Implementation Plan, System Level Continuous Monitoring (SLCM) Plan, and CCI
Requirement Test results
- Training material for personnel
- POA&M
- Final Risk Assessment Report (RAR)
- eMASS Upload Support
After ATO is granted:
- Continuous Monitoring (ConMon) Services after ATO granted
- Continuous ISSE support
Cross Domain Security Solutions
UI Engineers provide subject matter expertise support to systems that span multiple security domains in support of Multi-Level Security (MLS) systems. We provide engineering expertise in the design of cross domain capabilities and coordinate with stakeholders.
Physical and Program Security
UI supports our industry customers and partners with full cycle physical and program security compliance under the National Industrial Security Program. We provide subject matter expertise from Facility Clearance (FCL) sponsorship and security program development to security management, administration and continuous monitoring in the Assistant CPSO, Assistant FSO and Information Systems Security Engineer (ISSE) roles.