• Home
• |
• About Us
• |
• Careers
• |
• Contact Us
• |
• Employees
• |
• Skip Navigation

• EAGLE II Homepage
• Points of Contact
• DSCI Contract Information
• Task Orders
• DSCI Past Performance
• Core Team/ Subcontractors
• Teaming Opportunities
• Quality Assurance
• Feedback

Core Team/Subcontractors

CNA

CNA is a woman-owned small business with 3 years of relevant DoD experience that provides Authorization and Assessment Services, including Continuous Monitoring Assessments.  CNA provides computer, network, telecommunications and other electronic security services to the DoD and Federal government market.  Personnel have decades of experience in all aspects of information assurance to include computer, communication, emission and physical securities and further contribute to this extensive knowledge base with their various certifications in CISSP, CAP, and CRISC. CNA provides its clients a structured Authorization and Assessments (A&A) approach for developing consistent, comparable, and repeatable assessments; promoting a better understanding of agency-related mission risks resulting from the operation of IT systems; and creating more complete, reliable, and trustworthy information. CNA has worked on more than 200 A&A projects for federal and Department of Defense (DoD) agencies, using National Institute of Standards and Technology (NIST) SP 800-37 and DoD guidance- DIACAP.  CNA secures some of the most critical information systems and networks in the world. Its information assurance experts have helped customers in the DoD, Intelligence community, federal, state, and local government, and commercial organizations to secure enterprise operations while enabling information sharing.  CNA Corporation also has experience establishing consolidated around-the-clock Network Operations Security Centers (NOSCs) to protect IT Enterprise from network attack and exploitation.
CNA takes an end-to-end view of the information assurance life cycle in its methodology for IV&V and ISS practices. In addition to the broad perspective useful for ensuring no process gaps, CNA has developed standard processes and tools for each element of the information assurance life cycle.  

• CyberProfile modules include Situation Awareness, Continuous Monitoring, Collaboration, IT Asset Inventory, Configuration and Change Management, C&A Documentation Creation, Automated Reporting, Incident Response, Automated Notification, Vulnerability Management, Impact Analysis, Reporting, and Re-Accreditation.
• CyberProfile increases the quality of the security profile, lowering the cost of the process and providing data for analysis and review. This solution provides the end-to-end data capture, reporting, and business intelligence that can easily be applied to DHS systems and organizations.

(The precursor tool to CyberProfile, another CNA innovation, has already been mandated for use across DHS by the DHS CIO. As an EAGLE II Core Team member, CNA will be able to provide DHS with an enhanced version of the already-approved DHS tool of choice for life cycle C&A.) 

 

K4
K4 Solutions is a woman-owned small disadvantaged business certified as 8(a) by the Small Business Administration and focused on Information Technology, contact centers, Human Capital support and document management for government agencies.  K4 is a $20M company with 9 years of DHS and federal experience in contact centers supporting the Transportation Security Administration. K4 has 9 years of experience supporting IT initiatives for DoD including Network administration for the Air Force Rome Development Center, Wright Patterson Air Force Base and several U.S. Army activities.  K4 holds a cleared facility and many of our people have clearances.

K4 currently runs the TSA Contact Center (TCC) in London, KY. The TCC is the primary incoming portal from the public and receives calls from TSA employees, private industry, other government organizations, members of Congress, and the White House.  K4 Customer Service Representatives (CSRs) respond to inquiries that cover a variety of topics such as: passenger complaints regarding security screening; questions about security procedures; questions about Federal jobs with TSA; reports and claims of lost, stolen, or damaged items; questions about TSA programs and policies; requests for assistance from TSA employees on various issues; comments related to current media attention on security issues; and customer feedback from TSA’s web-based and publicity outreach programs and reports of perceived lax security or vulnerabilities in aviation or surface transportation modes. K4 supports numerous TSA program offices and programs with very specific requirements.  K4 provides TSA with a contact center that is available, responsive, secure, and high-performing and contributes to meeting TSA strategic goals by enabling effective and efficient communication between TSA and non-media entities/stakeholders.  The TCC is a widely publicized venue for the public to contact TSA.  It is also a mechanism through which TSA receives information about potential threats to transportation security from both well-meaning individuals and those with harmful intent.

In addition to responding to telephone calls, K4 provides a state of the art Interactive Voice Response (IVR) system; responds to citizen emails; distributes claim and redress forms; provides daily, weekly, and monthly statistical tracking and reporting information on incoming contacts; and processes information regarding perceived lax security or vulnerabilities in aviation or surface transportation modes.  At this call center, K4 handles over 2 million calls annually in addition to nearly 1 million emails.

 

Sphinx
Sphinx Solutions, Inc. is committed to cost-effectively reducing risks and strengthening security posture, and offers a blended set of solutions that enable customers to select the right option for their particular circumstances. Under the KIMC cyber security services contract, Sphinx identified vulnerabilities and weaknesses in the customer’s security mechanisms and assurances, and presented a final list of findings and recommendations based on the assessment, including strategies for mitigating residual risk. As a result, KIMC was able to establish new policies and protocols that ensured security within the systems and were cost-effective. Sphinx probed points of entry, which benefited the customer operationally in that it could now identify system information and/or access parameters and “close the door” to prevent exploitation of found vulnerabilities and unauthorized access. Sphinx also performed host-based security assessments to determine the overall security of host operating systems. The methodology used for the examination of the wireless networks aided the customer in identifying active devices, capturing and analyzing packets, identifying encryption mechanisms, sampling packets to break the wireless encryption, analyzing placement and access to wireless equipment, and identifying application security encryption. Sphinx performed a complete assessment on state-of-the-art IT infrastructure using the latest technologies and tools to confirm system security. As most of the DHS IT infrastructure is newer than that of other agencies, Sphinx’s experience in penetration testing, ethical hacking, and C&A with these unique systems, and lessons learned regarding the latest technologies and tools, will directly benefit DHS.

 

BroadPoint Technologies

BroadPoint Technologies combines proven technologies and innovative strategies with extensive business and industry expertise. They have a senior-level, experienced team of CPAs, PMPs, MBAs, business advisors, technology gurus and IT experts. They proudly serve over 400 clients in 31 states and 6 countries. BroadPoint is a Gold Certified Oracle Applications partner serving the Federal Financials market with a broad range of services including support of the Federal Shared Services Providers (SSPs). BroadPoint is also the largest Mid-Atlantic Microsoft Dynamics GP, CRM, and AX partner and the region’s only Microsoft Gold Certified Partner.
BroadPoint’s work includes implementation and operations and maintenance support to deploy and manage the Oracle EBusiness Suite Federal Financials system and related modules, to include many complex system interfaces and integration with other government organizations and private sector organizations. It also includes IV&V and quality oversight of development and major release activities. Specifically, BroadPoint provides asset management; administrator duties; customer support; release management and testing; software development services; quality assurance and quality control, retesting where needed for validation, business flow mapping, improvement and revisions to respond to mandates and policy changes; provide specific functionality and reports needed, database design and management; and systems engineering. Project actions also include working with external shared service providers as well as many application business owners, staff, and support contractors who manage and operate systems that interface with the Oracle financials system. BroadPoint is both a prime and a major subcontractor in many Federal projects.

 

Subcontractors

More to come!