Cybersecurity Transformation

Tetra Tech’s approach included:

• Providing Information System Security Officer services, including Federal Risk and Authorization Management Program (FedRAMP) security assessments of cloud systems, maintaining cloud system authorizations through annual audits, and auditing and reporting on high value asset (HVA) systems
• Defining security policies and procedures
• Implementing and validating privacy controls, privacy impact assessments, and security control testing
• Performing vulnerability scanning, including providing operations support and conducting HVA assessments in accordance with a standardized evaluation methodology developed by our team
• Providing technical expertise and policy guidance to increase the resiliency and security of systems and data, led by our award-winning FedRAMP team members who educate and train stakeholders on using cloud services to protect data at all sensitivity levels
• Managing vulnerability assessment penetration testing activities by maintaining artifacts for rules of engagement and the integrated master schedule, providing supporting documents, and reporting systemic findings to senior leadership on a monthly basis
• Establishing the enterprise risk management program and supporting its day-to-day operations and strategic planning, including several key initiatives: the FedRAMP program, Information Security Continuous Monitoring/Continuous Diagnostics and Mitigation (CDM) program, and the Governance, Risk, and Compliance program
• Performing enterprise security assessments to review management practices and policies, performing baseline HVAs, and identifying ways to leverage continuous monitoring capabilities through the CDM program
• Performing assessments of engineering systems, system administration practices, storage engineering practices, and virtual machines, and documenting security infrastructure and architecture