TELESIS provides cybersecurity support to the Federal Civilian (FedCiv) organizations, the Department of Defense (DoD), Special Operations Forces and Special Access Program (SOF/SAP) communities, as well as the Intelligence Community (IC). We combine our knowledge and understanding of these crucial entities to ensure our customers’ electronic assets are protected and remain that way.
TELESIS is foremost in the adoption of the CyberSecurity Framework (CSF) to improve cyber resilience, assess cybersecurity posture, and analyze gaps in th cybersecurity risk management programs.
TELESIS has a deep understanding of the NIST RMF and how to apply this to a variety of databases, operating systems, applications, network devices, security vulnerabilities associated with each, and the strategies available to mitigate the risks.
Our cybersecurity professionals are certified and cleared to support classified environments. TELESIS professionals collaborate with industry, academia, and the government to deliver actionable data and drive decisions that effectively mitigate risks to drive down vulnerabilities.
TELESIS has proven performance applying FISMA, FISCAM, NIST RMF, ISO 270001 and FEDRamp security standards. We have performed many security evaluations/threat assessments, vulnerability analysis, security trainings, policy development, and special technical assessments.
The Challenge: TELESIS was tasked with assessing security compliance on CISCO switches and routers prior to the Command Cyber Readiness Inspection (CCRI).
The Solution: TELESIS provided an automated method of auditing compliance of Cisco switches and routers which resulted in an extremely efficient way of assessing the security posture with a quick review of a dashboard. Telesis offered this new method for scanning and reporting compliance audits on Cisco IOS routers and switches using Tenable SecurityCenter custom audit files and Nessus scanners. The audit files make use of DISA Security Technical Implementation Guides (STIGs) and are built for the specific site with custom modifications made to meet the unique implementation in place.
The method was employed at numerous United States Marine Corps sites. Regional assessments were performed using this new method prior to the site’s Command Cyber Readiness Inspection (CCRI). This resulted in a dramatic reduction in the time required to assess Cisco devices as a majority of the required checks were automated and identified vulnerabilities were remediated rapidly. This allowed the site, at a glance, to gauge the status of their compliance across all Cisco network devices at their installation or region.Close Lightbox
Cyber Security Framework Implementation
The Challenge: Executive Memorandum 13800 was released in May 2017 requiring all federal departments and agencies to perform an annual analysis of the current implementation of their Cybersecurity Framework (CSF). This reporting requires that agencies first determine the desired Implementation Tier Level (Partial, Risk Informed, Risk Informed and Repeatable, or Adaptive), and then report annually on their current status. Unfortunately there is no guidance other than subjective definitions of these four tier levels, and no guidance on metrics and measurements to determine the current tier level. TELESIS started supporting a Federal civilian agency in 2017 to determine and improve their Tier level. The agency was at CSF Implementation Tier Level 1, and FISMA grade of C-. This agency wanted to improvement its CSF implementation Tier level and grade rapidly.
The Solution: TELESIS took on the challenge. We performed automated regional assessments for the agency to gauge the status of their compliance across all network devices in a fraction of the time. Each site adopted the TELESIS method of auditing networking devices to rapidly remediate identified vulnerabilities.
As part of this program TELESIS also developed the Cybersecurity Dashboard tool for the customer. We developed extensive metrics available from several sources, including the Cybersecurity Assessment Management (CSAM) tool, to analyze and determine the current implementation tier. TELESIS also determined ranges for each metric to represent the four implementation tier levels. The combination of the dashboard and these extensive metrics allows for the instantaneous assessment of the current implementation tier level. Without this tool and metrics, this assessment would take the agency several months to complete.
The result was a successful centralized and standardized enterprise cybersecurity program aligned with the organization’s strategic goals that fully implements the CSF and RMF and integrates and synchronizes with daily IT operations providing the ability to quantify and communicate risk to support senior leadership decision making.
After one year of TELESIS working with this customer, their CSF Implementation Tier Level is now at Level 2, and they achieved a FISMA grade of B, both significant improvements. Our goal is for our customer to get a FISMA grade of A+.Close Lightbox
The Challenge: A TELESIS Government agency client awarded a 5-year, multi-million dollar data center contract to a new hosting provider for housing all of its systems. Telesis, which is official FISMA/FISCAM auditor for the agency, was tasked with assessing and performing the Authority to Operate (ATO) for the new General Support System (GSS) which included a Network and Security Operations Center (NOC/SOC) that used the latest technology to monitor, track, and scan its customer networks for issues and potential threats and vulnerabilities.
The Solution: TELESIS performed four Authorizations to Operate (ATOs) for our customer within a very aggressive timeline for completion. The team conducted on-site physical and environment assessments of data center facility, vulnerability assessments and reviews, system security documentation assessments, interviews with key personnel, and met the aggressive timeline for the ATO and go-live timeframe.
Overlapping this effort was the requirement to complete the ATO of a financial system being relocated into this new GSS. Our team brought Federal Information System Controls Audit Management (FISCAM) FISCAM expertise, reaching the go-live goal. This timeline was extremely aggressive and required careful coordination between our customer and the two other contractors involved.