Introducing SINET Advisory Services

You have a great security solution, but don't know how to access the Federal marketplace. How can a small company efficiently deal with the challenges that arise from Federal or DOD policies, regulations, acquisition processes, engineering requirements, and/or facility and clearance processes? It is expensive to hire someone with the requisite background, and most services are too limited in scope or expertise.

To help innovative companies to successively enter or expand their Federal business, we have created the SINET Advisory Service. This service offers expert help on a wide spectrum of issues to help navigate the labyrinth of government opportunities and requirements within the cyber arena. With decades of experience in the defense and intelligence communities, our advisors help companies establish realistic objectives, set priorities and then provide a step- by-step plan for success. If deeper consultation is required in a particular area, SINET can connect clients with our partner organizations who have specialized expertise in a variety of disciplines.

SINET Advisory Services are available on a reasonable monthly retainer basis. Please contact SINET at 925-229-9919 for more information.

Policy, Regulations, and Standards

DOD Policy and NIST Special Publications - This service provides awareness and interpretation of common/critical government cyber security policies that are most applicable to integration into government markets

Risk Management & Certification and Accreditation

As part of the risk management process, government organizations select, apply, and test security controls for their information and information systems in order to certify and accredit the secure implementation of IT systems. The security controls are assessed and monitored to assure continued efficiency and effectiveness. Our service enables clients to understand how to provide technologies that can be used for certification and accreditation purposes in Federal systems.

Common Criteria

Common Criteria is an internationally recognized set of guidelines developed through the National Information Assurance Partnership (NIAP) for information technology security products that evaluates the fulfillment of declared security properties. Common Criteria can apply to any security product to be used in a government agency. The SINET advisory service can provide insight whether a Common Criteria evaluation will be important, how to prepare for an evaluation program, and how to work with a NIAP approve d testing laboratory.

FIPS 140-2

FIPS 140-2 is a security standard mandated for cryptographic modules used to protect sensitive government data. This is a joint standard recognized in the United States and Canada. SINET advisors help clients determine the boundary of the technology to be FIPS certified, and the level of FIPS certification that is most appropriate.

DOD Unified Capabilities Approved Products List

The Department of Defense (DoD) Unified Capabilities (UC) Approved Products List (APL) was established to define acquisition procedures in order to maintain effective, efficient, and economical transport, connection, and operation of DOD networks. The APL is a consolidated list of products that have met comprehensive interoperability and information assurance requirements. Inclusion on the APL can give a security company major competitive advantage. SINET advisors will guide clients through the process to get approved for the APL.

DOD Networthiness

"Networthiness" is a DOD process to verify the security, interoperability, supportability, sustainability, and usability regulations, guidelines, and policies issued by Federal and DOD Components. The intent of this process is to reduce the requirements for redundant assessments and certifications of systems, applications and products and to facilitate reciprocity among DOD components in order to decrease the time needed for cross-Component fielding of IT. The ability to demonstrate a product's "networthiness" creates large opportunities for revenue in the DOD. SINET advisors walk clients through all the steps required to be networthy.

Foreign Disclosure (ITAR, FOCI, CFIUS)

Navigating the myriad of laws and regulations surrounding foreign sales and foreign ownership can be overwhelming. This service provide advice and guidance related to these policies and regulations pertaining to International Traffic in Arms Regulations, Foreign Ownership Control or Influence, and the Committee on Foreign Investment in the United States (CFIUS).

Acquisition Topics

Teaming Agreements - There are many ways to make yourself known and expand your contacts within the cyber security community. There are specified set asides and large contractors are required to team with small businesses on contracts that meet specified thresholds when responding to government contracts. SINET can assist in developing relationships with potential future teaming partners.

Small Business Innovation Research (SBIR)

The Small Business Innovation Research (SBIR) program is a Government program, coordinated by the Small Business Administration that encourages small businesses to engage in Federal Research/Research and Development (R/R&D) that has the potential for commercialization. SINET advisors help clients identify technologies that are likely to receive funding, and assist in the preparation of grant proposals.

Finding Government Solicitations

This service provides advice and insight to some of the most effective means to find government solicitations. SINET will explain what the North American Industry Classification System (NAICS) codes are and how they're used and applied in government solicitations and applied size standards related to the NAICS codes.

Responding to Government Solicitations

The government acquisition process can be a daunting task if you've never been through the process. This advisory service offers insight to what resources are available for identifying acquisition opportunities and the government bidding process used by successful organizations. A key element in this process is the understanding of the Request for Proposal, its different sections and requirements for each, and how to identify required resources.

Supply Chain Risk Management - This service provides an overview of the government policies in place and emerging regarding supply chain risks and the practices that can be used to promote the acquisition, development and operation of information systems in today's environment with globalized suppliers.

Engineering Topics

Security Content Automation Protocols

The Security Content Automation Protocol (SCAP) is a suite of selected open standards that enumerate software flaws, security related configuration issues, and product names; measure systems to determine the presence of vulnerabilities; and provide mechanisms to rank (score) the results of these measurements in order to evaluate the impact of the discovered security issues. Utilization of SCAP enables automated vulnerability management, measurement, and policy compliance SINET advisors assist clients in engineering SCAP- compatible solutions and in linking with the NIST resources to maintain systems at recognized levels of security.

DOD Acquisition Program

The Defense Acquisition System is an event-based management process for all DoD acquisition programs. Major acquisition programs proceed through a series of milestone reviews and other decision points that may authorize entry into a significant new program phase. Elements of this advisory service include an overview of Developmental and Operational Testing requirements.

Architecture

Both the Federal Civil Sector and the Department of Defense have established an objective enterprise architecture as required by law and policy to be developed in a series of time-phased capabilities. This service provides insight to the current architectural drivers being issued from OMB and implementation within the Federal government and DOD. Additionally, this service provides a high level understanding of the Federal Enterprise Architecture (FEA) and the DOD Architectural Framework (DODAF) Operational.

Operations

Operational information security concepts within the federal government focus on functions that deliver IT security services to detect unauthorized access and respond to security related incidents. This Service provides insight to the policy and architectural requirements that federal entities must follow (e.g. Trusted Internet Connection Access Provider (TICAP)), and enumerates the operational capabilities (e.g. situation awareness) idealized within the federal government. The mission is risk management through centralized analysis using the combined resources consisting of personnel, dedicated hardware and specialized software.

Facilities and Personnel Security

Personnel Security

The vetting process for a security clearance is usually undertaken only when someone is hired or transferred into a position that requires access to classified information. There are various levels of clearance levels with corresponding levels of background checks. These clearances include a Public Trust Position clearance (6C), Secret, and Top Secret. Many SINET advisors have clearances and can explain the best route to obtaining one.

Facility Clearance

A facility security clearance (FCL) is an administrative determination that a facility is eligible for access to classified information at the same or lower classification category as the clearance being granted. This service provides understanding of the steps necessary to obtain a facility clearance.

Sensitive Compartmented Information Facility (SCIF) Requirements

A Sensitive Compartmented Information Facility is an enclosed area within a building that is used to process classified information at the Sensitive Compartmented Information (SCI) level. This advisory service provides an overview of the requirements to build a SCIF.