Embed Size (px)
Citation preview
CAPABILITY STATEMENT
CUSTOMER FOCUSED
EXCELLENCE DELIVERED
Customer Focused. Excellence Delivered.
Technology at work for you Torrent Solutions, LLC is a premier information technology consulting organization dedicated to providing cyber security services with unparalleled experience and client satisfaction. Torrent Solutions provides customized solutions that address our clients’ needs via cost effective means to achieve their stra-tegic business goals. Our success stems from our ability to lev-erage our knowledge and experience in applying security best practices to meet Federal Information Security Management Act (FISMA) requirements. Torrent Solutions has an excellent track record in the following competencies:
Assessment and Authorization (A&A) / Certification and Accreditation (C&A)
NIST Risk Management Framework (RMF) DoD Information Assurance Certification and Accredita-
tion Process (DIACAP) Continuous Monitoring Independent Verification and Validation (IV&V) Security Testing and Evaluation (ST&E) Tools:
Enterprise Mission Assurance Support Service (eMASS)
Xacta IA Manager Cyber Security Assessment and Management
(CSAM)
Vulnerability Management DISA Information Assurance Vulnerability Management
(IAVM) DISA Continuous Monitoring and Risk Scoring (CMRS) DISA Vulnerability Management System (VMS) The Assured Compliance Assessment Solution (ACAS)
tool Vulnerability Management Solution Implementation
Incident Response Penetration Testing
Web Services Security Testing Application and Mobile Application Security Testing Wireless Security Testing Social Engineering Testing
Cloud Computing The Federal Risk and Authorization Management Pro-
gram (FedRAMP)
ASSESSMENT AND AUTHORIZATION (A&A) / CERTIFICATION & ACCREDITATION (C&A)
Torrent Solutions works hard to enhance our clients’ overall security posture by adhering to the follow-ing Standards, Policies and Directives including:
National Institute of Standards and Technology (NIST) Risk Management Framework (RMF)
DoD Information Assurance Certification and Accreditation Process (DIACAP)
Director of Central Intelligence Directive (DCID) 6/3
Office of Management and Budget (OMB) Circular A-130
Federal Information Processing Standards (FIPS) 200, FIPS 201, and FIPS 140-2
International Organization for Standardization (ISO) and the International Electrotechnical
Commission 27001/27002
Customer Focused. Excellence Delivered.
Torrent Solutions is highly experienced in performing analysis and validation of security requirements outlined in DoD 8500, NIST SP 800-37 and NIST SP 800-53. Torrent Solutions examines the IA control procedure preparation, execution and expected results against the documented actual results to verify compliance. Torrent Solution team members have received numerous accolades and recognition for their quality of work from various federal agencies.
Torrent Solutions team members have actively participated in the transition from DIACAP to RMF at the Defense Logistics Agency (DLA) and United States Department of the Army. Torrent Solutions con-ducts an analysis of the eighteen (18) families of security controls identified in NIST SP 800-53 Rev, 4. The team reviews the Common, Hybrid and System Specific controls and provides comments, rationale and recommendations to help the agencies create a consistent control set that can be utilized across the enterprise.
Customer Focused. Excellence Delivered.
Torrent Solutions is an expert at providing agency-specific or National level risk and vulnerability assess-ments. We ensure adherence to Information Assurance (IA) and Network Operations (NetOps) policies. Torrent Solutions conducts a two phased Independent Verification and Validation (IV&V). Phase one is completed by conducting a manual validation of all applicable NIST/NSA/DoD hardening guides to en-sure your systems and software meet U.S. Government security compliance. Phase two utilizes tools to automatically identify configuration vulnerabilities that could threaten the security of the computer sys-tems. Tools such as Nessus, Retina, SCAP Compliance Checker, and Web Inspect are used among many others. Torrent Solutions ensures timely reporting of compliance statistics of each vulnerability by ag-gregating acknowledgements, compliance reports and updates using agency specific tools such as CMRS or VMS. Torrent Solutions utilizes the Enterprise Mission Assurance Support Service (eMASS), Cyber Security Assessment and Management (CSAM), and Xacta IA Manager Software suite to conduct Information Technology (IT) security self-assessments and generate monthly, quarterly, and annual OMB mandated FISMA reports. eMASS, CSAM and Xacta are an electronic storage warehouse for C&A and Annual Secu-rity Assessment deliverables. These software suites are also used to document and manage system vul-nerabilities and deficiencies as defined in resultant Plan of Action and Milestones (POA&Ms).
VULNERABILITY MANAGEMENT
PENETRATION TESTING
Torrent Solutions works closely with our clients to develop custom-fit rules of engagement that fully ad-dress their needs while ensuring to work within any restrictions or sensitivities. This includes the ability to perform a variety of services ranging from Blackbox and/or Whitebox penetration testing, web and mobile application testing, operating system and database testing, war-driving (wireless assessment), and social engineering scenarios. We can also provide consultation on performing specific penetration testing techniques, along with developing and presenting a variety of policy and awareness training.
Customer Focused. Excellence Delivered.
CLOUD COMPUTING
Torrent Solutions provides a standardized approach to security assessment, authorization, and continu-ous monitoring for cloud products and services. Torrent Solutions is currently in the process of becom-ing an approved Third Party Assessment Organization (3PAO). This will enable us to prepare our Cloud Service Provider (CSP) clients for adherence with Cloud Readiness Audits and FedRAMP Assessments to obtain and maintain an Authorization to Operate (ATO).
INCIDENT RESPONSE
Torrent Solutions has on-hand expertise to prevent, contain, respond, eradicate, and recover from any IT-related incident. We help recover our clients' operations after a major incident. Torrent Solutions pro-vides a top notch Threat Management team that will provide detailed Root Cause Analysis of how and why a particular incident took place and will help ensure that the same incident does not reoccur. Tor-rent Solutions will provide a Cyber Incident Response team that will monitor and analyze all system ac-tivity. We can also develop Agency specific Incident Response Plans and Policies for our clients. Torrent Solu-tions Incident Response security experts test and evaluate the effectiveness of our client’s Incident Re-sponse Plan (IRP) by conducting annual table top exercises and testing plan procedures to gauge client responsiveness to an attack. Periodic testing of Incident Response Plans ensures our clients are ready to act when a major security incident occurs.
COMPANY IDENTIFICATION
Business Classification:
Small Disadvantaged Business (SDB)
Virginia Small, Women-owned, and Minority-owned business (SWaM) Certification: 715050
DUNS: 07-969-2932
CAGE Code: 7B4F5
NAICS Codes:
517919 All Other Telecommunications 518210 Data Processing, Hosting, and Related Services 519190 All Other Information Services 541330 Engineering Consulting Services 541511 Custom Computer Programming Services 541512 Computer Systems Design Services 541513 Computer Facilities Management Services 541519 Other Computer Related Service 541618 Other Management Consulting Services 541690 Other Scientific and Technical Consulting Services 541990 All Other Professional, Scientific, and Technical Services 611420 Computer Training 611430 Professional and Management Development Training
TORRENT SOLUTIONS, LLC. 6564 Loisdale Court, Suite 600-11
Springfield, Virginia 22150
(703) 594-7466
www.torrentsolutions.com
© 2016 Torrent Solutions, LLC | All Rights Reserved. Customer Focused. Excellence Delivered.
Point of Contacts:
Raheel Aziz [email protected]
Wajid Raja [email protected]
