NIST has drafted Special Publication 800-171 that is titled: Protecting Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations.

The intent of this special publication is to provide a minimal set of security controls for Non-Federal Information Systems and Organizations AKA “Federal Contractors and their back end information systems utilized to deliver services to the Federal Government”.

The SP 800-171 has a familiar look and feel of that used in SP 800-53, the only difference being that there are less families of control and less controls as a whole.

It is expected that Federal Agencies will begin integrating 800-171 compliance at the individual contract level until a FAR (Federal Acquisition Regulation) is completed.

Aspiryon provides NIST 800-171 Compliance and Audit Services for Federal Contractor Systems and Organizations.

Aspiryon has been awarded a position on the DOD DTIC CSTATS Contract.

The DOD DTIC CSTATS Contract includes:

Cyber Security (CS) – Full spectrum cyber operations including 1)developing CS planning frameworks and development of requirements and mission needs documents and conducting trade-off analyses; 2) cyber threat avoidance; 3) defensive cyber operations (DCO) including red teaming and performing threat assessments; and 4) cyber offensive and exploitative operations. All of the above may include: cyber technology research, analysis and prototyping, cyber situational and mission awareness, cyber modeling, simulation and war gaming, integrating innovative cyber technologies to enable cyber superiority and the facilitation of technology transition.

Software Data & Analysis – 1) Installation, demonstration, test, validation and evaluation of new and existing software, tools, methods and software measurement technologies; 2) evaluations of the quality of existing software systems and recommending improvements; 3) needs and risk analyses of software packages (developmental, non-developmental and commercial off the shelf (COTS) relative to mission requirements; 4) development, updating, and evaluation of software engineering standards, specifications, handbooks, or manuals; 5) supporting the revision and development of military standards and specifications; 6) verification and validation of solution sets and protocols; 7) assisting user organizations with all aspects of software development or software acquisition; 8) development of life cycle cost models; and 9) customization of software analytical tools, models, decision aids, screening methods and techniques used to evaluate and support the authenticity and continuity of DoD, national, commercial, and international information systems.

Knowledge Management and Information Sharing – 1) Expertise in working with comprehensive collections of empirical data on the development, operation, and maintenance of software systems; 2) analysis of this data (data may be from new or existing sources) – this includes data analytics (data to decisions); 3) supporting the development, delivery and/or evaluation of training (including classroom, computer-based-instruction, videotape, distance learning, and other forms of instruction); 4) expertise in advanced collaborative analysis tools that allow for the integration of existing and in-process social networking and intelligence data exploitation tools; and 5) supporting the evaluation, development and implementation of a wide variety of intelligence and collaboration systems including Global Net Centric Systems — this subject area could involve computer system engineering and integration, software engineering and software technology, R&D transition, and computer network and communication engineering, development and deployment (including engineering, development and deployment involving both network devices/hardware and applications).

Modeling and Simulation (M&S) – 1) M&S subject matter expertise for supporting program reviews, strategic planning, exercise management, knowledge acquisition, and operations coordination and monitoring; 2) providing support for DoD certification of compliance with High Level Architecture (HLA) for federates; 3) evaluating and improving models and databases that support IA; 4) the development and implementation of modeling and analysis tools for collaborative databases and data stores; 5) applying M&S for evaluating the effectiveness of forces, systems, doctrines, tactics and plans in support of training, analysis and acquisition activities; 6) evaluating M&S interoperability, reuse, capabilities and cost-effectiveness, particularly as fostered by the common technical framework; and 7) supporting cross-domain coordination, configuration management, and military exercises and demonstrations.

Full and Open Contract and Small Business Contract

Aspiryon has teamed with Romanyk Consulting Corporation and been awarded a contract on the Navy SeaPort-e Contract.

More info: The SeaPort Enhanced (SeaPort-e) Multiple Award Contract aids the Navy with acquiring support services in 22 functional areas including Engineering, Financial Management, and Program Management. The Navy Systems Commands (NAVSEA, NAVAIR, SPAWAR, NAVFAC, and NAVSUP), the Office of Naval Research, Military Sealift Command, and the United States Marine Corps compete their service requirements amongst 2400+ SeaPort-e IDIQ multiple award contract holders. All task orders are competitively solicited, awarded and managed using the SeaPort-e platform. Since nearly 85% of its contract–holders are small businesses, the SeaPort-e approach to acquiring services provides opportunity that fuels the Nation’s engine of job growth.

Contract Number: N00178-12-D-7031

Aspiryon has Teamed with Geeks and Nerds Corporation (GaN) and was awarded a position on the Army AMCOM Express contract.

The Department of Defense Information Analysis Center has awarded IDIQ contracts for the Cyber Security and Information Systems Technical Area Tasks (CS TATs). Aspiryon is positioned on two winning teams on both tracks.

Full and Open Track- Batelle

Small Business Track- Solers

The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves an estimated 30-40% of government costs, as well as both time and staff required to conduct redundant agency security assessments.

Has published on its web site FedRAMP.gov that Aspiryon, LLC. is an approved Third Party Assessment Organization (3PAO). This means that Aspiryon is officially certified to conduct security conformity assessments for Cloud Service Providers that want to deliver cloud services to the Federal Government and participate in the FedRAMP Program.

Lisa Crisman Managing Member stated “We are excited about the official posting on the web site. We are currently in discussions with Cloud Providers that are looking to offer their services to the Federal Market. Providers will find that we are responsive, organized and deliver on-time, that helps bring services to the government market in a quick and efficient manner. “

The United States Small Business Administration has certified Aspiryon as a participant in the 8(a) Business Development Program.

Aspiryon has earned the ISO 17020:2012 certification.  Elizabeth Crisman Managing Member of Aspiryon stated: “I’m proud of our staff.  Everyone has worked very hard to accomplish this task. Thank you ! We look forward to servicing the Cloud Market and assisting with the certification of  secure cloud based solutions for our nations government.”

Aspiryon has received notification that a GSA Schedule 70 contract has been awarded for our Cyber Security Services. Elizabeth Crisman stated “Thank you for all of your hard work. It’s nice to see that our nation’s government sees the value in our services and has rewarded us with an opportunity to serve again.  “

The Aspiryon Team has been working with the OCIO’s Office for several months on developing the ISO 27001 ISMS, supporting documentation, processes and procedures. The internal quality team reviewed the program and provided opportunities for improvement for the system. Third party auditors reviewed the system and found zero non-conformance’s and stated ” The USPS ISMS has been found to be effective and is well prepared for the 27001:2013 update with minimal effort.”