USDA Procurement Systems Division
In November 2009, SeNet began work under a USDA Blanket Purchase Agreement (BPA) to provide security services to Procurement Services Division (PSD). Services have included work to independently test and verify their security controls and to ensure they are in compliance with Federal Information Security Management Act (FISMA) and Office of Management and Budget (OMB) A-123 which defines responsibilities for internal financial controls in federal agencies. Additionally as part of the Security program support. SeNet conducts account management activities and reviews and has implemented an agency wide auditing policy, identified and deployed a consolidated auditing tool.
Security Assessment and Authorization (SA&A) Support (FISMA Audits)
• Support for full security assessment and authorization (SA&A) activities;
• Provide Risk Management Framework (RMF) Step 4-6 coordination and support;
• Prepare, review and update all related SA&A system documentation;
• Prepare the SA&A packet for submission to the certifying official;
• Review and provide recommendations on security development life cycle (SDLC), architecture and security documentation;
• Perform Continuous Monitoring;
• Conduct Security Awareness Training and Contingency Plan Test training;
• Conduct annual account reviews and validation activities; and
• Provide SME support to configuration management board for configuration management activities.
OMB Circular A-123
• Support IAS General Computer Controls (GCC), IAS (Procurement Management Business Process (BP) and Smart Pay2 Business Process independent assessments;
• Prepare documentation of internal controls of GCC and BP;
• Develop test plans to test efficiencies of GCC and BP;
• Execute independent verification and validation of GCC's and document test results; and
• Provide OMB Exhibit 300 support.
Audit and Accountability Program Support
• Audit Solution Life Cycle Operations support;
• Audit and Accountability Policy support;
• Audit Solution Implementation (testing, management and oversight);
• Perform semi-annual vulnerability assessments;
• Test relevant security controls and identify risks;
• Develop risk mitigation plan;
• Implement and monitor risk mitigation plan.