Case Studies

Get the facts. 

Case Studies

NIH IT Security Program Support

For two decades we’ve provided security support services to multiple institutes and centers (ICs) at the NIH. Services include:

  • System assessment authorization (A&A)
  • Training
  • Policy and procedure development
  • Continuous monitoring, including POA&M oversight and validation
  • Vulnerability assessment and penetration testing
  • Incident response and forensics
  • FISMA compliance and reporting

OPM IT Security Program Support

We provide IT security support services for the OPM/EHRI IT Security Program, including:

  • System certification and accreditation (C&A)
  • System annual security controls testing
  • Training
  • Enterprise architecture support
  • System development lifecycle (SDLC) support
  • POA&M management
  • Policy and procedure development
  • Security program compliance reviews


We have conducted independent FISMA audits/evaluations of NRC’s information security program on behalf of the Inspector General to assess its FISMA compliance. Our team performed an in-depth review of the agency’s security policies and procedures, agency self-assessments, agency certification and accreditation process, system owner security practices and control techniques, privacy processes and controls, testing of system security controls, and plan of action and milestones (POA&M) process.

Internal and external vulnerability assessment scans and penetration testing were performed, using the SAINT network vulnerability security assessment tool to identify exploitable network vulnerabilities.

    Commercial Customers

    For numerous commercial customers, we provide IA services, including:

    Commercial customers have included Duquesne Light, SharpBanc, Congressional Bank, Encore Marketing International, eCommLink, Hanover HospitalAdvanced Radiology Solutions, Retail Data Systems, and more.

    Department of State Portfolio Management CPIC

    Carson & SAINT is responsible for the Department of State’s enterprise-wide Capital Planning and Investment Control (CPIC) program management oversight, encompassing all aspects of the IT life cycle, supporting the OCIO. Carson Inc. provides the following services:

    • IT management decision support, enterprise architecture, business case development and analysis, and IT system engineering
    • High-level strategic and tactical planning to the CIO
    • Day-to-day staff to support the IT CPIC governance mechanism
    • IT investment portfolio management
    • Program management methodologies

    DISA Nuclear Command and Control

    We are the current contractor for the Battle Staff Certification Support contract to the Defense Information Systems Agency (DISA). For more than 20 years, we’ve supported DISA and the Joint Staff in developing annual assessment exercises for the senior military leadership. This small business contract supports the very narrow field of Nuclear Command and Control (NC2).  It provides the Joint Staff with tools to assess warfighter capabilities to support senior civilian leadership in the effective management and execution of nuclear assets, vital to the United States and its allies.




    By continuing to use the site, you agree to cookie usage. More Information

    The cookie settings on this website are set to allow cookies to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings, or if you click "Accept" below then you are consenting to allow cookies to be used.