Case Studies
Get the facts.
Carson & SAINT Case Studies
Case Studies
NIH IT Security Program Support
For two decades we’ve provided security support services to multiple institutes and centers (ICs) at the NIH. Services include:
- System assessment authorization (A&A)
- Training
- Policy and procedure development
- Continuous monitoring, including POA&M oversight and validation
- Vulnerability assessment and penetration testing
- Incident response and forensics
- FISMA compliance and reporting
OPM IT Security Program Support
We provide IT security support services for the OPM/EHRI IT Security Program, including:
- System certification and accreditation (C&A)
- System annual security controls testing
- Training
- Enterprise architecture support
- System development lifecycle (SDLC) support
- POA&M management
- Policy and procedure development
- Security program compliance reviews
NRC FISMA Review
We have conducted independent FISMA audits/evaluations of NRC’s information security program on behalf of the Inspector General to assess its FISMA compliance. Our team performed an in-depth review of the agency’s security policies and procedures, agency self-assessments, agency certification and accreditation process, system owner security practices and control techniques, privacy processes and controls, testing of system security controls, and plan of action and milestones (POA&M) process.
Internal and external vulnerability assessment scans and penetration testing were performed, using the SAINT network vulnerability security assessment tool to identify exploitable network vulnerabilities.
Commercial Customers
For numerous commercial customers, we provide IA services, including:
- PCI DSS assessments
- IT security program gap analysis
- Penetration testing
- Vulnerability assessment scanning
- Web application testing
- Social engineering
- IT security policy development
Commercial customers have included Duquesne Light, SharpBanc, Congressional Bank, Encore Marketing International, eCommLink, Hanover Hospital, Advanced Radiology Solutions, Retail Data Systems, and more.
Department of State Portfolio Management CPIC
Carson & SAINT is responsible for the Department of State’s enterprise-wide Capital Planning and Investment Control (CPIC) program management oversight, encompassing all aspects of the IT life cycle, supporting the OCIO. Carson Inc. provides the following services:
- IT management decision support, enterprise architecture, business case development and analysis, and IT system engineering
- High-level strategic and tactical planning to the CIO
- Day-to-day staff to support the IT CPIC governance mechanism
- IT investment portfolio management
- Program management methodologies
DISA Nuclear Command and Control
We are the current contractor for the Battle Staff Certification Support contract to the Defense Information Systems Agency (DISA). For more than 20 years, we’ve supported DISA and the Joint Staff in developing annual assessment exercises for the senior military leadership. This small business contract supports the very narrow field of Nuclear Command and Control (NC2). It provides the Joint Staff with tools to assess warfighter capabilities to support senior civilian leadership in the effective management and execution of nuclear assets, vital to the United States and its allies.