Department of Education (DoED) Federal Student Aid (FSA) Security and Privacy Support Services (S&P)

James Icenogle    August 23, 2021

Project Summary:

Gray Tier provides incident response and intrusion detection, analysis, assessments, and engineering to Department of Education (DoED) Federal Student Aid (FSA) offices, FSA contractors, Institutes of Higher Education (IHE), and affiliated organizations. We deliver cybersecurity engineering, scanning, testing, and systems analysis services across the DoED enterprise on a regular and ad hoc basis. Through our cybersecurity engineering and consulting services, Gray Tier enhances the Security Operations Centers (SOCs) proactive security information gathering, discovery, analysis, and reporting capabilities to improve the DoED security posture. Gray Tier tests systems and networks for the 75 applications within FSA’s FISMA reportable systems. Our responsibilities include continuous diagnostic monitoring (CDM), ad hoc scanning, results analysis, and vulnerability/issue testing and retesting. Gray Tier provides Splunk engineering and maintenance activities and designs, deploys, and configures Splunk within the customer environment. Gray Tier also provides Red Team operations support and penetration testing, cyber hunt team operations support to proactively identify and anticipate threats, and cybersecurity operations center with Tier 2 and Tier 3 threat intelligence, data loss protection, and insider threat operations. Gray Tier also delivers independent verification and validation (IV&V) of findings, vulnerabilities, and mitigation for assessing Federal resources. We recently discover a critical vulnerability within the architecture of connectivity to and from FSA. Through penetration testing and RMF assessments, our assessors identified the issue and demonstrated the impact of the flaw. This critical vulnerability discovery could have resulted in several agencies’ data being compromised. As a result of our finding, FSA stopped production implementation, reconfigured current systems, built a new authority to operate (ATO) package to ensure compliance, and retested systems for proper implementation.

Incident Response and Intrusion Detection:

We support a broad range of activities related to managing security operations and incident response coordination with external partners, including developing Incident Response Plans, and executing those plans for all reported incidents. Gray Tier provides engineering and architecture support to enhance the security monitoring and incident response capability for the design of ongoing and future initiatives. Gray Tier checks that users are current and maintain proper authorization and responds to and reports on all security incidents. Gray Tier’s Red Team performs physical intrusion assessments of infrastructure providers upon request by the CISO. Our Cyber Hunt Team uses threat landscape intelligence, vulnerability research, and deep dive engineering, to understand the origin, extent, and remediation steps of malicious code infections through reverse engineering and determines steps to prevent intrusions in the future.

Share to: