The National Security Agency (NSA) on Friday said it has accredited seven companies under its National Security Cyber Assistance Program (NSCAP), showing the companies have consistently demonstrated cyber incident response assistance (CIRA) to owners and operators of National Security Systems.
The accreditations are the first by the agency under NSCAP.
Lockheed Martin’s [LMT] Information Systems and Global Solutions business, one of the qualified vendors, announced their accreditation on Thursday (Defense Daily, June 6). The other companies receiving CIRA accreditation by the NSA are Booz Allen Hamilton [BAH], CrowdStrike Services Inc., FireEye Inc. [FEYE], Mandiant, which was acquired by FireEye after it had begun the assessment, Maddrix LLC, and Verizon [VZN].
The accreditations expire on May 26, 2015. The companies earned the CIRA accreditation by undergoing a positive assessment in 21 critical focus areas derived from industry and government best practices. Some of the focus areas are incident analysis, containment and remediation, rules of engagement, and network traffic data collection and analysis.
In addition to being assessed in the various critical areas, NSA’s Information Assurance Directorate says the qualified vendors had to deliver consistent services using repeatable processes and improve the quality of delivered services through training, lessons learned and shared situational awareness.
The NSA says that the NSCAP’s objectives include creating a list of accredited cyber security providers that the national security systems community can draw upon for timely cyber assistance, promote public-private collaboration, leverage industry expertise to protect national interests and address this growing concern across government.”
Lockheed Martin said that it expects owners and operators of national security systems to use accredited companies for incident response support.
The four pillars of the NSCAP program are intrusion detection, incident response, vulnerability assessment, and penetration testing.