The OCIO's ISSLOB Services help you protect your network and applications
OCIO's ISSLOB Penetration Testing team provides a real-life snapshot of your security controls' effectiveness. OCIO’s professionals are experts in the latest attack methods and techniques used to exploit information systems. Our team attempts to break into your network to find vulnerabilities before attackers do. This unique process identifies vulnerabilities and threats; tests the reaction and identification capabilities of your agency; and provides a measurement of continuous improvement.
Why Do I Need This Test?
Penetration testing is a controlled attack simulation that helps identify susceptibility to application, network, and operating system breaches. By locating vulnerabilities before the adversaries do, you can implement defensive strategies to protect your critical systems and information.
What Does Penetration Testing Actually Test?
OCIO ISSLOB performs both black box--no knowledge--and white box--with knowledge and/or privileges--Penetration Testing. Assessments include:
What Is the Procedure for a Penetration Testing Test?
Our security professionals have a written methodology that is constantly updated with new techniques and vulnerabilities. The attack scenario often begins with passive probing to provide a map of the target network, and then progressively escalates. Configuration weaknesses and vulnerable systems are exploited to gain unauthorized or privileged system access. Throughout the test, ISSLOB works with you to identify appropriate target systems and to keep you up to date on the attack's progress. A brief summary re-port provided on the last day of testing identifies all discovered vulnerabilities and the affected systems.
OCIO’s Penetration Testing team can perform a realistic hands-on simulated attack of your network and applications. We will not only find out where the holes in your systems are, we will also determine how good your current intrusion monitoring devices are at recognizing and re-porting the attack. With the results of our tests and recommendations, you can optimize your agency’s security stance and be confident that your network will resist malicious intrusions. We don't just identify problems-we help define a solution balanced around your business objectives.
No separate contract is required.
No sole source justification is required.
The OCIO ISSLOB COE is positioned to provide C&A services to DOI and federal government agencies. As an OMB designated ISSLOB, work is initiated through an Inter-Agency Agreement (IAA) with the Interior Business Center Line of Business.
The IAA will reference an agreed upon Memorandum of Understanding, with supporting Proposal, Statement of Work and Rules of Engagement documents. Authority Under Which C&A is Provided: Economy Act – 31 USC 1535 and Working Capital Fund, 43 USC 1467, 1468.
For Additional Information:
Please contact the OCIO ISSLOB at ISSLOB@ios.doi.gov or 303-969-5700.