OMBi has extensive experience hardening web application code-bases to ensure a secure environment limiting and/or mitigating all required vulnerabilities by NIST and OWASP. We align the security posture with all required policies and guidelines with the customer organization and advise if additional security measures need to be put in place to properly shore up the web hosting platform and/or the web application framework, code base, and data accessing methodologies. Below highlights the policies, guidelines, and experience we have as a company with cyber security.
UTILIZING POLICIES AND DIRECTIVES
National Institute of Standards and Technology (NIST)
Risk Management Framework (RMF)
SP Series 500, 800, 1800, and ITL Bulletins
Federal Information Processing Standards (FIPS)
FIPS Pub 140-2
SHA-1, -2, -3 (with fixed-length algorithms and SHAKEs)
Federal Information Security Modernization Act (FISMA)
VA Federal Risk and Authorization Management Program (FedRAMP)
US Computer Emergency Response Team (US-CERT)
Open Web Application Security Program (OWASP)
OMBi has past performance providing the USDA NIFA organization with cybersecurity services in support of assessment and migration of antiquated Oracle web-based JAVA applications into a compliant platform and secured state for continued world-wide consumption by their community of users. We ensured all
applications were hardened as prescribed by both US-CERT teams and the Open Web Application Security Project (OWASP) community. We developed the cybersecurity plan foundationally in accordance with NIST SP 800-18 Rev 1 (and all subsequently identified special publications and other organizational cybersecurity policies) aligned with the application NIST FIPS 199 information system classification. OMBi ensured their successful migration, platform upgrade, and code-base update would provide them a complaint and current web application posture to operate safely and securely in compliance with US Federal and NIST cybersecurity policies and directives.
WEB APPLICATION SERVER COMPROMISE AND INTRUSION
OMBi has had direct experience recovering, hardening, and re-deploying web applications for public use after a detected compromise and subsequent shut-down from the United States Computer Emergency Response Teams (CERT) for a DoD joint site for biosurveillance. In collaboration with the US-CERT team, we
removed the physical drives and shipped them for forensic inspection. With our approved copies, we remedied the identified vulnerabilities in the web applications. After several detailed inspections and scans, we were able to successfully address all identified vulnerabilities and pass the US-CERT scans. The websites were re-opened for public use within three weeks time.