CALNET understands that our customer’s system information is a target for external threat actors and misguided insiders. The rhythm of security operations can be fast, especially with a continuous, pro-active approach to threat defense. CALNET provides technical experts to deliver a robust information assurance (IA) and cybersecurity support program that our customer needs. Our support model leverages the processes, tools (i.e., Fortify, Splunk) and methods approved by the Defense Information Systems Agency (DISA) documents such as Security Requirements Guides (SRG) and Security Technical Implementation Guides (STIG), covering a wide range of technologies. CALNET also leverages its knowledge of the Risk Management Framework (RMF) approach to advice our customers in improving their cybersecurity infrastructure across their systems.

CALNET’s security processes are fully integrated in all aspects of both development an operations adhering to all phases of DoD’s RMF. CALNET maintains ISO 27001 – Information Security and security certification as part of our “DNA” in everything we do from an IT service delivery perspective. Across all our DoD IT service contracts, all our technical staff, depending on their roles, must meet various levels of DoD 8570 baseline certification requirements from IAT Levels I-III, including IAM Levels I-III. Across all levels, our expert-level security staff includes both IA and Cybersecurity Specialists.

CALNET implements a rigid segregation of duties (SoD) practice on all our contracts that helps ensure that granted authorized users have the right to use a service while preventing access to non-authorized users. Our system and user monitoring features cover real-time monitoring for authentication, visibility, control; detecting anomalies with Intelligent behavioral engines; enabling solid access control and privilege management; enforcing least privilege, zero trust policy and rules; protecting data & privacy with endpoint conduct forensic investigation and IT audit; performing risk analysis to identify security gaps & vulnerabilities; monitoring external and remote users for extra protection and conforming with compliance laws and standards under our contractual specific requirements. We “tighten” security by taking the additional proactive monitoring steps for users’ access as well as potential system or application-related vulnerabilities.

For our ongoing development efforts within the DoD, we help ensure our supported systems meet DISA STIG hardening and configuration requirements.