TASK: As an example of how an NSSPlus team of security engineers and Information Assurance (IA) consultants would conduct an assessment of a Wireless LAN (WLAN) solution for a corporate customer: Our team would conduct a Security Gap Analysis, examining the gap between the Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs) and the current WLAN configuration.

CONSIDERATIONS: We understand that our customer's network/communications infrastructure must provide secure, available, and reliable data for their subcontractor networks and remote locations within the current assessment boundary. We would ensure that we met the technical and business requirements defined by our customer. In addition, we would ensure that the existing WLAN implementation methodology was compliant with DISA STIGs and other relevant standards.

RESOLUTION: NSSPlus would provide IA experts in network security to conduct baseline mitigation and validation on our customer's WLAN security solution. Our security consultants are trained and certified on DISA STIGs and Security Checklist for network infrastructure devices and operating systems for mainframes, midrange, network servers and workstations. We maintain a resource pool of certified professionals who provide reach-back capability in support of small to large size security contracts in the commercial, federal and DoD market segments.

We would utilize the DISA STIGs to decrease the number of vulnerabilities associated with the current WLAN design, in order to ensure that sensitive information is securely transmitted across the LAN Infrastructure. The intent of our utilization of the DISA STIGs to assess the WLAN is to ensure that security safeguards are implemented at the network level. These safeguards are required in order to provide an acceptable level of risk for information as it is transmitted throughout the WLAN and network enclave.