Return to Partners Page

Valador, Inc.

Summary Profile:
Valador, Inc. provides responsive, award-winning support to federal departments and agencies. We design and build information architectures to deliver solutions for the strategic planning, engineering, analysis, and management of highly complex systems and solutions.

Business Classification:
Service Disabled Veteran Owned Small Business

Corporate Profile:
Founded in : 2001
Annual Sales/Revenues: $14.4M
Number of Employees: 65

Core Capabilities/Competencies:

1. Information Assurance
2. Modeling & Simulation
3. Software Engineering
4. Management Consulting

Geographic Presence:
Herndon, VA
Long Island, NY
Palo Alto, CA
Huntsville, AL

Major U.S. Government Customers:
NASA, DTRA, VA, DHS, USDA, DOI, US Senate

Current/Past Performance Citations:

1. DTRA Information Assurance Support:
   Under subcontract with General Dynamics, Valador staff leads the C&A effort for the Defense Threat Reduction Agency (DTRA), providing DTRA with Cyber Security and IA Operations expertise to identify, certify, and accredit almost 100 systems and applications. DTRA required this before they could move to a unified enterprise architecture for both their classified and sensitive but unclassified local area networks. Multiple large legacy systems derived from the 3 original agencies that joined to form DTRA, needed to be incorporated into the new enterprise architecture. These systems entail a LAN/WAN environment that supports nearly 4000 users with the following multiple networks (among others):
   • DTRA UNET (an enclave that supports sensitive but unclassified information)
   • DTRA SNET ( a VPN that uses SIPRNET as the transport)
   • JWICS TS/SCI WAN (for intelligence)
   • SIPRNET WAN (supporting Secret)
   In the last year, the Valador team was tasked with the responsibility of both DoD Information Technology Reporting Repository (DITPR) and FISMA reporting for DTRA. The team had to quickly develop a plan to identify all DTRA systems and applications and assist the system owners DAA, CIO, and the Deputy Director prioritize and categorize these systems and applications in accordance with the DITPR and FISMA requirements. We use DoD standards similar to NIST standards. Valador worked closely with system owners, administrators and developers to supply a solution to incorporate the priority systems and applications into the unified architecture, identify risks and provide mitigation solutions, and to certify and accredit, as required. Following these tasks, the legacy systems, most of which could not be moved, required individual mitigation plans that focused on specific mission requirements (i.e., supporting the search for Weapons of Mass Destruction or maintaining the national nuclear stockpile). When the priority work was underway and moving smoothly, Valador turned our attention to the remaining system and application owners in implementing the next phase which included an aggressive schedule to:
   • Create a C&A database to capture all system and application information and simplify DITPR, FISMA and internal reporting requirements;
   • Streamline the process for the Interim Approval to Operate (IATO) and the Approval to Operate (ATO);
   • Perform initial and post Risk Assessments;
   • Perform Vulnerability Assessments;
   • Assist with completion of System Security Authorization Agreements (SSAAs) and System Security Plans (SSPs);
   • Conduct Security Test and Evaluations (ST&Es) before new systems or applications become operational;
   • Test and evaluate DoD IA Security Controls (similar to NIST Controls); and
   • Aid system owners in determining Mission Assurance Categories.
   Under an aggressive schedule, Valador helped move DTRA into the Post Validation Phase for a majority of their systems where DTRA has now obtained their first non-"F" grade of "C and rising". The initial phases of this large and complex task were completed within 1 year and DTRA will continue to increase their compliance rating with the assistance from the Valador team.

   Valador also developed the DTRA Cyber Security Improvement Plan which provides a new information assurance architecture to secure DTRAs networks worldwide. The Cyber Security Improvement Plan is an overall architecture that describes the firewalls, Intrusion Detection System, and other required cyber security components, and the placement of these components within the DTRA network infrastructure to enhance the security of DTRAs networks. The plan describes the Concept of Operations, a schedule for implementation, implementation costs, and effects of the implementation on performance of the network infrastructure.

   Valador is also involved at the highest levels of DTRA in preparing and conducting certification and accreditation (C&A) reviews. This work also includes the development of a database for tracking the status of C&A efforts throughout DTRA. This database not only allows for the tracking of individual System Security Authorization Agreements, but also provides statistical information of C&A status across the Agency. We helped establish C&A processes, trained the enterprise architecture system administrators and other stakeholders on these processes, and streamlined the Security Test & Evaluation approach.

   Valador supports the development and maintenance of the Secure Access Personnel Security Database which is used to track agency, contractor, and visitor Personnel Security Clearances and is the authoritative source for granting admittance to DTRA facilities. Valador updates existing policies to ensure compliance with DTRA policies and procedures, and previous security audits to ensure accuracy of results and effectiveness of recommendations.

   Over the past couple years a Valador employee, Mr. Bill Harrison has supported the Defense Threat Reduction Agency and in particular Security and Counterintelligence's Information Assurance Division (SCA) without fail by continuously updating and deploying new versions of the certification and accreditation tool Xacta. His work configuring this software suite has significantly improved the ability of DTRA and in particular SCA to do our mission of information systems certification and accreditation.

   "Due to upgrade issues with the Xacta program, Mr. Harrison has had to develop procedures unique to DTRA to upgrade Xacta to the latest versions. Since software support from Telos was not able to determine what the issue was, Bill took it upon himself to research the errors and then develop and test alternative upgrade strategies for use at DTRA. His effort has now given DTRA an upgrade solution that works. He then provided input to Telos to ensure the support for the product improves."

   "Mr. Harrison's latest effort involved researching, planning, and deploying Xacta to DTRA's new virtual server environment. This is one of the first program deployments to this environment and this effort alone will free up three servers that can now be used for another project thus saving DTRA thousands of dollars in otherwise new server purchase costs."

   "Due to his commitment in providing quality Xacta development, SCA has been successful in improving it's support to DTRA customers. The increase in C&A and FISMA statistics for DTRA is a direct reflection of his support the Agency." Michael Roth, CISSP; Acting Chief; Information Assurance Division; Defense Threat Reduction Agency; (703)767-7966

2. DTRA Network Operations Security Center (NOSC) Build-Out
   In support of the Defense Threat Reduction Agency (DTRA) Valador developed the Network Operations and Security Center (NOSC): Concept of Operations (CONOPS), Functional Requirements Document (FRD) and Conceptual Design Document. These documents defined the architecture for the upgraded DTRA NOSC, which greatly enhances the Network Operations (NetOps) and Network Defense (NetDef) capabilities of the current NOSC. This foundation for this work was performed by Valador on the DTRA NOSC Build-Out Assessment contract in FY-07, and the work done in previous years by Valador under the DTRA Information Assurance contract related to the Cyber Security Improvement Plan and Cyber Security Improvement Architecture Plans.

   Valador expanded the NOSC Build-Out design with the development of the System Design Document (which describes the NOSC logical design), Detailed Design Document (which describes the NOSC physical design, and Physical Requirements Documents (which describes the facility modification required to implement the NOSC upgrades).

   Valador has assessed the baseline NOSC capabilities using the Capability Assessment Template, developed by Valador, to ensure that the phased development of the NOSC meets accepted best practices and applicable government regulations. Valador will perform a capability assessment at each NOSC Build-Out milestone to determine progress made toward compliance with NOSC capability goals. Acceptance testing is also being performed at each milestone to ensure that the NOSC meets all contractual and programmatic requirements.

   Valador is currently installing the new hardware and software required to meet the requirements of the DTRA NOSC. This includes the installation and configuration of ArcSight Enterprise Security Manager (ESM) and Security Information and Event Manager (SIEM) which will be the central monitoring system for NetOps and NetDef personnel operation the upgraded NOSC. The ESM will aggregate and correlate the numerous and disparate data sources from Intrusion Detection Sensors, Firewalls, Network Switches/Routers, Servers, and other security and network systems.

   To achieve improved Situational Awareness of NetOps and NetDef for DTRAs Enterprise Wide Information Technology enclaves, Valador is implementing connectivity to the various network enclaves to allow real time awareness of potential disruptions and threats to these networks. This increased level of Situational Awareness will also permit DTRA NOSC operators to be able to proactively take actions to ensure Confidentiality, Integrity, and Availability of the DTRA networks. NOSC operators will have access to large Video Wall displays to enhance collaboration and Situational Awareness, as well as improving communication to DTRA management personnel for decision making

   As NOSC systems are brought online, Standard Operating Procedures (SOP) and Maintenance Procedures are developed to allow effective transition of operational and maintenance roles for NOSC systems from the development team to the operations and maintenance personnel. As each development phase is completed, the SOP and Maintenance Procedures are update to incorporate information relevant to the newly added systems.

Points of Contact:

Primary POC:
Name: Richard Kaplan
Title: Executive Vice President
Tel: (703) 773-3059
Address: 560 Herndon Pkwy, Suite 300, Herndon, VA 20170
E-Mail: Richard.Kaplan@valador.com

Secondary POC:
Name: Michael Heinle
Title: Proposal Manager
Tel: (703) 773-3073
Address: 560 Herndon Pkwy, Suite 300, Herndon, VA 20170
E-Mail: michael.heinle@valador.com

Home Page: www.valador.com

Return to Partners Page