Relevant Past Performance

The following ongoing and recent past performance references demonstrate Oasis’ experience in providing professional services relevant to EAGLE II Functional Category 3.

Customer/Client Organization: U.S. Nuclear Regulatory Commission (NRC)

Over the past six years, Oasis has supported the NRC to grow and strengthen its IT security capabilities for Federal Information Security Management Act (FISMA) compliance. Oasis’ team of security analysts, security engineers, senior cyber security consultants, IT auditors, technical writers, and support personnel have the depth and expertise for delivering services under this agency-wide security support contract. To date there have been 80 awarded Task Orders that are managed using Earned Value Management (EVM) principles and tools. Our team works closely with NRC program stakeholders to achieve and maintain an Authority to Operate (ATO) for their systems; develop Contingency Plans (CP) and conduct CP tests; establish a Continuous Monitoring program; develop/update internal security policies and procedures based on Federal guidance; develop a role-based, instructor-led Security Awareness Training program; and assist with security engineering and special initiatives such as Advanced Persistent Threat (APT) briefings and the development of an Enterprise Risk Assessment.

Our Team works closely with software integrators by conducting independent reviews of system architectures to verify that accepted security standards are incorporated into new or enhanced system development. Oasis has established dedicated teams to conduct independent verification and validation (IV&V) security related activities that include System Test and Evaluation (ST&E), Quarterly Scanning, and Penetration Testing on unclassified and classified systems. Furthermore, we review and update processes and procedures d for compliance with the latest Federal guidance and industry best practices and prepare recommendations for improvements.

We are also working with the NRC to develop an inspection and validation program for NRC’s Office of Nuclear Security and Incident Response (NSIR) to ensure nuclear facilities are in compliance with Regulatory Guide (RG) 5.71, which ties to DHS initiatives for critical infrastructure protection.

Across the program, our Quality Assurance (QA) Team provides oversight to ensure compliance with performance standards. The QA Team oversees processes and deliverables, including the identification, remediation, and eradication of deficiencies that impede the quality of service delivery.

Customer/Client Organization: Naval Facilities Engineering Service Center, East Coast Detachment (NAVFAC ESC ECDet)

Oasis provides comprehensive technical assistance including software engineering, information assurance, system administration and security, program management, and customer service support to the Naval Facilities Engineering Service Center East Coast Detachment (NAVFAC ESC ECDet) across all product lines associated with the Ocean Construction Division. These efforts include project management services for inspections and studies conducted across the ECDet product lines, including the Waterfront Facilities product line; development and fielding of enterprise-level management and inspection reporting tools; classified system/network administration, asset configuration and system security management; development support for new data collection standards, including generation of the UNIFORMAT II standard for Naval Waterfront Facilities and Navy Dry Docks; logistical and onsite support for the Petroleum, Oil, and Pipelines program; and technical and program management support for various aspects of the Fleet Moorings, Cables, Pipelines, Hyperbarics, Magnetic Silencing Facilities, Water Tanks, Bridges, and Waterfront Facilities product lines. Oasis is responsible for the full compliance to DOD/Navy accreditation and certification under DITSCAP/DIACAP requirements for the enterprise roll-out.

Oasis provided classified system security including the monitoring of Application, Security, and System logs; configuration and deployment of network assets, desktops, and servers; installation of system/asset updates and validation of consistent security configurations; audit and remediate systems and create automated remediation scripts based on DISA and WASSP requirements; and DIACAP C&A package development support and coordination.

Customer/Client Organization: Unnamed Since 2008 Oasis has provided the Technical Task Order Lead and personnel responsible for the C&A, Continuous Monitoring, and Reaccreditation activities for over 100 systems to include site visits, vulnerability assessments, mitigation actions, and updates of System Security Plans (SSPs) and support documentation. We manage the Incident Management Team by overseeing the cleanup of data spills and coordinating the investigation of computer system and network security incidents with internal staff and other U.S. Government investigators. Our Team assists in the validation of server configurations and security controls. Oasis provides technical security support to the customer; advising on a broad range of security topics and policies.

Oasis also provides data center sustainment support through the development of contingency plans for alternate sites to ensure continuous monitoring when primary site monitoring capabilities are impaired. We support with the data center Engineering Team to validate and document policies and procedures for implementation and management of both physical and virtual server platforms.