Department of Education Office of Federal Student Aid

  
  
  
  
  
  
  
  

The following are examples of IV&V and IT security engineering prime contract support provided to the Federal Student Aid (FSA) organization.

IV&V for the FSA Integrated Partners Management (IPM) Project

BSC Systems was competitively selected as the IV&V prime contractor providing project risk assessment and compliance assessments of the IPM developer’s services and products. BSC Systems responsibilities include:

  • Independent risk analysis and risk management support
  • IV&V of system (technical) and supplemental (non-functional) requirements
  • IV&V of system design activities and the FISMA compliant security architecture
  • IV&V of test plans, test cases, and test scripts
  • IV&V of program and project management processes
  • Special studies & technical reviews including Black Pearl and SharePoint technical assessments

IV&V of the Security Program Supporting the FSA Virtual Data Center (VDC)

BSC Systems was competitively selected to provide VDC operational security verification and validation and computer incident response capability (CIRC) continuous monitoring support to the FSA Virtual Data Center (VDC). The scope of security IV&V services included:

  • Assessment of security risks and vulnerabilities
  • Validation of the network threat monitoring activity of the MSS service provider
  • Identify non-compliance within established VDC security practices and CM changes
  • Reporting of security incident findings as defined by US-CERT

IV&V of Outsourced FSA Borrower Services

BSC Systems has provided IV&V services for the development, accounting, operations and IT security activities for FSA’s outsourced Borrower Services operations and information systems development. Support was provided in the following IV&V task areas:

  • IV&V planning and coordination support
  • Risk analysis and risk management support
  • Development and test IV&V support
  • Operations and performance metrics IV&V support
  • Assessments of accounting processes and financial reporting deficiencies
  • FISMA based security assessments and C&A support
  • Maintainability assessments and compliance reviews