BLS engaged Enlightened to conduct a security assessment of three of their data collection systems. The overall objectives of the 2006-2007 Sensitive Application Security Reviews (SASRs) are to:

• Assess the implemented security controls for the three systems, ensuring they comply with NIST 800-53 requirements; and
• Identify any discrepancies that may be present within BLS’ security infrastructure.

Enlightened assessed three critical BLS applications and their LAN/WAN using NIST 800-53 Recommended Security Controls for Federal Information Systems to ensure all necessary security controls were implemented. The following tasks were conducted:

• Identified the implemented management, technical, and operational controls for the 17 security control families within NIST 800-53.
• Identified security deficiencies in the information systems according to NIST 800-53.
• Conducted three security vulnerability scans to identify weaknesses within the systems using NESSUS, N-Map, and Ethereal.
• Developed a findings paper that highlighted the security testing methodology, the testing procedures, the identified deficiencies, the recommendations to rectify these weaknesses, and the vulnerability assessment results.