GA-Intelligence

It's the Security, Stupid!

In light of some recent developments and announcements regarding secure systems  needed to support our warfighting information technology requirements (or the lack thereof), we at GA Intelligence have some things we’d like to offer up for consideration and discussion. 

Modern information systems must balance usability and protection of sensitive assets. At the core of this balance are access control mechanisms—policies and technical enforcements that determine who can view, change, or share information. Among these, two complementary models stand out: Mandatory Access Control (MAC) and Discretionary Access Control (DAC). 

Mandatory Access Control (MAC) is a high-assurance model where access decisions are centrally enforced based on pre-defined security labels. Users cannot override these rules; for example, data classified as Secret can only be accessed by entities with appropriate clearance and need-to-know. This is critical in environments handling national security data, proprietary intellectual property, or regulated personal data. 

Discretionary Access Control (DAC) complements MAC by giving resource owners some authority to grant or restrict access to their assets. This flexibility supports collaboration and dynamic business workflows, enabling system owners or data custodians to respond to operational needs without compromising policy enforcement. 

Other supporting controls—such as Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC)—add scalability and context sensitivity. RBAC groups privileges by job role, reducing the risk of “permission sprawl,” while ABAC evaluates attributes (time of day, device health, data sensitivity) to make granular real-time decisions. 

At GA Intelligence, we employ all of the above in our Optix platform and systems that leverage it as a core element. These allow us to ingest, manage, process, enrich, and share information at speed and scale and with confidence.

However, technical controls alone aren’t enough. Formal certification of system configuration—through frameworks such as NIST Risk Management Framework (RMF), ISO/IEC 27001, or Defense Information Systems Agency (DISA) STIG compliance—verifies that access control mechanisms are correctly implemented and aligned with policy and risk requirements. Certification provides an independent, documented assessment of security posture, reassuring stakeholders, regulators, and customers that the system can safeguard data against unauthorized access or misuse. 

By integrating robust access controls with formal configuration certification, organizations create defense in depth: a layered security posture that is auditable, adaptive, and trusted. This combination not only reduces the risk of breach but also streamlines compliance and strengthens organizational resilience. 

GA Intelligence has certified its systems countless times to many of the above standards and maintains these certifications and secure systems for its public and private sector customer on a number of networks; regardless of classification. At GA Intelligence, we like to say we “run fast with scissors” but in reality we are all about the CIA (confidentiality, integrity, and availability – the core principles of information security) of our systems. We’d love to talk with you more about how we can help you keep your data safe!