innovate | collaborate | secure briefing

CRITERION Capabilities Briefing 1© 2019 Criterion Systems, Inc. Proprietary and Confidentialwww.criterion-sys.com

October 2019

Innovate | Collaborate | Secure Capabilities Briefing

© 2019 Criterion Systems, Inc. Proprietary and ConfidentialNovember 2019


© 2019 Criterion Systems, Inc. Proprietary and Confidential CRITERION Capabilities Briefing 2www.criterion-sys.com

OCTOBER 2019

ABOUT CRITERION SYSTEMS

93% of company revenue from prime contracts

HQ in Vienna, Virginia, with sites across the United States

CMMI Level 3 (Development and Services) ISO 9001:2015 ISO 20000-1:2011 ISO 27001:2013

Large business systems integrator and cyber operations-focused company, serving government customers since 2005, employee owned

Proven performance across broad customer base

Industry-standard certifications such as CISSP, CISM, ITIL, PMP, etc.

50%+ of staff cleared at Q or TS or higher

Corporate infrastructure in place


© 2019 Criterion Systems, Inc. Proprietary and Confidential CRITERION Capabilities Briefing 3www.criterion-sys.comOCTOBER 2019

CORE COMPETENCIES

Cybersecurity

IT Infrastructure Systems Engineering

Cloud/Data Center Management



OCTOBER 2019

CORPORATE INFRASTRUCTURE

Prime Contract Vehicles

• ITES-3S• GSA Schedule 70• DIA E-SITE• DOE NNSA IT Infrastructure and

Cyber Security (IICS) BPA• U.S. Navy Seaport-e and Seaport

NxG• USDA FNS BPA• USDA FAM BPA

Investment in infrastructure and automated tools for staffing, personnel security, and project control/cost management

Approved accounting system Experience with all contract types (FFP,

T&M, LH, Cost Plus)Dedicated recruiting organization;

worldwide staffing capabilities Proven senior management


© 2019 Criterion Systems, Inc. Proprietary and Confidential CRITERION 5www.criterion-sys.com

CRITERION Capabilities Briefing OCTOBER 2019

CYBERSECURITY

Cybersecurity Engineering and Technical Services

• Information System Security Engineering (ISSE)/Security Control Support

• Cyber Defense Technology/Information System Protection SupportEnterprise and Security Architecture Support

• IT and Cybersecurity Integration• Cybersecurity Infrastructure Operations and Maintenance (O&M)• CS&P Product Research, Evaluation, Testing, and Secure Configuration

Support• Secure IT Development, Design, and Implementation Support

Cybersecurity Governance and Program Management Services

• Data Security Support• CS&P Program Execution• CS&P Policy and Governance• CyberScale® CS&P Review Support• Risk Management Framework (RMF) Support• Enterprise Vulnerability Management and Mitigation Program

Support• CS&P Training Support

Cybersecurity Operations Services

• Security Operations Center Support• Focused Operations Services• National Security Systems Cybersecurity Support• Intelligence Community Cybersecurity Support• Information Operations Support• Critical Infrastructure Protection Planning and Program Support• Industrial Control Systems (ICS) Support• Privacy Protection Support

Cybersecurity Compliance, Risk Management, and Continuous Monitoring Services

• CS&P Program and System Audit Support• COMM and OSE Support• Command Cyber Readiness Inspection (CCRI) Support• Cybersecurity Service Provider (CSSP) • Site Assistance Visits (SAVs)• Information Operations Condition Implementation• Security Assessment and Authorization (SA&A)/RMF Support• Information Systems Continuous Monitoring (ISCM) Support• Risk Management and Risk Assessment Support• Cyber Supply Chain Risk Management Support



CLOUD/DATA CENTER MANAGEMENT

Transitioning Applications and Data to the Cloud

• Cloud Computing• Virtualization and Consolidation• Application Modernization• Capacity Management• Storage Management• Rapid Provisioning• Computing Platform Automation/Orchestration• Cloud Cybersecurity and Compliance

Transforming, Consolidating, and Managing Modernized, Scalable, and Secure Data Centers

• Data Center Migration• Data Center Facilities Operations • Enterprise Services Portfolio Management• Information Technology Service Management• Contingency Planning, Business Continuity, and

Disaster Recovery• Service Asset and Configuration Management• Data Center Cybersecurity and Compliance• Network Operations Center (NOC) Management



OCTOBER 2019

IT INFRASTRUCTURE & SYSTEMS ENGINEERING

• IT Modernization• Network Operations Centers (NOCs)• Data Center Operations• Virtualization and Consolidation• Cloud Computing• Field Site Operations and Maintenance (O&M)• Network/Telecommunications Support• System/Application O&M• Help Desk and Desktop Support• System and Server Administration• Unified Application, Server, and Network

Monitoring• Database Administration• Contingency Planning, Business Continuity, and

Disaster Recovery• Lifecycle Asset Management• Configuration Management

IT Infrastructure Systems Engineering

• Enterprise Architecture and Design• IT Infrastructure Engineering• Information and Data Management• Concept Development• Requirements Engineering• System Architecture• System Design and Development• Systems Integration



CYBERSECURITY CENTER OF EXCELLENCE

• 250+ certified/cleared cybersecurity professionals

• Dedicated cyber recruiters • Cyber Operations Maturity Model

(CyberScale™) used to assess current state of security operations and work with customers to enhance roadmaps for operational improvement

John Harrison, Director of the CoE, brings more than 15 years of experience designing cybersecurity programs for government and private sector industries. He draws on both his military and intelligence community background in cyber threat hunting and intelligence operations to advise customers on how to successfully secure infrastructure and systems.

The CoE:• Provides a dedicated group of experts focused on

cybersecurity best practices who deliver innovative solutions and achieve operational excellence for each of our customers

• Offers consistent delivery and execution on traditional cyber-related programs, enabling us to go after (and lead) more advanced cyber work

• Is a horizontal cyber practice supporting the entire company while managing all aspects of cybersecurity human capital management




CYBERSCALE®

CyberScale®

Compliance & Risk

Management Solution

provides a unique

approach for

streamlining compliance,

mitigating, measuring,

and reporting risk at

every level of your

organization

Notional Interface

US Patent-Pending




CYBERSECURITY CUSTOMERS

DOE NNSA OCIO – manage 24/7 cyber operations at NNSA IARC; maintain CSSP certification

DOE NNSA OST – provide 24/7 mission-critical cybersecurity support for classified and unclassified networks and applications

NSF – Cybersecurity and Privacy (CS&P), RMF, FISMA, and cyber operations program support Navy – support cyber operations, security engineering, C&A, and CND AF DCGS – provide network security; implement security fixes to meet AFCERT requirements

Completed the successful independent audit of NNSA OST’s classified cyber security program which found solid baseline configuration standards and consistent implementations, concluding the architecture is well-designed and implements defense in depth.

For the NNSA OCIO, designed and implemented a database of multiple Hadoop clusters, with the largest providing 1 Petabyte of storage offering HDFS, MapReduce, Hive, and Impala, Oracle RAC-70TB Oracle data warehouse, MySQL, and Microsoft SQLServer. The technical solutions have produced a cost savings for the Government of approximately $1.5M.



CLOUD/DATA CENTER MANAGEMENT CUSTOMERS DOE NNSA OST – provide a turnkey design and solution for data center modernization,

including analysis of power, cooling, backup power, and other non-IT aspects DOE NNSA OCIO – maintain IARC private cloud environment for enterprise-wide network

data fusion and analytics in support of the cybersecurity mission for classified and unclassified networks

Commerce OCIO – provide Single Point of Contact (SPOC), ITILv3-aligned IT service desk support on-site

DOL OCIO – provide IT services to support OCIO’s mission to modernize and transition to the cloud

USDA DISC (formerly NITC) – support 24/7/365 mission-critical support for cloud-based hosting services, associated operations, security, and professional support services

Consolidated multiple data centers and currently support two DISC data centers and more than 100,000 end users, 5,000 physical and virtual servers, 863 network devices, and 9000 terabytes of data storage across 35 Federal organizations and business applications.

Established two geographically separated data centers and control centers that have significantly reduced risk to active OST missions and achieved an estimated cost savings of $4M annually.


© 2019 Criterion Systems, Inc. Proprietary and Confidential CRITERION Capabilities Briefing 12 www.criterion-sys.comOCTOBER 2019

SYSTEMS ENGINEERING CUSTOMERS DOE NNSA OST – play a key role in a new IT architecture for mission systems, separating

OST mission data center functions from the operations centers DOL OCIO – help develop DOL’s Enterprise Architecture Strategic Roadmap in support of

ensuring OCIO’s technology strategy serves their business strategy AF DCGS – ongoing efforts to more tightly integrate systems and to assess the viability of

migration to open architecture-based cloud computing platforms Navy CNRSE – provide IT mobility leading-edge technology, including engineering support

and technical expertise for Enterprise Land Mobile Radios (ELMR) and cell phone devices USDA FNS – integrate all state and local independent system data, performing significant

data analysis and validation to over 1.4 million recipient records

Addressed a latency issue for FNS eDRS, gaining order-of-magnitude increases in responsiveness; from 40+ second timeouts to now sub-second responses for multiple simultaneous users.

Criterion used virtualization to reduce risk and effectively implement security requirements, leasing space with tenant improvements at a cost of $200K, as opposed to the $2M+ estimates received.



OCTOBER 2019

INFRASTRUCTURE OPERATIONS CUSTOMERS DOE NNSA OST – 24/7 mission-critical classified and unclassified information and telecommunications

infrastructure support NNSA IICS OCIO – Manage NNSA CIO’s Security Operations Center/Network Operations Center

infrastructure 24x7x365 at IARC (NNS Information Assurance Response Center) Commerce OCIO – infrastructure operations and network engineering and support DOL OCIO – support OCIO’s transition to more efficient infrastructure, such as cloud services and inter-

agency shared services Navy CNRSE – maintain operations of NMCI network (second largest in the world), support legacy system

transition, and provide systems integration, network and systems administration, and engineering support USDA DISC (formerly NITC) – 24/7 monitoring and expert technical support for the USDA Enterprise Data

Centers AF DCGS – classified sustainment and maintenance support for distributed operations across 40 sites

worldwide

Criterion’s team facilitated global sync for all DCGS sites of the AF’s 480th ISR Wing enabling them to process approximately 700 gigabytes of information flow daily.

Criterion has eliminated a number of OST legacy servers, reduced rack space requirements by 50 percent, virtualized more than 80 percent of OST systems, and increased available rack/floor space in the data center by more than 400 percent, due to layout and configuration redesign, which also improved cooling in the room.



AWARDS AND RECOGNITION

Washington Post Top WorkplacesCategory: Midsize CompaniesRank 2019: 49

EY Entrepreneur of the YearRegion: Mid-AtlanticCategory: CybersecurityRank 2019: Winner

Top Military Friendly® EmployerList: 2020

Virginia BusinessFastest-Growing CompaniesRank 2019: 28Rank 2018: 27

Washington Business JournalFastest-Growing Companies Rank 2019: TBD (Announced in Oct. 19)Rank 2018: 21

Largest Private CompaniesRank 2019: 98/100

Largest Cybersecurity CompaniesRank 2019: 23Rank 2018: 20

Inc. 5000 List of Fastest Growing Private Companies Rank 2019: 1,444Rank 2018: 1,565Rank 2017: 1,350Rank 2010: 1,690Rank 2009: 10

Growth Business Workplace

NOVA Chamber of CommerceOutstanding Corporate Citizenship AwardsRank 2018: Nominee

Corporate Citizenship

Moxie Award: Boldness in BusinessCategory: CybersecurityRank 2017: Winner

NVTC Cyber CEO of the YearRank 2019: Finalist



OCTOBER 2019

COMMUNITY INVOLVEMENT

Since 2009, Criterion has supported The Women’s Center (TWC), an organization that provides mental health counseling, support, and education to the metropolitan area to help people live healthy, stable, and productive lives. We are patron sponsor of the organization, donating $10,000 annually. Employees also volunteer on various committees, and recently created a series of three webinars on career advice.

Criterion’s corporate philosophy holds that true success requires us to give back to our community.

Patron Sponsor

Other Community Support

In communities where our employees live and work across the United States, we seek out local leaders and organizations to partner with to make a difference.



CRITERION SYSTEMS’ PAST PERFORMANCE



U.S. DEPARTMENT OF AGRICULTURE (USDA) PAST PERFORMANCE

Digital Infrastructure Services Center (DISC, formerly NIST)

Key Result:

Criterion is the prime contractor managing $90M and 90 FTEs supporting five data centers and more than 100,000 end users, 5,000 physical and virtual servers, 863 network devices, and 9000 terabytes of data storage across 35 Federal organizations and business applications. We:

Provide 24/7/365 mission-critical technical support services for the Office of the Chief Information Officer.

Design and create architectural and infrastructural designs and technology roadmaps for OCIO.

Provide enterprise-wide cost competitive, cloud-based, automated data processing hosting services.

Manage a single customer self-service portal called AgCloudthat enables multi-cloud management, competitive pricing, pre-approved methods for cloud by department, and automatically provisions Cloud Access Security Platform managed services.

Criterion won the U.S. Government Distinguished Team Award. Our managed services team demonstrated exemplary innovation and teamwork on the OCIO-DISC’s strategic initiatives to enhance and secure commercial cloud capability, increase cloud adoption, and improve customer experience in support of the Secretary’s IT Reform and Modernization initiatives through the delivery of Cloud Access Security Platform managed services and Cloud Lifecycle Management portal.



U.S. DEPARTMENT ENERGY (DOE) NATIONAL NUCLEAR SECURITY ADMINISTRATION (NNSA) PAST PERFORMANCE

Office of the Chief Information Officer (OCIO) Cybersecurity

Support Services (TO#1)

Key Results:

Criterion is the prime contractor managing $261M and 128 FTEs to support the engineering, operations, maintenance, and management contract. We support operations for 92 different customer enclaves, across 4 classified and unclassified networks, providing services for 65,000+ users with more than 100,000 endpoints. We:

Serve as a Tier-2 Cybersecurity Services Provider (CSSP). Provide 24/7/365 network security monitoring and incident

response support to 92 locations from the primary SecurityOperations Center (SOC) in Las Vegas, Nevada.

Manage and support the Information Assurance Response Center (IARC) including the highly complex location move of the NNSA IARC to improve efficiency, expand monitoring capacity, and increase cyber operational effectiveness.

• Increased monitored customer enclaves from 68 to 92.

• Managed and supported the IARC Cyber Innovation Lab.

• Collaborated on the establishment of the NNSA Cyber Threat Intelligence Center of Excellence.

• Developed an NNSA Enterprise Cybersecurity Training Program and IARC Service Catalog.




Office of Secure Transportation (OST) IT and Telecommunications

Support Services

Key Result:

Criterion is the prime contractor managing $45M and 40 FTEs to deliver 24/7/365 mission-critical classified and unclassified support for the information and telecommunications technology infrastructure. This includes more than 100 managed devices, 35 applications, 48 physical servers, 86 virtual servers, 34 VoIP phones, 375 mobile devices, and 2 data centers. We:

Played a key role in mission architecture redesign, allowing DOE NNSA OST to implement an alternative operations center at a cost of about $200K vs. a $2M+ solution proposed by another contractor.

Located office space in Albuquerque to provide an area for a new development, testing, and staging laboratory. Because of the rigorous testing methodology instituted by Criterion, recent major code pushes have been nearly flawless.

As part of OST’s 3-year IT modernization efforts, OST saved $4 million per year and advanced the deployment of new technologies in a mission-critical environment by “insourcing” software development to Criterion, adopting agile methodologies to provide more capabilities faster.




Policy and Governance Support Services

Key Result:

Criterion is the prime contractor managing $34M and 43 FTEs providing oversight support, and subject matter expertise and guidance related to compliance program management and NNSA cyber and IT governance. Further tasks include policy coordination, data collection and analysis, strategic communications support, and end user training. We:

Developed an NNSA enterprise-wide information infrastructure aligned with the NNSA Governance and IT Management Framework.

Implement an effective mix of technology, policy, and risk management practices to enhance the information management of the Nuclear Security Enterprise.

Criterion significantly enhanced NNSA compliance program management with a number of IT and Cybersecurity related statutory domains including FITARA, records management, privacy, section 508, and IT project oversight.




Program and Project Management Support Services

Key Results:

Criterion is the prime contractor managing a $10M and 11 FTEs program executing project management services to augment DOE NNSA current Federal staff in Washington, DC; Germantown, MD; Albuquerque, NM; and Las Vegas, NV. We:

Implement a proven and repeatable project management framework for all NNSA IT/cyber projects enterprise-wide.

Develop quantitative and qualitative characteristics of a proposed project and create a business case for system changes/new features that provides an overarching guide to determine the best technical and cost-effective solution to effectively capitalize on return on investment.

Completed and closed 11 projects; currently managing 8 active projects with 4 additional projects on hold by the customer due to resource constraints.

• Established a Project Management Office (PMO) for the NNSA’s Chief Information Officer.

• Created standardized processes and templates for project management.

• Established a center of excellence for Project Management for the NNSA CIO.



U.S. DEPARTMENT OF COMMERCE (DOC) PAST PERFORMANCE

Office of Information Technology Services (OITS)

Key Result:

Criterion is the prime contractor managing $26.5M and 36 FTEs to support IT and engineering services service delivery at the DOC Office of the Secretary for the Herbert C. Hoover building (HCHB) network infrastructure (HCHBNet). We:

Established and maintain a Tier 0 self-service capability via a Self-Service Portal, empowering end users and enhancing targeted outreach and training programs.

Support the overhaul of the National Oceanic and Atmospheric Administration (NOAA) and EDA’s (Economic Development Administration) ServiceNow instances to include special workflows, special notifications, special SLAs, special surveys, and automatic approvals.

Conduct data migration. Our Windows 10 migration was commended by the DOC Customer: “None of our other migrations had that type of thorough prep. We really appreciate the help and the expertise.”

Under pressure to address issues prior to the Secretary departing on international travel, DOC OESS management commended Criterion staff for an outstanding level of service in addressing issues quickly and providing the Secretary mobile access to his calendar. OESS stated “What looked impossible at the beginning of the week was resolved by week’s end. This act has made OCIO shine.”



U.S. AIR FORCE DISTRIBUTED COMMON GROUND SYSTEM (AF DCGS) PAST PERFORMANCE

Sustainment Support Services

Key Results:

Criterion is the prime contractor managing $28.5M and 50 TS/SCI cleared FTEs to install, integrate, and maintain a wide variety of Commercial Off-the-Shelf (COTS) computer systems, hardware, and software applications across multiple sites, while working in a highly secure environment where both speed and accuracy are critical to mission success. We:

Support system administration and engineering. Recognized for network support by the Det 1 Commander and Deputy Commander of the 548th ISR Group as being critical support, allowing the analysis of images to support Humanitarian Aid/Disaster Relief missions and the delivery of relief supplies.

Provide network operations center support. Prevented the loss of data servers and potentially saved the Air Force up to $4M through our quick response to environmental issues in the operating space

Lead fiber and switch upgrades which have ultimately increase Full Motion Video download times and overall productivity by nearly 200%.

• Technician’s actions resulted in a repair which prevented the loss of 20% of a sites operating capability.

• When two mission critical classified servers failed into administrative lockdown, Criterion resolved incidents on both servers and saved three years of critical audit data.



NATIONAL SCIENCE FOUNDATION (NSF) PAST PERFORMANCE

Cybersecurity and Privacy (CS&P) Support Services

Key Results:

Criterion is the prime contractor managing $20M and 20 FTEs to support enterprise-wide cybersecurity and privacy services. Criterion provides program/project management support; CS&P oversight, compliance, and policy support; Risk Management Framework (RMF) and FISMA program support; contingency planning support; operations and engineering support; vulnerability management support, incident response, and IT forensics. We:

Manage and protect NSF infrastructure and assets while maintaining an open and collaborative environment for scientific research and discovery.

Provide cyber security-related expertise and leadership to drive NSF’s transformation initiatives that include transitioning the NSF Data Center to “as a service” (externally hosted) approach.

• Criterion stood up the NSF Security Operations Center (SOC).

• We successfully corrected many of the tasks that were left in negative performance standings when the contract transitioned to Criterion increasing performance and customer satisfaction.



U.S. FIRE AND AVIATION MANAGEMENT (FAM) PAST PERFORMANCE

Application Support Services Blanket Purchase Agreement

Key Result:

Criterion is the prime contractor managing $25M and 30 FTEs supporting 20 applications used by the interagency fire community that includes more than 11,000 users during high fire season and more than 50,000 user accounts enterprise-wide. We:

Implement an Agile software development approach and CMMI-DEV Level 3 to support enterprise applications.

Adhere to pre-defined annual engineering, development, and enhancement timeframes, with a separate 7-month "fire season" where the 24/7 operational tempo creates different prioritization for our work.

Analyze and integrate applications with servers to evaluate updates/communications from host environment providers such as NITC and Earth Resources Observation and Science (EROS) Data Center.

Criterion was recently awarded a contract to provide technical leadership and support to FAM application Middleware. This enables streamlined and cost-effective application and contract performance.



WHY CRITERION?

Large business systems integrator and cyber operations company

Partner-centric culture –collaborate to accomplish agency missions

Exceptional qualifications and prime contract references

Highly skilled and trained personnel • Clearances: 50% of staff cleared at Q or TS or

higher • Certifications: 80% maintain certification in

area of expertise• Retention: average rate for the last three years

is more than 92%

Leverage COEs and capabilities across like programs

Mission-focused service delivery

Successful contract transitions across multiple geographic regions

innovate | collaborate | secure briefing

Documents