Awareness is the Key: Identify. Assess. Mitigate.
Our reliance on technology will continue to grow for the foreseeable future. At the same time, the use of cyber weapons and attacks as an instrument of power projection and influence is becoming increasingly more challenging. Given that reliance, the development, acquisition, and use of cyber weapons and their attack capabilities demand governments, militaries, and the private sector take decisive actions to mitigate those risks.
We offer a full array of risk management services covering the entire life cycle of a system or major application by:
- Providing information assurance support to categorize information and information systems, identify security controls, engineer secure solutions, assess the effectiveness of implemented technical controls, mitigate residual risks and vulnerabilities, and continuously monitor the security posture of enterprise information systems.
- Developing and implementing strategies and tools to ensure our clients’ enterprise information environments and processes comply with government regulations such as ICD 503, CNSSI 1253, FIPS/NIST 800 series, DoDI 8500.2, and DCID 6/3.
We offer a full array of certification and accreditation (C&A) services covering the entire life cycle of a system or major application based on the National Information Assurance Certification and Accreditation Process (NIACAP), the DoD Information Technology Security Certification and Accreditation Process (DITSCAP), the National Information Security Certification and Accreditation Process (NISCAP), and the Risk Management Framework (NIST 800 series). Among the services offered are:
- Federal Information Processing Support (FIPS) impact level determinations (includes drafting of appropriate documentation and can include a comprehensive business impact analysis, if needed)
- Security plan development and assessment
- Contingency plan development and assessment
- Security test and evaluation (ST&E) and reporting (involves evaluation of management, operational, and technical controls and preparation of risk assessment/security assessment reports and related supporting documentation)
- Plan of action and milestones (POA&M) development and followup of mitigation actions
- Development of supplemental plans, including configuration management plans and continuous monitoring plans
Business needs protection from unforeseen disasters and natural calamities. Our core strategy is helping to design a "hot-pluggable" infrastructure built for the heterogeneous enterprise that consists of modular components operating on a range of popular platforms and interoperating with middleware technologies and business applications.
- In addition to the C&A services we offer, we also offer supplementary assistance with disaster recovery, business continuity, and contingency planning activities. This includes identification of critical activities and resources, development of scripts and plans for responding to various events, development and execution of scenarios for tabletop and simulated exercises, evaluation of technology infrastructure for its ability to support disaster recovery and business continuity, and development of specific recovery-time and recovery-point objectives.