Risk and Vulnerability Assessments
based on NIST, A-123, SCADA, PCI, or CSAM, meets all applicable OMB, FISMA and Agency requirements.
Computer Room/Building Assessments
to satisfy Physical and Environmental controls of NIST, C&A, and CSAM. Analysis of Security Risk per NIST SP 800-53 PE. Services focus on identifying and quantifying vulnerabilities including risk, likelihood and impact.
Penetration Testing
of devices to determine known vulnerabilities, including internal and external, and on-going configuration evaluation to ensure system stays secure.
Certification and Accreditation (C&A) Management
including initial phases, Plan of Actions and Milestones (POA&M) process, CSAM input and CSAM management.
Independent Verification and Validation (IV&V),
third-party assessment of the functionality of systems, websites, and/or applications.
Security Testing and Evaluation (ST&E),
to ensure that systems meet security requirements outside of C&A testing.
ASSESSMENT SERVICES
Risk and Vulnerability Assessments based on
NIST, A-123, SCADA, PCI, or CSAM.
Computer Room/Building Assessments to satisfy Physical and Environmental controls of NIST, C&A, and CSAM
Penetration Testing of devices to determine known vulnerabilities, including internal and external, and on-going configuration evaluation to ensure system stays secure.
Certification and Accreditation (C&A) Management including initial phases, Plan of Actions and Milestones (POA&M) process, CSAM input and CSAM management.
Independent Verification and Validation (IV&V), third-party assessment of the functionality of systems, websites, and/or applicationS.
Security Testing and Evaluation (ST&E), to ensure that systems meet security requirements outside of C&A testing.
STRATEGIC SERVICES
Security Consulting providing guidance, review and strategic planning for security architecture, protection mechanisms, compliance needs, Capial Plannning and Investment Control (CPIC), and integration.
Security Requirements Definition, providing guidance on writing OMB, FISMA and NIST security requirements into purchasing processes.
Policy and Procedure Review, Design and Update, to provide expertise for writing, reviwing and updating policies and procedures to keep current with new regulatory and standards-based requirements.
GAP Analysis to identify specific items in security policies and procedures that must be improved to meet federal and Agency requirements.
Disaster Recovery Planning (DRP), to update or develop recovery plans for applications, systems or Generic Security Services APIs; ensuring that plans meet all applicable requirements.
Security/Network Architecture Review, to determine how well current sytems meet federal requirements as well as business best-practices; creation of a configuration topology if one does not exist.
Security Product Requirements Review, to evaluate planned purchases to ensure that products will meet all Agency requirements.
Asset Management, for inventory and tracking of all hardware and software moves, adds and changes with an organization.
Patch Management, to track the need and coordinate the testing, deployment and documentation of required software patches for servers, workstations, routers, firewalls and other equipment.
Cloud Computing provider relationship management to ensure satisfactory service levels.
Configuration Management, to provide reporting, tracking, metrics and process management services ensuring proper configuration of systems.
INTEGRATION SERVICES
Network Architecture Technology Integration, providing integration of Patch Management, Identity Management (RSA, PKI); Data Loss Prevention, Unified Threat Management (UTM), Web Content Filtering, Traffic Inspection, Analysis and Optimization; Anti-Virus/Anti-SPAM/Anti-Spyware; E-Mail Security, Firewall and Intrusion Detection Systems (IDS.) Optionally may include Policy and Procedure creation, and Device Management.
System and/or Application Hardening Service, to provide optimal configuration of system or application to provide necessary restrictive security features while maintaining functionality.
Mobile Services, to provide assessments and audits of mobile application security; encryption solutions for Smart devices. May optionally include creation of policies and procedures.
Audit Logging, providing Configuration, Collection and Aggregation; Audit Reduction, Audit Analysis and Audit Reporting services. May optionally include policy and procedure creation.
Security Training, to ensure that organization is meeting NIST C&A requirements. Services include Structured Classroom Training, Detailed Technical Security Training (Admin), and Security Awareness Training (user community level). May optionally include policy and procedure creation.
Security Staff Augmentation, providing Security Expertise to alleviate the need to hire dedicated, internal resources.
|
