Cybersecurity Assessment and Authorization

Cybersecurity Assessment and Authorization (DIACAP/RMF)

We will manage your entire compliance effort, from beginning to end to enable you have the ability to focus on your mission. Our consultants have extensive expertise and have worked with many federal agencies.  We can work through any applicable framework (including NIST, ICD, NISPOM, and RMF) to ensure compliance of your system is completed on time and on budget.

Cybersecurity Assessment and Authorization services

  1. Staff Augmentation

We can provide an on-site or off-site consultant for any portion of the project or to see the project through to its completion.  Our consultants can help guide your team through the documentation and complex framework of any compliance methodology.

  1. Control / Vulnerability Assessments

We will review your documentation against system and control implementation.  We can provide guidance as to how to mitigate identified openings based on each control’s current implementation.

  1. System Hardening

One of the more complex requirements of a compliance effort is to “harden” or apply Security Technical Implementation Guides (STIGs) and/ or Security Requirements Guides (SRGs) to the system or network in both classified and unclassified environments.  Most systems, devices, and appliances arrive from the factory in an open configuration and therefore may not be specified to what your system needs.  To receive an Authority to Operate, you must harden and configure your system per the requirements set forth by the applicable compliance framework.

  1. Policy & Documentation

Compliance requires a great deal of documentation, including System Security Plans (SSPs), a System Security Authorization Agreement (SSAA), Security Policies, Continuity Plans, etc.  Our team can specifically tailor these documents to your organization and/or system.