· Security Control Assessment & NIST 800-53A
· Security Assessment & Authorization (SA&A)
· Independent Verification & Validation (IV&V)
· Information System Security Officer (ISSO) & Information System Security Engineer (ISSE) Support
· Security Policy and Documentation Development
· Zero Trust Architecture Strategy, Planning, and Implementation
· DevSecOps
· Secure Cloud Migration & Implementation
· Penetration Testing
· Vulnerability Assessment & Scanning
· Incident Response (IR) & Disaster Recovery (DR) & Continuity of Operations Planning
Provide contractor support services to understand the current state of your agencies cyber-security posture and the maturity of its cyber program. In this discovery exercise, also known as (Discovery -Phase I), the contractor will assess agencies current risk environment, critical IT assets, and existing vulnerabilities identified by your agencies Governing Authorities, Government Accountability Office (GAO) or the Office of Inspector General (OIG). As a result of (Phase I) discovery efforts, agencies will achieve the following milestones: The development of a cyber-strategy and road-map with defined goals and milestones for the program and operationalized with audit management capability to begin reducing the backlog of audit recommendations developed. A centralized cyber governance function to enable coordination and communication across program offices while improving your agencies processes for responding to cyber incidents.
Provide contractor support for integrating advanced cyber-security technologies, processes, and policies across the department, in this integration exercise, also known as (Enterprise - wide Integration- Phase II) , The agency will accomplish the following milestones: Develop a Risk Management Strategy to enable proactive identification of risk to agencies high-value IT assets and integration with the development of agencies enterprise risk management program. The Implementation of an audit readiness and management capability that will provide recommendations, mitigation and remediation plans for open vulnerabilities. Create a cyber-minded culture through enhanced cyber security awareness and training to reinforce cyber-safe behaviors, including the development of targeted, interactive training's for critical cyber-security resources and campaigns to promote an understanding of organizational change. Establish cyber solutions including enterprise identity, credential, and access management (ICAM) and data loss prevention (DLP) programs. Establish the ability for continued collaboration to operate without disruption to evolve into Governance Risk and Compliance Program (GRC) (Phase -III) without sacrificing the pace of current activities.
Provide contractor support for integrating advanced cyber-security technologies, processes, and policies across the department, in this integration exercise, also known as (Enterprise - wide Integration- Phase II) , The agency will accomplish the following milestones: Develop a Risk Management Strategy to enable proactive identification of risk to agencies high-value IT assets and integration with the development of agencies enterprise risk management program. The Implementation of an audit readiness and management capability that will provide recommendations, mitigation and remediation plans for open vulnerabilities. Create a cyber-minded culture through enhanced cyber security awareness and training to reinforce cyber-safe behaviors, including the development of targeted, interactive training's for critical cyber-security resources and campaigns to promote an understanding of organizational change. Establish cyber solutions including enterprise identity, credential, and access management (ICAM) and data loss prevention (DLP) programs. Establish the ability for continued collaboration to operate without disruption to evolve into Governance Risk and Compliance Program (GRC) (Phase -III) without sacrificing the pace of current activities.
Provide contractor support services to secure and protect your agencies infrastructure, applications, systems, and data, to include services and systems developed, operated, and maintained by Contractors and provided by Cloud Service Providers (CSP). In this Governance, Risk and Compliance (GRC) exercise, also known as (GRC -Phase III), The agency will achieve the following Milestones: Milestone 1: The Implementation of Cyber security Support Project Management. Milestone 2: Security Architecture and Innovation. Milestone 3: Governance, Risk, and Compliance (GRC) Implementation. Milestone 4: Privacy Program Support & Implementation.