CYBER SECURITY

Today, organizations face a wide variety of technological and strategic cybersecurity challenges in a complex and dynamic environment.  An effective cybersecurity response requires strategies, policies, plans, and technologies able to match these rapidly evolving security environments.   FCI’s cybersecurity service portfolio provides both consulting and staff augmentation services with experienced, credentialed staff.  Our staff possess the highest security clearances and certifications, such as CISM, CISSP and PMP and computing environment certifications from Microsoft, CISCO and others.

Our service delivery approach focuses on Federal and Department of Defense (DoD) Cybersecurity risk management and compliance. Regulatory compliance includes the Federal Information Security Management Act (FISMA), Office of Management and Budget (OMB) guidance, and Agency policies and directives. Frameworks used include National Institute of Standards and Technology (NIST) and Risk Management Framework (RMF), ISO 27001, and FedRamp Cloud frameworks.

Our cybersecurity services include:

Risk Management and Compliance Services

  • Provide security assessment and authorization (SA&A) – previously called certification and accreditation – using National Institute of Standards and Technology (NIST) special publications (SP) for the Risk Management Framework, including SP 800-37, SP 800-53, and SP 800-53A
  • Develop compliant security assessment documentation, security categorization reviews, system security plan analyses, and security plans
  • Develop and deliver targeted Risk Management Framework Training for various stakeholders
  • Provide governance, risk, and compliance (GRC) services through long-term staff such as an Information Systems Security Officer or Manager
  • Conduct risk assessments using NIST 800-30, 800-18 and 800-53A
  • Conduct vulnerability assessments for networks, systems, applications, and databases using Security Content Automation Protocol (SCAP)-validated tools that leverage the National Vulnerability Database (NVD) and configuration standards such as U.S. Government Configuration Baseline (USGCB), Federal Information Processing Standard (FIPS) 140, and Secure Technical Implementation Guides (STIGs)
  • Support organizations in performing their risk management tasks and activities, including preparing for audits by outside parties and training personnel
  • Design and manage the continuous risk management/continuous monitoring processes
  • Implement a high level approach to iterative risk assessment as part of a consistent and repeatable expertise-driven approach to risk management

Strategic Services and Cybersecurity Policy

  • Develop and/or manage an effective cybersecurity program
  • Develop, implement, and/or manage leveraged security services
  • Continually review of mandates, requirements, and threat reports to identify requirements for new or enhanced cybersecurity policies; ensure cybersecurity policy development reflects emerging technologies and associated requirements for enhanced security
  • Develop policy and standards following a mature (lifecycle) methodology leveraging our experience and best practices

Integration Services

  • Vulnerability Intelligence Solutions
  • Firewalls / VPN / IDS / PKI / Smart Cards / Biometrics

Security Awareness and Training Services

  • Conduct instructor-led, web-based and Computer-based (CBT) training programs
  • Provide focused training classes for all levels – System Admin to End Users. Examples of recently developed training courses include Cross Domain Solutions and, RMF Overview and RMF Security Controls “Deep Dive”

Network & System Architecture & Engineering

  • Design, review, and develop security architecture
  • Provide engineering services for security devices and security products

Incident Response

  • Provide monitoring, incident management, incident response, threat assessment, forensic analysis and investigation, and investigation services
  • Develop and/or manage leveraged security operations center (SOC) and incident response capabilities

Business Continuity & Disaster Recovery

  • Execute business impact assessments (BIAs) and risk assessments
  • Develop business continuity of operations plans (COOPs) and IT Contingency Plans
  • Conduct disaster recovery planning and testing
  • Perform devolution planning