Independent Security & Privacy
Control Assessments
We provide Quality Control Determinations for
credible, informed risk-based decisions.
Play VideoWatch why a quality assessment is critical
Our Certifications
Globally recognized cybersecurity certifications.
Our Services
We aim to exceed customer expectations by specializing primarily with the NIST Risk Management Framework (RMF) Step 4: Assess Security Controls.
Get repeatable assessment methods and tailored recommendations from a certified information systems auditor (CISA).
Plan of Action and Milestones Report
Prioritize weaknesses according to your risk appetite and track remediation.
Privacy Compliance
Ensure privacy compliance with the help of a certified information privacy professional (CIPP/G).
Policy and Procedures
Let us review the current existence, effectiveness and compliance of your policy and procedure set in the context of FISMA and SP 800-53 compliance.
How We Work
It's not a one size fits all assessment approach. We understand some environments are complex and we take that into account when developing an assessment plan, which requires approval before we begin.
Clear
Straightforward and unbiased assessments, avoiding convoluted or overly long phrases. Accurate and digestible security assessment reports (SAR) and plan of actions & milestone reports (POA&M) intended for senior management briefings.
Concise
Brief yet comprehensive assessment results. Ensuring all control requirements are addressed with information only applicable to that specific control. Succinct rationale for any other than satisfied (OTS)/failed controls.
Consistent
Methods arriving to a determination always remain the same – examine, test and/or interview. Reviewing implementations but never copying and pasting. Interview notes are detailed with point of contact information and dates. Artifacts/evidence are never reused/outdated.
Complete
Responsive to all applicable National Institute of Standards and Technology (NIST) and agency requirements. Assessments are done as if your system was being selected for a deep dive audit. No shortcuts and results are always supported by evidence.