<

Cybersecurity Services

We provide cybersecurity assessment, engineering, continuous monitoring, risk management, and program strengthening support to Federal and State agencies, and others working with the public sector. We provide full-lifecycle NIST Risk Management Framework (RMF) process support for Federal systems, applications, and common control programs, in accordance with Federal and Agency requirements. Our technical specialists and cybersecurity engineers also provide technical security engineering, incident response (IR), and security operations support that includes installing, configuring, maintaining, and enhancing IT security tools; providing security engineering and architecture support for system design, implementation, and integration efforts; providing 24/7 IR preparation, detection, analysis, remediation, and reporting support; performing web application security and penetration testing; designing and implementing Information Security Continuous Monitoring (ISCM) capabilities and dashboards; and providing overall vulnerability management support.

Additionally, we have deep experience helping Federal Agencies ensure that solutions moved to FedRAMP Cloud Service Providers (CSP) are appropriately secured and monitored. Our services are tailored to the specific needs of each organization and engagement, and are continuously updated to reflect lessons learned from our projects with other organizations, as well as emerging technologies, requirements, and threats.

Our team members bring extensive experience working with the U.S. Government Accountability Office (GAO), Offices of Inspectors General (OIG), and internal audit groups, and we have successfully supported a number of Agencies in preparing for, supporting, and responding to Federal cybersecurity audits and evaluations. We have the depth and breadth of experience across the HACS SIN, including:

B&M provides security and consulting services that address risk from a holistic, organizational perspective and assist in designing and establishing security governance structures in accordance with Federal guidelines. This type of support includes the implementation of an organization’s risk management strategy; an assessment of risk tolerance; designing and providing security awareness and role-based training; and security policy and procedure development and optimization. B&M also aids in designing and implementing security and privacy continuous monitoring strategies and plans to enhance risk visibility and drive cost efficiencies in risk management and compliance.

We provide full-lifecycle NIST Risk Management Framework (RMF) support for Federal systems, applications, and common control programs, in accordance with Federal Information Security Modernization Act (FISMA), Office of Management and Budget (OMB), and National Institute of Standards and Technology (NIST) requirements and standards. Our teams have extensive experience in guiding new system acquisitions and development efforts from initiation to Authorization to Operate (ATO), including supporting stakeholders in the design and implementation of appropriate cybersecurity and controls, and serving as independent assessors. We also perform more targeted security impact analyses and assessments for changes to existing systems. We have successfully supported a number of Agencies in preparing for, supporting, and responding to Federal IT security audits and evaluations.

We provide support to Federal Agencies in planning for and implementing strategies and transition plans to Information System Continuous Monitoring (ISCM), Privacy Continuous Monitoring (PCM), and Ongoing Authorization (OA), in alignment with OMB requirements and NIST guidelines. Our teams have worked with Federal Agencies to assess readiness for ISCM/OA transition through the three prisms of people, process, and technology, and to define ISCM and PCM strategies and implementation plans. We are also helping guide Federal Agency stakeholders and systems through the ISCM, PCM, and OA transition, including providing support related to the selection, installation/configuration, integration, maintenance and enhancement of Continuous Diagnostics and Mitigation (CDM) capabilities.

We provide cybersecurity and privacy consulting and operational support on-premises and offsite in a number of programmatic areas and at various organizational levels, including:

  • Security Asset Management & IT Component Inventory
  • Plan of Actions and Milestones (POAMs) Management
  • Data Call Assistance (FISMA Reports, Internal Reports)
  • Development, Modernization, & Enhancement Tasks
  • Security Documentation, Event, & Incident Management
  • Assessment & Authorization Support for Various Systems
  • Cybersecurity Awareness Training
  • Sensitive Information Management & Data Loss Prevention
  • Continuous Diagnostics and Mitigation Tools

B&M provides a suite of Risk and Vulnerability Assessment (RVA) support services that can be delivered on a one-time, ad-hoc, or continuous basis. In fact, B&M was one of the first 12 vendors to obtain GSA approval to offer RVA support services under the GSA IT Schedule 70 Highly Adaptive Cybersecurity Services (HACS) initiative. Service areas include security assessments; vulnerability scanning; threat analysis and penetration testing support; and the development of risk metrics and risk mitigation strategies.