ASYNCROB & Associates offers a wide array of technical cyber-security services, which enable our clients to successfully execute and support effective cyber-security programs. Our team of certified professionals has performed on multiple contracts for the Department of Defense and multiple Civilian agencies and provides superior consulting services for our private sector clients
Information Security Assessment: The ASYNCROB security assessment is a tailored and comprehensive evaluation of an organization’s Technical, Operations and Management security controls covering all security control families in accordance with National Institutes of Standard and Technology (NIST), Risk Management Framework (RMF), and industry best practices. The assessment is performed by certified experts experienced in a wide variety of tools and techniques to identify security risks and offer detailed mitigation strategies. Our methodology and detailed reporting support both FISMA and HIPAA federal compliance requirements.
Vulnerability Testing: ASYNCROB performs internal and external vulnerability analysis services of client networks and systems that encompass Major Applications and General Support Systems (GSS) to verify and validate risks associated with the IT devices in the system boundary. Our security engineers perform scans and conduct network discovery, collecting and analyzing data, to discover an organization’s potential weaknesses. Ultimately, we determine what network services are visible and, of the services visible, catalog known vulnerabilities associated with the service as well as verify and validate risks associated with the IT devices within the system boundary. Our analysis demonstrates the ability of a person with access to a client’s information system computing resources to circumvent “in-place” security protection mechanisms. For those vulnerabilities discovered, the ASYNCROB team develops detailed reports identifying the risk level (LOW, MEDIUM, HIGH) and provides mitigating strategies for each risk documented. Additionally, to the degree possible, false-positives are eliminated from reporting. ASYNCROB security engineers and Subject Matter Experts (SMEs) document all scans executed during testing. Client personnel are welcome and encouraged to participate and observe all test execution.
Penetration Testing: ASYNCROB performs both Internal and External penetration testing of client network segments, applications, and systems utilizing a verifiable and repeatable process. The purpose of our testing is to measure the system’s ability to maintain a secure posture under external and/or internal attack by demonstrating the ability of a motivated person to circumvent in-place security protection mechanisms. If our team is successful in breaching your security the ASYNCROB security engineers and SMEs further attempt to discern if a potential attacker could either compromise information (e.g., steal it, modify it, etc.), or disrupt client information system operations (e.g., delete file systems, halt system operations, etc.). All testing information and results that support our security team’s conclusions are provided to the client in the form of artifacts, evidence, and/or dictations.
Staff Augmentation: ASYNCROB staff augmentation services are designed to provide on-site and cost-effective security expertise to organizations to perform designated critical security, technical, management or operation tasks. Our security professionals ensure expert knowledge transfer in all engagements to maximize the in-house value of their performance.
Security Program Guidance: ASYNCROB provides executive-level support to organizations requiring strategic guidance for the purposes of building and implementing effective and efficient organization-wide security programs. Our services strive to build strategies that incorporate functional continuous monitoring, maintain compliance with the Risk Management Framework (RMF), and any other applicable client-specific requirements.
Security Policy Planning and Development: ASYNCROB provides expert resources and compliant templates to assist in developing security policies, procedures, standards, and guidelines. Our security experts analyze, prepare, update, and provide security-related operational, management, and technical information systems documentation that supports a continuous monitoring environment and strategy.
Cyber Security Training: ASYNCROB instructors are certified technology experts and experienced educators. This unique combination minimizes project learning curves and results in a curriculum that ensures the most rapid and effective results possible. ASYNCROB offers standardized on-site, instructor-led training courses in CISSP® (Certified Information Systems Security Professional), Sec+ Certification & Net+ Certification. ASYNCROB also maintains the capability to design, develop, and deliver turnkey education solutions that include interactive learning materials and multi-use system simulators tailored to meet individual client goals.
Assessment and Authorization (A&A) Services: ASYNCROB A&A service capabilities cover multiple areas of FISMA compliance.
- FISMA Audit Services – Often referred to as continuous monitoring, ASYNCROB serves as the Certification Authority (CA) for your organization. Our processes align with those of federal agencies and use the same documents and deliverables required by NIST in the SP 800-37 framework. Ongoing A&A ensures that the security controls implemented during security authorization remain updated and effective.
- FISMA Assessment and Authorization (A&A) Package Development – ASYNCROB security professionals will assist your organization in building compliant A&A document packages to submit for authorization.
- Information Security Assessment
- Vulnerability Testing
- Penetration Testing
- Security Program Guidance
- Security Policy Planning and Development
- Cyber Security Training
- Staff Augmentation
- Assessment and Authorization (A&A) Services
- Air Education and Training Command BNB Group
- Alexandria-Fairfax Kappa Scholarship Endowment Fund Inc.
- Annapolis Bowie Cardiovascular Associates Bureau of Land Management
- Davis-Paige Management Inc. CAM Systems
- Defense Finance and Accounting Service Commonwealth of Virginia
- Defense Logistics Agency Corp of Engineers
- Virginia Department of Transportation CACI
- Virginia Highland Community College DEW Financial
- Virginia Department of Aviation Fairfax County
- Kappa’s of Alexandria Fairfax LLC Internal Revenue Service
- Lord Fairfax Community College Old Dominion University
- Metro Cardiovascular & Associates Treasury Department
- National Archives and Records Administration the United States Air Force
- National Institute of Standards and Technology the United States Army
- Powell Manufacturing Industries University of Virginia
- Transportation and Security Administration the United States Navy
- United States Naval Academy Department of State
- Western Area Power Administration Department of Energy
- Wheeler Creek Community Association