The ACES cyber team has the deep cybersecurity expertise to help organizations reduce and manage risk while balancing cost, schedule, and performance.
Risk Management Framework (RMF) Compliance
ACES supports all steps of the RMF process, from preparation to continuous monitoring. ACES has experience reviewing ATO packages being sent to the Authorizing Official (AO) for review, as well as experience developing ATO packages at the program office level. ACES develops assessment & authorization (A&A) documentation, assesses, and implements DISA STIGs (Security Technical Implementation Guides), reviews vulnerability scan results, develops mitigations, conducts risk assessments, develops tools to automate portions of the A&A process, aligns the cyber activities with the programs integrated master schedule (IMS), and more.
Cybersecurity Maturity Model Certification (CMMC) Readiness Assessments
ACES provides CMMC readiness assessments for companies who are seeking CMMC certification. ACES has developed a SharePoint-based assessment solution to assess an organization’s security posture against CMMC, and this tool can also be deployed in a customer’s secure enclave.
ACES provides cybersecurity assessments which audit the security posture of an organization. Assessments include Internal and External Penetration Testing, Security Controls Review, Risk Assessments, and Application Security Audits. The various assessments allow ACES to help customers prepare for industry-specific compliance requirements.
ACES conducts incident response in cloud and on-premises environments. ACES efficiently identifies and makes recommendations to contain the source of incidents and provides detailed reports to leadership. ACES also recommends improvements to policies, processes, and technologies to harden the organization against future incidents.
ACES performs penetration tests to customers that are seeking an exploit analysis of their environment. ACES collaborates with customers to establish a testing scope and then simulates cyber-attacks. The penetration test focuses on potential vulnerabilities that can be exploited, any sensitive data at risk during the test and the amount of time the tester was able to remain in the system undetected. In various scenarios, these types of test results can provide a customer a roadmap of opportunities to improve their security posture.