Black Rock ensures appropriate safeguards are in place to protect networks and network-supported assets.

Our Security Engineers and Analysts are unique in that they have provided Certification and Accreditation (C&A) and Assessment and Authorization (A&A) services to General Computing Environments with Global Information Grid connected systems as well as Weapons, Launch Range Instrumentation, and Industrial Control Systems (ICS).  We know the nuances associated with those systems and will develop and implement Systems Security Strategies and plans that identify, mitigate, monitor, report, and fix vulnerabilities of target systems.  Our execution of cybersecurity includes assigning measurable implementation/maintenance costs of countermeasures, for acquisition planning and prioritization of requirements within the customer’s procurement strategy.

 

BR personnel are experts in major federal security laws, Executive Orders, security implementation guidelines, and their applicability to government and private organizations. Security-related statutory requirements include those outlined in the Federal Information Security Management Act (FISMA) and the Risk Management Framework (RMF) Instructions and Special Publications. BR can assist federal, state, and private organizations with the security accreditation process (A&A) mandated for many federal and outsourced information systems.

 

  • Develop A&A packages for major applications, general support systems, and minor applications
  • Conduct risk assessments and common control selection
  • Develop strategic security plans and programs
  • Develop cyber security strategies, roadmaps, training, and execution plans for transition to the RMF for senior leadership, risk executives, and stakeholders
  • Provide full spectrum FISMA and privacy program support to Federal Agencies and commercial customers
  • Develop full range cybersecurity / RMF training and certification programs for Federal Agencies and commercial customers (including management and train-the-trainer courses)
  • Develop, integrate, test, and manage real time continuous monitoring plans, and capabilities for enterprise and specialized information systems
  • Design, develop, configure, and maintain enterprise Security Operation Centers (SOC), enterprise Identity Management Solutions, and Security Content Automation Protocol (SCAP) solutions
  • Develop, integrate, implement, and executes security architectures and support to the System Development Life Cycle (SDLC)