Cybersecurity Assurance Solutions
We create solutions that empower organizations to gain justified confidence in their cybersecurity posture. We use techniques to evaluate the fundamental processes required to manage operational risk and technical safeguards that surround your most important assets. We draw on well-established principles of process measurement, such as the CERT-RMM and leading edge technical vulnerability assessment methods in developing solutions.
Working with our stakeholders, we have created the following comprehensive solutions that help organizations gain justified confidence in their cybersecurity posture.
Cyber Resilience Review (CRR)
Created by the CERT Division for the U.S. Department of Homeland Security (DHS), the CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization's operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals. The CRR assesses enterprise programs and practices across a range of ten domains (based on CERT-RMM) including risk management, incident management, service continuity, and others. The assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices.
Risk and Vulnerability Assessment (RVA)
An RVA identifies vulnerabilities and ensures that security implementation actually provides the protection that organizations require and expect. An RVA is conducted collaboratively by CERT subject matter experts and DHS using open source and commercial security tools to conduct vulnerability scanning and manual penetration testing. These scans and tests determine whether, and by what methods, an adversary can defeat security controls on a live or simulated network. The main goals of the RVA are to help secure against known vulnerabilities and threats by providing mitigation strategies to reduce risk, and aggregate vulnerability data so executives can make informed decisions regarding the security and safety of information systems.
External Dependencies Management (EDM) Assessment
The EDM Assessment evaluates an organization's risk management when forming relationships with external entities, ongoing management of third-party relationships, and the ability to sustain services when external entities fail to meet the terms of service or are otherwise disrupted. The EDM Assessment, offered by the DHS Cyber Security Evaluation Program, is a no-cost, voluntary, non-technical assessment to evaluate and communicate the EDM capability of critical infrastructure organizations.