Cybersecurity & Compliance
Whether they are developing products or providing IT-based capabilities to federal, state and local governments or commercial enterprises, most organizations are required to abide by one or more regulatory Cybersecurity compliance requirements. Excentium can help you become and remain compliant with many of these. We currently support the following regulatory standards and requirements: FedRAMP, FedRAMP+ (DoD CCSRG), StateRAMP, CMMC, NIST/DoD RMF, HIPAA, PCI, FAR/DFARS (NIST 800-171),SOC/SSAE 18, and GDPR.
Consult and Advisory Services – Our Compliance and Advisory Services (CAS) team includes system/security architects, enterprise engineers, software and database developers and cybersecurity specialists with extensive industry experience in their fields. The CAS team helps organizations modernize and fortify their information systems, migrate and evolve their systems through modernization and automation, and prioritize their cyber risks. Specific services include:
- Readiness Assessment– quickly determine your organization’s readiness to undergo any compliance-based assessment
- Security Package Development – determine what should be documented; we can provide guidance to develop your security package or develop it for you
- Gap Assessment– gain knowledge and awareness of your organization’s Cybersecurity hygiene as well as your regulatory compliance obligations and the potential risk to your organization
- Complete Security Authorization Support– prepare for and achieve Security Authorization through many compliance standards
- FedRAMP Preparation and Authorization Support– As a FedRAMP Type “C” 3rdParty Assessment Organization (3PAO), the Excentium CAS team has the experience and expertise necessary to assist any Cloud Service Provider (CSP) with preparing their Cloud Service Offering (CSO) for a FedRAMP readiness capabilities assessment or FedRAMP 3PAO Independent Assessment. Excentium’s team composition includes industry engineers, software developers, cybersecurity specialist and information systems architects whom not only have an expert understanding of the federal compliance standards but are also seasoned technologist. As such, they understand the subtle nuances and challenges of the technical implementation of cybersecurity requirements our customers face in an ever-changing compliance landscape.
- StateRAMP Preparation and Authorization Support – Excentium is a member of StateRAMP and as a FedRAMP 3PAO authorized to assist CSP’s to prepare their CSO for StateRAMP verification.
- CMMC Preparation and Authorization Support – The Excentium team has the cybersecurity, process maturity assessment skills and expertise to assist DoD Defense Industrial Base (DIB) contractors and suppliers prepare for a CMMC assessment of your firm’s compliance.
Third-Party Assessment Services (TIAS)
Even the most mature organizations can benefit from an unbiased assessment from a third party. Whether you are embarking on formal Security Authorization for your Cloud Service Offering (CSO) or simply desire a second opinion, we have the formal accreditation and technical expertise to help. Excentium Third-Party Assessment services include:
- Security Control Assessments– Our cybersecurity experts can perform independent security control assessments (SCAs) for a variety of regulatory and compliance standards, including (but not limited to) NIST/DoD RMF, HIPAA, PCI, FAR/DFARS (NIST 800-171), CMMC, SOC/SSAE 18, and GDPR.
- Vulnerability Assessments – Our cybersecurity engineers evaluate the security configuration of each system’s supporting Operating Systems (OS), Databases (DB), Web servers/services, and installed applications against industry-standard system baselines (e.g. CIS Benchmarks, DISA STIGs).
- Penetration Testing – Our penetration testers are highly qualified technologists with extensive backgrounds in cybersecurity, engineering, offensive security and ethical hacking. Each Excentium penetration testing engineer is knowledgeable and experienced in the implementation of Federal IA/CS requirements as outlined in FedRAMP, FISMA, NIST, and the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs).
- FedRAMP 3PAO Independent Assessment Services – As a FedRAMP Type “C” 3rd Party Assessment Organization (3PAO), the Excentium TIAS team has the proven experience and expertise to perform FedRAMP 3PAO independent assessments against the FedRAMP cybersecurity standards.
- StateRAMP 3PAO Independent Assessment Services – Excentium is a member of StateRAMP and as a FedRAMP 3PAO authorized to assess CSP’s CSO for StateRAMP verification.
- CMMC C3PAO Independent Assessment Services – As a candidate CMMC C3PAO, Excentium will soon be able to conduct CMMC Maturity Level 3 assessments to ensure your cybersecurity practices comply with the CMMC model and your firm is eligible to bid on future DoD contracts where CMMC compliance is required.
Most Cybersecurity related exploits can be linked back to the lacking or inadequate governing policies, processes, and procedures. However, policies, processes, and procedures alone will not make for a successful program—the people and technologies leveraged to implement and monitor them are equally important. Excentium can help you establish a Cybersecurity governance structure tailored to your organization’s unique needs.
Cybersecurity Program Support
Many organizations do not have the personnel resources or expertise on staff necessary to build and manage a successful Cybersecurity program. Excentium experts have decades of experience establishing and managing Cybersecurity programs for government and commercial organizations. We provide Cybersecurity Program Support in the areas of:
- Cybersecurity Program Development – We can evaluate your unique needs and create a Cybersecurity program and resource plan tailored to your organization
- Cybersecurity Program Implementation and Management – We have Cybersecurity personnel and expertise to implement your unique Cybersecurity Program. Each organization is unique, and you may not need full-time expert support. We deploys personnel resources in support of our customers’ needs, specific to the level of effort and type of expertise necessary.
We implement the processes, procedures, and technologies that allow your people to collaborate and share information – without compromising security. In today’s increasingly virtual work environment, it is imperative that your people have fast, secure access to information about projects, finances, operations, and employees. Excentium helps you to streamline operational processes and manage data more efficiently through sharing and collaboration.
Excentium can help you design and implement IT solutions that are robust, flexible, and above all, secure. Our security, system, and network engineers are experienced in the following services:
- Secure network design and implementation
- Verification of existing design
- Identity management/Public Key Infrastructure (PKI)
- Voice/Video over IP (VoIP)
- Firewalls and Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)
- Network access control
- Proactive monitoring and reporting