Industry Leader in Cybersecurity

Assessments

To help secure information systems for our clients, TestPros’ IT Security Assessment Services apply established standardized IT security assessment methods and procedures to assess the security controls in information systems, including mobile devices (Android, iOS, etc.). Our assessments, for both commercial and government clients, are normally based on the Risk Management Framework (RMF) defined in NIST 800-53 Rev4, Security and Privacy Controls for Federal Information Systems and Organizations. Two other standards commonly used by organizations, especially commercial organizations, are NIST 800-171 and DoD’s upcoming Cybersecurity Maturity Model Certification (CMMC). We also apply other industry and client-specific IT Security Assessment standards and guidelines such as the Open Web Application Security Project (OWASP). Our IT security assessments determine if security controls are implemented correctly, operate as intended, and produce the desired outcome with respect to meeting the security requirements of each client.

Approach

To assure the proper implementation of the NIST and/or OWASP guidelines, we follow related guidance to take into consideration the entire system, network, and application lifecycle from a security standpoint. Our approach includes audits of policies, procedures, controls, and contingency planning, and automated tests of the system’s security posture using a combination of commercial and open source technologies. The standard assessment approach promotes more consistent, comparable, and repeatable security assessments. We develop custom test and evaluation procedures and methods for unique and non-standard environments. TestPros supports security assessments of cloud-based environments by expanding on the NIST and OWASP approach.

For those systems that exhibit security vulnerabilities, we produce formal recommendations for bringing the appropriate security controls into compliance. The outcome of the assessment is a collection of documents that describes the security posture of the system, an evaluation of risks, and recommendations for correcting deficiencies.

Specific assessment and authorization support services include:

  • A&A/C&A Assessment and Authorization
  • Security Test and Evaluation (ST&E)
  • Penetration Testing
  • Cloud Security
  • Software Assurance Malicious Code Assessments
  • Security Policy and Operational Procedure Development
  • Security Engineering and Architecture Design
  • Computer Security Incident Response
  • Man in the Middle (MITM)
  • Vulnerability Analysis
  • Malicious Code Analysis

Our skilled and experienced IT Security Assessment Teams provide support in the the following areas:

Security Assessments

  • Regulatory Compliance
  • Assessment and Authorization (ISO 27002 – ISO 17799)
  • Risk Assessments, System Security Plans (NIST SP 800-53 Rev4, SP 800-26, SP 800-18)
  • Supply Chain Risk Management Plans (NIST 800-161)
  • Business Continuity and IT Systems Contingency Plans (NIST SP 800-34)
  • Security Control Assessments (SCA) and Security Test & Evaluation (ST&E)
  • Physical Security Assessments, Disaster Recovery (DR) Plans and Testing, Continuity of Operations (COOP) Plans and Testing

Security Operations

  • Ongoing Compliance Monitoring
  • Real-time Network Traffic and Device-based Content Monitoring
  • Configuration Management (CM) and Patch Management (PVM)
  • Managed Security ‘Help Desk’ Multi-level Security and Interoperability
  • Multi-level Security and Interoperability

Share

Send Us A Message