Trusted Cyber Security and Regulatory Compliance

for

Critical Infrastructure

 

Defense Industrial Base

Defense Industrial Base

The Defense Industrial Base Cybersecurity (DIB CS) Program is a Public-Private Cybersecurity Partnership. Participants are cleared defense contractors:

  • • Large, mid, and small-sized defense contractors
  • • Sole source providers, market competitors, joint-development partners, supply chain vendors
  • • Manufacturers of weapon systems, platforms, and critical parts
  • • Federally Funded Research and Development Centers (FFRDCs)
  • • Commercial Solution and Service Providers
  • • University Affiliated Research Centers


Cybersecurity incidents have surged 38% since 2014. (The Global State of Information Security® Survey 2016). In a study of 200 corporate directors, 80% said that cybersecurity is discussed at most or all board meetings. However, two-thirds of CIOs and CISO say senior leader in their organization don’t view cybersecurity as a strategy priority (NYSE Governance Services and security vendor Veracode)

    Reported identities exposed in 2015: 429 million (up 23% from 2014) including
  • – 22 million personnel records from OPM
  • – 78 million patient records from Anthem
  • – May be higher, as some companies may choose not to reveal full extent of breaches (Symantec, Internet Security Threat Report 2016)

In 2015, of the cyber incidents that were identified as breaches 89% were financial or espionage motivated. (Verizon 2016 Data Breach Investigations Report)


CyberForce leverages enterprises architecture models and frameworks to achieve comprehensive documentation of our customer’s active infrastructure. This data is used to populate the FedRAMP SSP templates for comprehensiveness. The complete system is then subject to a thorough and detailed RMF analysis to zero in on critical assets and assets in the critical path. Once this is done we leverage the NIST 800-53 and FedRAMP standards to undertake complete testing of the system.


As part of the baselining exercise, we leverage Client Staff to accomplish as complete a coverage as possible, as opposed to a statistical model, which is reserved for ongoing checks. This approach is taken to close the door on the would-be hackers banking on systems being left untested over time. We leverage proprietary and standard tools such as DHS CSET and CSAT.


We proceed further into CyberForce created micro-object models to document the results at a granular level. This micro-object oriented model allows us to compile state of security along many slices – such as state of security for a particular geography and for a specific set of systems.


Observations are cross walked to relevant standards as well as any internal client system security framework of controls. It is this Architecture to Artifacts comprehensiveness that is representative of CyberForce’s value.