Whether your organization requires a network vulnerability assessment, network penetration test, wireless network assessment, web application assessment, or a customized service offering, SimIS will ensure your expectations are not only met, but exceeded.
Risk Management Framework (RMF)
SimIS experts have extensive knowledge and experience in implementation of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). SimIS personnel support development of all phases and pieces of the C&A package by applying the RMF to Federal Information Systems and Commercial Information Systems, and has working expertise and proficiency in the Enterprise Mission Assurance Support Services (eMASS) tool used to automate the DoD RMF process. SimIS Cybersecurity Experts have a sound understanding of the associated risk management and assessment processes; implementation practices, techniques and technologies; roles and responsibilities; and artifacts development leading to U.S. Government information system authorization. They are experienced with the RMF six (6) step process, integrated with the System Development Life Cycle to include: roles and responsibilities; references; and guidelines.
RMF Life Cycle
- Categorize Information System
- Select Security Controls
- Implement Security Controls
- Assess Security Controls
- Authorize the Information System
- Monitor and Assess Security Controls
SimIS, Inc offers penetration testing as a distinct service, where other companies often use the terms “vulnerability assessment” and “penetration testing” interchangeably. While a vulnerability assessment does provide value to a client when meeting auditory or compliance requirements, it does not necessarily expose the true business impact of a specific vulnerability or chain of vulnerabilities. SimIS has developed unique methodologies, tools and techniques for infiltration and escalation of privilege on networks. SimIS penetration testing is much more than simply running a single known vulnerability scanning tool and reformatting the raw output. The value of this service offering resides in our staff’s expert knowledge and use of several customized tools and techniques. At your request, our consultants can also employ social engineering techniques to help our clients obtain a more complete awareness of human vulnerabilities.
Our experts understand the challenges associated with performing assessments against systems and networks that require a high level of availability. SimIS has developed specific methodologies, utilizes commercial and government tools and uses industry best practices for performing vulnerability assessments to deliver valuable and accurate reporting while ensuring system availability and minimal performance impact for critical systems.
Periodic Vulnerability Scans
SimIS offers affordable periodic vulnerability scans that are designed to identify potential vulnerabilities as they are made public. The first step is to obtain a baseline of accessible systems and services. The follow-on scans will then identify discrepancies from the baseline, alerting your organization to these changes. While this type of service is easy to automate and conduct without human analysis, our experts will be involved in each step, providing a more thorough test. You define the time period, designate the network to be scanned, and we will meet your needs.
Wireless Network Assessment
Implementation of a secure wireless network can be a difficult task with this ever-changing technology. Our experts have specific expertise in wireless networking and can readily demonstrate the security impact of your wireless network, or those networks owned by other organizations in close proximity. An improperly configured wireless network or client can provide an anonymous back door into a corporate network, leading to the compromise of IT infrastructure, confidential information, and trade secrets.
Web Application Assessment
Our experts have performed web application assessments against a variety of highly customized environments. Our methodologies are based upon highly skilled manual testing in conjunction with tools used to identify security issues. Whether you have developed a customized web application or implemented a COTS (Commercial Off-The-Shelf) solution, SimIS can provide assessment services to ensure that you and your client’s data will remain protected.