KMC has developed a track record of performance in helping our clients navigate the challenges associated with cyber threats. Our services include providing Federal Information Security Management Act (FISMA) compliance and assurance solutions in compliance with Federal and NIST guidelines. We have successfully assisted numerous federal agencies with implementing risk-based, fully compliant cybersecurity programs, including the Department of Health & Human Services (HHS), Nuclear Regulatory Commission (NRC) and numerous other security conscious customers. Our offerings include independent testing, assessment, and advisory services that help integrate security into organizational architecture, processes, and documentation. We approach security engagements by leveraging a deep understanding of compliance frameworks, such as those defined by the National Institute of Standards and Technology (NIST), to provide superior security practices, testing, and customized implementation models. This enables government agencies to meet stringent compliance standards while ensuring that a comprehensive framework exists for security and risk management.

KMC has experience with a variety of governance frameworks including:

• NIST, FISMA, FedRAMP and DOD RMF (Risk Management Framework)
• Developing Security Assessment Plan (SAP), Rules of Engagement (ROE), and Security Assessment Report (SAR)
• Penetration testing
• Source code analysis and testing for both static and binary reviews
• Application, database, and infrastructure vulnerability scanning and results interpretation

Typical deliverables that our team produces for our clients as part of the security assessment and accreditation process include:

• System Security Plan (SSP)
• Contingency Plan (CP)
• Incident Response Plan (IRP)
• Configuration Management Plan
• Privacy Impact Assessment (PIA), and
• Federal Information Processing Standard Publication 199 (FIPS 199) Security Categorization, Policies, Procedures, etc.
• Continuous Monitoring and Reporting

Further, KMC has experience with a number of tools and technologies to support the security and compliance engagement including static & binary code scanning technologies such Veracode and Checkmarx; Vulnerability scanning using Acunetix and Tenable Nessus; Continuous Monitoring using Splunk & Elasticsearch and Privileged Threat Management using Xceedium amongst other tools depending on client specific needs.