Ever-present and persistently advancing, cyber criminals, terrorists, and spies constantly attempt to secretly infiltrate Federal information systems. Phacil’s Cyber Warriors design, develop, and deploy defense-in-depth strategies for our customers to actively deter and defend against these threats to national security. Driven by our internal Cyber Center of Excellence, Phacil enhances our customers’ security posture and awareness by preparing them to manage future challenges, mitigating risk impact along the way. As the 6th largest cybersecurity provider to the Federal Government (as reported by Product Service Code D310: IT and Telecom Cybersecurity and Data Backup), Phacil’s experts draw on their significant experience and technological knowledge through our Cyber Center of Excellence. Our services span continuous monitoring, systems certification and information assurance (IA), testing, policy implementation, security engineering, and incident response. Our security solutions incorporate our Defense-in-Depth strategy, a method of leveraging prevention, detection, and corrective actions to implement multiple layers of security. Infrastructure is only as secure as the maturity in implemented security governance policy, compliance maintenance and reporting, and security engineering.
Phacil provides a roadmap to create a robust cybersecurity program by distilling regulatory, legislative, and organizational requirements. We implement a NIST Cybersecurity Framework-aligned model to integrate Risk Management Framework (RMF) and Information Security Continuous Monitoring services. Our tailored security solutions include categorization, threat identification, and implementation of appropriate security controls. Leveraging monitoring and reporting tools such as SolarWinds and Host-Based Security System (HBSS) ensures security postures comply with applicable Government and customer requirements to protect sensitive data. Through real-time monitoring and infrastructure testing, Phacil combines proactive and reactive security measures to maximize the strength of our customers’ security infrastructures.
Delivering Excellence in Cybersecurity
While Confidentiality, Integrity, and Availability are the traditional tenets of cybersecurity, there are several measurable components to validate the success of a cyber program. Resilience against cyber attacks, insider threat detection, user awareness, TI, FISMA compliance, and organization participation all play key roles in demonstrating an agency’s cybersecurity excellence. To optimize these performance indicators, Phacil’s comprehensive Security 1st approach delivers an experience-based approach of Governance, Risk and Compliance (GRC) with automated System Information and Event Management (SIEM) and ConMon.
The following summary identifies key components of Phacil’s Security 1st approach:
Phacil works with our customers to identify all applicable requirements, business/mission objectives, and contract goals to develop comprehensive governance to include Policies, Processes, and Procedures.
Using our quantified risk analysis process, Phacil provides defensible and repeatable assessments that account for vulnerability severity, likelihood of exploitation, and potential impact of a threat. This ensures that Authorizing Officials (AO) are making intelligence-driven, risk-based accreditation decisions.
We generally recommend centralizing the RMF oversight under the CIO or Chief Information Security Officer to maximize enterprise-wide visibility, ensure consistent compliance reporting, and provide continuity for common control providers and systems stakeholders.
Leveraging corporate partnerships and continuously evolving SIEM tools such as ArcSight, LogRhythm, and Splunk, our Security Systems Engineers continuously tune configurations to maximize inputs, analysis, and security-relevant event correlation.
Security Control ConMon
To drive inspection-ready security operations for our customers, Phacil develops, implements, and maintains inheritance-based Defense-in-Depth ConMon that accounts for all applicable NIST SP 800-53/Committee on National Security Systems (CNSS) 1253 Security Controls across the organization.
By integrating Security 1st into the acquisition and engineering lifecycles, Phacil is able to provide comprehensive, end-to-end cybersecurity.
Specific Cybersecurity Services include:
• Cyber-engineering Support
• Policy and Operational Process Development
• Engineering and Architecture Design
• Monitor, detect, analyze, report, respond, and protect against vulnerabilities
• Continuous test and evaluation
• Cyber-operations management
• Malicious code analysis
• Vulnerability analysis
• Incident response
• Assessment and Authorization Compliance
• Security controls and techniques consulting
• Penetration Testing
• Configuration management, design, and remediation
• Information Assurance Training
• Patch and security release analysis and testing
• RMF Transition
• Industry Best Practice and Process Management Support
• Compliance support and automation
• Perimeter security support and management
• FISMA Compliance Services