What We Do

Our primary objective is to assist our clients in meeting their cybersecurity goals. 

In an effort to keep data confidential, maintain integrity, and ensure data remains available when needed, both government and non-government companies alike have information systems that must comply with mandated and regulatory security requirements. Many of those systems must be certified, accredited, or authorized to operate only after those requirements are met and have been validated. We provide consultation services and perform comprehensive security assessments to determine security compliance readiness and overall security posture.  Not only is conducting a security assessment an essential and principal part of information security requirements, it is paramount…it is CARDINAL.

How Can We Help You?

Security Assessments

FISMA/ATO Security Assessment

In support of A&A and the FISMA ATO process, we provide a comprehensive assessment

on all security controls applicable to the system’s baseline security categorization. In some

organizations, this is known as “Information Assurance.” We will determine the extent to

which security controls are implemented correctly, operating as intended, and producing

the desired results.

In relation to your specific ATO cycle, on an annual or triennial basis, we perform periodic

assessments to account for system changes, identify lapses in implementation, or show

improved security compliance.

Not sure which controls are applicable to your system or your situation? We provide

consultation services to guide you in the right direction and help select the right controls

so you can be compliant.

CMMC Pre-Assessment/Consultation

Level 3 CMMC certification will be required for DoD contractors and sub-contractors who are processing, developing, or storing Controlled Unclassified Information (CUI) data and will be mandated in upcoming RFP solicitations starting this Fiscal Year. Level 1 certification will be required by any organization processing or storing Federal Contract Information (FCI).

We are a recognized by the CMMC-AB as a Registered Provider Organization (RPO). Let us help you prepare for CMMC certification – levels 1 through 5. We perform an initial gap analysis and provide a comprehensive report showing results and recommendations. Control not compliant? Missing necessary documentation? We can provide assistance where needed to fill in the gaps prior to C3PAO assessment.

RMF Lifecycle

RMF LifeCycle Support

Let our group of experts manage your system’s ATO Lifecycle. In addition to control assessments, we can help identify the applicable controls, create and maintain the SSP, update SSP and supporting documents when changes are made, remediate findings, manage POAMs, and monitor the system to ensure continued performance and security. We can also support IV&V review and validation.

Security Best Practices

Security best practices apply to all organizations and businesses especially if you have data of your own that needs to be protected or are storing your customer’s data within your organization’s boundary.

Once a specific set of security controls has been identified appropriate for your business, Cardinal Security Group can perform the initial assessment and determine the gaps in your security posture. This information can be used to establish your initial security baseline as well as your target baseline.

We can also provide additional continuous monitoring/periodic assessments to determine if changes made have impacted your security baseline – either positively or negatively. We specialize in NIST and CIS frameworks.

Defense-in-depth Security