We strive to detect cybersecurity threats before they happen. Our IT & Cybersecurity analysts help our customers reduce risk and understand the full scope of any threat we detect. We develop cyber strategies that counter the lack of expertise or threat intelligence to serve as obstacles to our customers' security concerns.

We use the NIST Cybersecurity Framework and Risk Management Framework (RMF) to help identify and improve current and targeted states of our customers' cybersecurity programs. Our experts can perform current and target state analysis based on your organization's threat and vulnerability profile. This analysis serves as a driver for prioritized activities to improve your organization's security posture. 

avacal utilizes the results of comprehensive technical security assessments, interviews, and documentation reviews to design custom solutions for our customers.

avacal also provides Industrial Security Program consulting services for small businesses wishing to compete and perform on DoD-related classified contracts.

  • Information System Security Management (ISSM)
  • DSS Assessment and Authorization Process Manual (DAAPM) through the Risk Management Framework (RMF)
  • National Industrial Security Program Manual (NISPOM) guidance and expertise
  • Consultation on the procedures outlined in the NISPOM
  • System Security Plan (SSP) creation and maintenance
  • Continuous Monitoring Strategy creation and maintenance

avacal specialties include:

  • National Institute of Standards and Technologies (NIST) Compliant Systems Security Engineering
  • Risk Management Framework (RMF) Transition, Intelligence Community Doctrine (ICD) 503 Guidance and Reciprocity Consultation
  • Operational Test and Evaluation of Cybersecurity in Acquisition Programs
  • Program Protection for complexity levels ranging from small independent standalone systems to Acquisition Category (ACAT) Level 1
  • Cyber Failure Modes, Effects, and Criticality Analysis (FMECA) – Critical Path Analysis
  • Secure Software Lifecycle – working with software development teams to build in security and IA compliance from inception through production
  • Computer Network Defense – boundary defense and host-based security
  • Security Assessments, Penetration Testing, and Independent Verification and Validation
  • Information Assurance (IA) Compliance – inclusive of scanning, analysis, patching, remediating
  • Enterprise Mission Assurance Support Service (eMASS) & Xacta package development, submission, and maintenance
  • Cross Domain Solutions (CDS) – capabilities definitions, systems design integration between enclaves, guidance and development & representation for approval package
  • Commercial Solutions for Classified (CSfC)- a NSA-sponsored program that enables commercial components to be used to protect classified National Security Systems information