Sword & Shield is focused on providing specialized support to companies that do business with the government. We combine our experience working in both the private sector and with government agencies to provide solutions to government contractors looking to maximize business opportunities in the government marketplace. If you are a government contractor who may be overwhelmed with requests from agencies to become FISMA compliant, produce a system security plan that meet NIST standards, perform a risk assessment, test applications and networks for security vulnerabilities and Advanced Persistent Threats from foreign nationals, we can help you. Sword & Shield’s Risk and Compliance and Security Assessment services are geared towards assisting government contractors become compliant and secure.
A Risk-Based Approach to Meeting Regulatory Compliance
The Federal Information Security Management Act (FISMA) drives the federal government’s agenda when it comes to IT security. As FISMA and the guidance from the National Institute of Standards and Technology (NIST) continue to evolve, issues such as continuous monitoring and risk management are the latest challenges. Sword & Shield’s Risk & Compliance Shield™ provides your company with a comprehensive look at your enterprise enabling you to focus on high-priority vulnerabilities and the associated security controls needed to improve compliance, as well as security.
In addition to directly supporting agency security requirements, our risk and compliance solutions are perfectly suited to support contractors and subcontractors who are required by government agencies to become compliant with NIST guidelines. If your contracts involve storing or transmitting private health records, we can assist with meeting HIPAA requirements. Our experience supporting the Certification and Accreditation process, combined with our comprehensive risk and compliance and security testing knowledge separates us from the traditional IT security company.
Our engineers maintain various levels of security clearances to include both Secret and Top Secret. We maintain a Top Secret facility clearance. More than 80 percent of our engineers have achieved the Certified Information System Security Professional (CISSP) certification and many maintain additional industry and product certifications including Global Information Assurance Certification (GIAC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and Payment Card Industry Qualified Security (PCI QSA).
Practical Services to Reduce Risk and Support Compliance
We offer proven, practical services that balance compliance requirements with an effective program to prevent security threats.
|Solutions||Benefits of the Sword & Shield Approach|
|Virtual Chief Security Officer||A single point of contact at Sword & Shield who will be your organization’s trusted adviser. The VSCO will work hand-in-hand with your staff to remedy your security and compliance issues and accomplish your long-term goals.|
|PCI Compliance||Integrated Risk and Compliance approach enables Agencies to address all compliance issues (FISMA, PCI, etc.) as part of a single, comprehensive assessment.|
|HIPAA/HITECH Compliance||HIPAA Gap Analyis and remediation. Meaningful Use Risk Assessment of Electronic Healthcare Records in accordance with the American Recovery and Reinvestment Act of 2009 (ARRA).|
|Security Testing||Reduces risks that someone with the intent to do harm could bypass security controls and gain access to sensitive information. Provides verification of security controls and meets independent, third-party assessment requirements.|
|Website Security||Provides peace of mind that your web applications, whether developed in-house or by a subcontractor, are not easily breached by those with the intent to do harm.|
|Mobile Application Assessment||Verifies encryption of data stored on mobile devices.|
|Configuration & Hardening Review||Review the OS, external connections, and application-level security. Report our findings with actionable recommendations to improve the policies, procedures, and security controls of your systems.|
|Virtual Infrastructure Assessment||Audit of your virtual infrastructure to include access control, the application of least privilege, data protection, secure network configuration, disaster recovery planning and testing, and threat analysis specific to virtualized environments.|
|Security Risk Assessment||Provides Agencies with a solution to continuously monitor compliance and to address security issues in real-time.|
|Forensics Investigations||Reduces workload on the IT department from time consuming electronic investigations and insures that evidence is preserved and admissible in a court of law.|
|eDiscovery||Bridges the knowledge gap between IT and Agency legal department when producing electronic evidence and expert witness in litigation.|
|Incident Response||Provides rapid response when you suspect someone has compromised PII data on your systems.|
|Data Breach Threat Analysis||To respond to the growing threat of data breaches, Sword & Shield will proactively identify the types of cyber attacks, the origin of the attacks and will determine if there is evidence of an existing threat in the form of malware and viruses.|
While our core focus is security and compliance, we also provide support to a major federal agency through our Futures Lab. This lab is designed to test emerging technologies to support advances in the enterprise architecture for the agency. We maintain a fully-functional data center staffed to support this ongoing effort and to work closely with many major hardware and software vendors to test their latest solutions. This capability is available to other agencies and contractors with similar requirements. The lab’s conclusions support decisions that result in millions of dollars of savings when solutions are implemented in production networks.
Real Success Story
A Sword & Shield federal client with a highly-distributed, public-facility computing architecture requested support to assess the security of their enterprise. We provided comprehensive risk assessment and security testing of their external and internal systems and developed vulnerability lists that enabled the agency to significantly improve their level of security. Our risk-based approach also enabled them to focus on the remediation targets that were of the greatest importance and to prepare for both compliance and security-related audits.
We maintain multiple contract vehicles with Federal agencies to support reselling our security consulting services as well as our security products. Current contracts include:
- GSA Alliant Contract – subcontractor to BAE Systems, Inc., GWAC
- NASA SEWP IV contract (NNG07DA21B) for IT products and integration services. Use our federal quote for or read our NASA SEWP Ordering Guide.
- If you are an OEM with a direct sales force selling to the federal government and you do not have a government contract vehicle to conduct business or you have a GSA schedule and find that the contracting officer prefers to use SEWP to fairly compete opportunities, we may be able to assist you. Call 865 244-3535 or send an email to email@example.com.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885