Risk Management Framework Assessments and Authorization
Security, Trust, and Resilience
Protecting Users, Organizations, and Data
Cambridge has mastered the National Institute of Standards (NIST) and Technology Risk Management Framework (RMF) and supports the performance of all steps to integrate security, privacy, and cyber supply chain risk management activities into the system development life cycle.
We provide full-spectrum Assessment and Authorization and develop and deliver Authorization to Operate packages for official review, tailoring our approach to mission tempo and unique customer requirements to avoid disrupting critical operations as we secure networks and systems.
Security Assessments and Program Review
We specialize in NIST RMF. We perform Risk Assessments of organizational security programs and plans using a methodology that is compliant with NIST SP 800‐39 and 800‐37. We assess security plans and organizational programs using NIST SP 800‐53.
Compliance and Regulatory Requirement Analysis
We provide Risk Assessment, SCA, and Security Program Review services to ensure compliance with Federal Information Technology (IT) Security requirements.
Security Control Implementation
We choose appropriate controls to mitigate identified risks and to prevent unauthorized access. We also establish processes, procedures, and services to implement those to meet your security needs.
Continuous Monitoring
We establish Information Security Continuous Monitoring (ISCM) programs to evaluate deployed controls and perform periodic Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), and STIG testing.
