Cybersecurity

Cybersecurity

We take an innovative, proactive approach to providing security and privacy services for our clients. Our security experts protect the confidentiality, integrity, and availability of systems and data by ensuring compliance with state and federal regulations (FISMA, HIPAA, etc.), agency policies, security standards (like NIST SP 800 series), and industry best practices. RELI Group employs these technical methodologies to build tailored protection and information assurance solutions for any client.

Program Management & Oversight

We coordinate and manage meetings with relevant entities to ensure that time-sensitive issues are addressed, and all deliverables are on-schedule. Our team maintains and updates program and system information/documentation required to support various audits and security objectives.

Risk and Compliance

We leverage our expertise and agency software assurance and vulnerability management tools to deliver risk analysis and compliance guidance of information systems’ and IT projects’ configurations, operating procedures, and corresponding documentation to ensure alignment with regulations, policies, and standards.

Audit Response and Coordination

We assist in audit coordination, respond to auditor’s information requests, track weakness remediation process, and the resolution of POA&M by regular communication with system owners and system security personnel. We analyze all SA&A documentation submitted for Annual Assessments and ATO pursual/renewal efforts, including Systems Security Plans, Privacy Impact Assessments, Business Continuity Plans, and others. Our team provides remediation guidance for identified risks associated with assessment findings, architectural gaps, and policy/process deficiencies; and supports the management and oversight of risk mitigation efforts to ensure acceptable resolutions occur within appropriate timeframes.

Architecture and Engineering

To ensure appropriate configurations, controls are established for secure data management, we review system architecture designs, planned security controls, and proposed interconnection agreements. Our team supports change control boards and associated work groups and committees to provide technical and operational support for issues such as vulnerability and patch management, configuration management, and other major configuration security related changes. Cyber Security Incident Response Team (CSIRT) We support the incident handling functions of reported security and privacy incidents, ensuring the appropriate incident triage, analysis, reporting and response.

Policy and Security Awareness

Our team supports the oversight and delivery of information security awareness training and role-based security training on risk and compliance management, SA&A audit analysis and support, software assurance, security awareness training, incident response, contingency planning, and policy implementation. We develop and deliver training material to support attaining and maintaining information systems’ Authorization to Operate (ATO), vulnerability/risk analysis and management (e.g., system security requirements, weakness remediation, exception requests), and use of security tools. (e.g., Trusted Agent, Tenable Security Center, WebInspect, Fortify).

Contingency Planning and Disaster Recovery

We provide Contingency Planning and Disaster Recovery guidance to support the development and maintenance of Business Continuity Plans and Continuity of Operations Planning. We perform Business Impact Analysis, document plans, provide plan awareness, participate in the testing and execute plans, and review and recommend technologies to support emergency response.

Audit Management

We provide guidance in developing remediation plans to adequately address audit findings from agencies such as the U.S. Department of Homeland Security (DHS), Government Accountability Office (GAO), Office of Financial Management (OFM), and HHS.

Client Satisfaction

Our overall success is evident in our past performance and customer recognition, including ‘Exceptional’ Contractor Performance Assessment Reporting System (CPARS) reports across multiple prime contracts. To support the holistic security & privacy of our client’s systems, we ensure that all the activities and controls specified in the system security plan are secure, operational, and documented. RELI Group’s security team helps support the attainment and maintenance of systems’ Authority to Operate (ATO). We succeed in this endeavor by developing and maintaining required security documentation for Security Assessment & Authorization (SA&A), such as:
  • Privacy Impact Assessments (PIA)
  • Information System Risk Assessments (ISRA)
  • Security Impact Assessments (SIA)
  • Security Control Assessment Reports (SCA)
  • System Security Plans (SSP)
  • Business Continuity and Contingency Plans (BCCP)
  • Plan of Action and Milestones (POA&M)

RELI Group Domain Competencies

RELI Group is adept in the following cybersecurity practices and technologies: Tools: Alien Vault, Burp Suite, CryptoStopper, Nessus, and many more Environments: AWS, Azure, On-Site and Hybrid Staff Certifications:
  • Certified Information Systems Security Professional (CISSP)
  • Certified Ethical Hacker (CEH)
  • Certified Information Security Manager (CISM)
  • GIAC Critical Controls Certification (GCCC)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Systems and Network Auditor (GSNA) Teams: Blue/Red, Cyber Hunt Teams
  • Security Information and Event Management (SIEM)
  • System and Organization Controls (SOC) implementation and staffing