KCG brings real-world attack and exploitation experience to our security assessments. We provide our customers with a true understanding of a system’s risk to its environment, enabling them to make an informed authorization decision.
KCG provides support to organizations moving from the traditional Certification & Accreditation (C&A) approach to the Security Assessment & Authorization (SA&A) model – a more real-time, dynamic view of risk created by the NIST Risk Management Framework (NIST Special Publication 800-37). We employ unique methodologies for assessing risk throughout each phase of a System Development Life Cycle (SDLC), helping industry and agency customers assess their systems’ security posture and make appropriate authorization decisions.
KCG supports our private and public sector customers’ implementation of the SA&A model by providing these key services:
- Threat Modeling
- Security Requirements Analysis
- Security Architecture and Design Review
- Application Security Code Reviews
- Vulnerability Assessments
- Penetration Testing
- Web Applications
- Network and Host
- Social Engineering
- Enterprise Security Program Assessments