Government cyber security programs primarily focus on protecting the critical systems and data supporting the mission, but also must demonstrate compliance with federal regulations and requirements. Agencies face a continual cycle of audits centered on key laws and regulations, including the Federal Information Security Management Act (FISMA), Office of Management and Budget (OMB) Circular A-123 on internal controls, and OMB Circular A-130 on policies for federal information systems. Independent audits ensure that the policies, processes, configurations, and controls that govern the risk posture of the organization are consistently followed and effective. KCG’s security audit services seek to identify vulnerabilities, policy violations, process and documentation gaps, and security control effectiveness within the organization prior to a formal audit.

Our service offerings in audit readiness services include:

• Independent Verification and Validation (IV&V) Services
• Execution of Program, Process, and System-level Audits
• Technical Vulnerability Assessments
• Process and Policy Reviews
• Processes for Executing Security Audits (e.g., Test Readiness Reviews, Daily Stand-up and Out-briefings, and Formal Report Development)
• Documentation of Audit Findings and Recommendations
• Assistance with Remediation Actions