CYBER
SECURITY

Enterprise grade Cyber Security
Solutions designed for small
to medium sized organizations.
Contact Us

Overview

Whether your organization is a DoD contractor seeking to obtain CMMC certification or another industry standard such as ISO 27001, PCI DSS, HIPAA etc., cybersecurity compliance is a critical component of your business. Even if your organization does not have to adhere to any specific compliance requirements, cybersecurity should still be a top priority for your business.

Cyber threats continue to evolve and become more malicious every day. Organizations that don’t take these threats as seriously as they would with any other external forces will risk the demise of their business.

OSIbeyond offers comprehensive cyber security solutions to help your organization stay ahead of cyber threats. Our compliance services are focused on helping your organization meet compliance standards, while our managed security services help maintain compliance on an ongoing basis. The combination of both services offers an end to end cyber security solution.

CMMC Registered Provider Organization

OSIbeyond specializes in CMMC compliance and is a Registered Provider Organization (RPO) authorized by the CMMC Accreditation Body (CMMC-AB) to provide consulting services to DoD contractors seeking CMMC certification. In addition, with multiple Registered Practitioners (RP) available on staff, we have the credentials and expertise to guide your organization in becoming CMMC audit ready and maintaining compliance post certification.

    How can we help?




    Cybersecurity Compliance Services

    Regulatory compliance is often the driver behind a cybersecurity program within an organization. This consists of developing a cybersecurity program that is based on specific controls to protect the integrity, confidentiality, or availability of sensitive data.

    Cybersecurity compliance can be complicated, not only requiring technical knowledge but also the resources and ability to properly document the activities in the technology environment of an organization.

    OSIbeyond can help simplify the daunting task of cybersecurity compliance. Our compliance experts specialize in leading industry technical standards such as CMMC, NIST 800-171, NIST Cyber Security Framework, and others.

    Risk Assessment

    The first step towards cybersecurity compliance with any standard is to conduct a thorough Risk Assessment to analyze how sensitive data is used by your organization and where it is stored. OSIbeyond’s Risk Assessments determine an organization’s security posture relative to the standard they must be in compliance with. A Gap Analysis is conducted to identify the gaps in security, then a System Security Plan (SSP) along with a Plan Of Actions And Millstones (POAM) is developed to determine the path toward full compliance.

    • CMMC
    • NIST 800-171
    • NIST CSF

    The new Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) requires all companies in the Defense Industry Base (DIB) to be assessed by an independent third party and certified at one of five maturity levels to continue to be awarded DoD contracts or subcontracts. OSIbeyond provides CMMC assessment preparation services and can help expedite the time it takes for your organization to reach CMMC cybersecurity requirements. Contact us to get started.
    Contact Us

    While the DoD is implementing the new CMMC standard over the course of 5 years, they have released what is sometimes known as the “Interim Rule”, based on the National Institute of Standards and Technology (NIST) 800-171 standard. The interim rule applies to new contracts and modifications. It requires all contractors who may possess Controlled Unclassified Information (CUI) to conduct a self-assessment based on the NIST 800-171A assessment guidelines and upload their score to the Supplier Performance Risk System (SPRS). Contact OSIbeyond to help your organization implement the 110 controls required in the 800-171 standard, in addition to the supplemental controls required by DFARS 252.204-2012.
    Contact Us

    The NIST CSF is widely used in the commercial sector as the benchmark standard for Cybersecurity. The Framework integrates industry standards and best practices to help organizations manage their cybersecurity risks. If your organization is looking to implement a cybersecurity program and does not have specific regulatory requirements, the NIST CSF is the leading standard to follow. Contact OSIbeyond to help your organization implement the Framework.
    Contact Us

    Documentation Development

    Documentation is a central part of compliance and an established cybersecurity program. However, most IT personnel do not possess the expertise or time required to develop proper documentation. In addition, documented policies and procedures should be reviewed and updated annually to reflect an organization’s current technology state. OSIbeyond will help develop the necessary documentation to meet compliance standards and controls required of your company.
    Contact Us

    Cybersecurity Training

    Training is another major component of compliance. Once the technical solutions have been implemented and the policies and procedures have been documented, you must ensure that your employees, both end users and admins are properly trained in order to maintain compliance. This starts with developing a training program that consisting of documentation, videos, or in person training. In addition, training will include Security Awareness Training, new employee onboarding training, as well as annual security refresh training for all employees. Contact OSIbeyond to help develop an effective training program to help keep your organization in compliance.
    Contact Us

    Security Consulting

    Not all organizations have the benefit of having a Chief Information Security Officer (CISO) on staff. That’s why OSIbeyond offers vCISO services consisting of monthly plans that will provide your organization with part time, high level security consulting to address incidents, provide guidance, and assist with tasks such as 3rd party security questionnaires. Our vCISO services will help ensure that your organization’s security program is properly managed.
    Contact Us

      How can we help?




      Managed Security Services

      A Managed Security Services Provider (MSSP) is an independent, outside entity who has the resources and expertise to provide continuous monitoring of an organization’s technology environment. This consists of central log aggregation through a Security Information Event Management (SIEM) platform which is in turn monitored by a team of analysts in a Security Operations Center (SOC). An MSSP will be able to detect most threats and respond to incidents rapidly in order to prevent or mitigate a cyber breach.

      Continuous Monitoring

      The key to an effective cybersecurity operation is having the ability to see what is happening inside the entire technology ecosystem of your organization. Continuous Monitoring will provide the insight to help detect and prevent cyber-attacks. Most organizations do not have the resources or the expertise to continuously monitor their technology environment. Having logging enabled on a firewall is one thing, but analyzing the traffic coming in and out of your organization in real-time is another level of cybersecurity. OSIbeyond’s Continuous Monitoring services provide your organization with comprehensive managed security solutions offered for CMMC Level 3 and NIST CSF compliance.

      Penetration Testing

      An effective cyber security program not only assumes a defensive posture but also takes offensive measures to stay ahead of hackers. Penetration Testing is an effective offensive method designed to simulate a cyberattack on a computer system or network in order to evaluate security and identify vulnerabilities. Penetration testing is typically conducted on an annual, semiannual, or quarterly basis. OSIbeyond offers penetration testing as a one-time project or on a subscription basis.
      Contact Us

      PRICING

      Please enter the number of users in your organization to obtain exact pricing. You can also hover over each item to read the description of that service. The CS1 package can be further customized by selecting additional items not included in that package.

      Continuous Monitoring

      • Monitoring of data from multiple systems
      • Human analysis of alerts to determine validity (identifying false positives)
      • Notification of verified threats for example:
        • Indications of active ransomware
        • Suspicious remote-control session
        • Malicious file being downloaded
        • Indication of email account compromises (forwarding rules etc.)
      • Guidance on remediation of detected threats
      • Leveraging intelligence from other organizations
      • Expert Cybersecurity professionals
      • Second set of eyes on your systems/network
      • Benefits of using a Continuous Monitoring

      SIEM Solution

      • Web-based monitoring application
      • Works with sensors placed inside your technology ecosystem (monitoring all traffic)
      • Real time reporting of any signs of threat activity found in the monitored network
      • Provides enhanced threat analysis
      • Detecting and investigating threats within log metadata
      • Store logs for compliance (30 days)
      • Seamless deployment for workstations (no software/agents etc.)
      • Lightweight agent on servers (DCs only)
      • Analysis of combined data from multiple sources
      • Comprehensive visual on security posture

      Office 365 Monitoring

      • Analysis of Office 365 logs and ingestion into the SIEM platform
      • Defend against business email compromise (BEC), account takeovers, and have visibility beyond network traffic.
      • Analyzing data from 365 in conjunction with other network assets

      Dark Web Monitoring

      • Personal information can be stolen and purchased on the Dark Web, such as login credentials (username, password, emails etc.)
      • Employee may use work email address on personal websites (LinkedIn, Shopping, Newsletters, etc.)
      • When a password is re-used, one breached account can turn into many
      • If an employee’s personal account is breached, your business is also at risk
      • All it takes is one employee to cause a data breach
      • We monitor employee work email addresses on the Dark Web
      • Alert if breached accounts are found

      Multi-Factor Authentication

      • Provides second layer of security
      • Prevents account compromise even if user password is stolen
      • Deployed on all compatible applications, for example:
        • VPN
        • Email
        • Cloud based services (Dropbox, OneDrive etc.)
      • Mobile app or token devices

      Security Awareness Training

      • Randomized simulated phishing tests
      • Intended to catch users off guard
      • Conducted continuously
      • Includes training content such as for new hire orientation, annual refresher training etc.
      • Designed to decrease social engineering fraud

      Advanced Email Filtering

      • Sophisticated algorithm detects and prevents phishing/spam threats
      • Focuses on CEO Impersonation/ Fraud attacks
      • Monitors outbound email to build profile of trusted contacts within the organization

      Advanced Endpoint Protection

      • Next-Generation Antivirus Solution
      • Uses AI algorithm to detect and prevent threats
      • Able to isolate infection systems immediately
      • In the event of infection, provides rollback capability, for example:
        • Restoring infect system back to previously good state

      Endpoint Encryption

      • Centrally managed encryption of storage on workstations (PC & Mac)
      • Protects data in the event of stolen or lost device
      • Common Cyber Security configuration requirement (audits/insurance etc.)

      Vulnerability Assessments

      • Conducted biannually
      • Agentless scanning of network subnets
      • Identifying the most relevant threats to your environment
      • Remediation tracking and guidance for your IT staff
      • Fulfillment of audit/insurance requirements (historical record)
      • Scanning based on compliance requirements
      • Scanning of 3rd party hosted applications

      WAF/DNS Protection

      • Protects public facing web sites/applications against malicious attacks
      • Provides filtering of inbound connection requests for example:
        • Mitigate denial of service attacks
        • Prevent Customer Data Breach
        • Prevent malicious bots from abusing site or application

      Device Configuration Backups

      • Automated backups of supported network devices, for example:
        • Firewalls
        • Switches
        • Routers
      • If device is compromised, allows for rapid restoration of validated configuration
      • Provides change control/documentation of device configuration changes

      Executive Summary Reports

      • Monthly Executive Summary Reports
        • Identified Threats
        • Remediation actions taken
        • Recommendations and guidance
      • Monthly Status Calls

      Mobile Device Management (MDM)

      • Provides inventory and reporting for mobile devices used to connect to corporate systems
      • Permits devices to be rapidly de-provisioned during employee off boarding
      • Allows for policies to be enforced for security settings and software update

      DNS Filtering

      • Required at CMMC Level 3 (SC.3.192)
      • Provides an additional layer of reporting on endpoint activity, including when users are remote
      • Will block malicious URL’s if a user attempts to access a link in a phishing email, even if that email was delivered to a personal account

      How many users?

      CSF1
      Package

      $35p/m

      CSF2
      Package

      $50p/m

      CMMC-L3
      Package

      $100p/m
      Continuous Monitoring
      SIEM Solution
      Office 365 Monitoring
      Dark Web Monitoring -
      Multi-Factor Authentication
      Security Awareness Training
      Advanced Email Filtering
      Advanced Endpoint Protection
      Endpoint Encryption
      Vulnerability Assessments
      WAF/DNS Protection -
      Device Configuration Backups -
      Executive Summary Reports -
      Mobile Device Management (MDM) --
      DNS Filtering --
      • No risk commitment
      • Cancel anytime
      • Month to month contract
      GET STARTED

      CYBER SECURITY BLOG

      Read our latest featured articles.

      FAQ

      Have questions about CMMC?

      • What is CMMC?

        The Cybersecurity Maturity Model Certification, or CMMC for short, is a new requirement for Department of Defense (DoD) contractors and subcontractors. It brings together a number of older cybersecurity requirements, including NIST SP 800-171, NIST SP 800-53, ISO 27001, ISO 27032, and AIA NAS9933, to better protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

      • What does CMMC Involve?

        To improve the cybersecurity posture of the DIB, the CMMC defines 17 domains of technical capability, most of which originate from Federal Information Processing Standard Publication 200 and NIST SP 800-171. Each of these 17 domains consists of various capabilities, which are further broken down into practices and processes. Across the 17 domains, there are 171 practices and processes, and they fall into five levels of certification.

      • How Is CMMC Different from NIST SP 800-171 and Other Standards?

        To explain how CMMC is different from other cybersecurity compliance standards, it’s useful to take a short walk down the memory lane and review their developmental stories.

        NIST SP 800-171, or National Institute of Standards and Technology Special Publication 800-171, was developed in response to the Federal Information Security Management Act (FISMA), a United States federal law passed in 2002 that recognized the importance of information security to the economic and national security interests of the country. Compliance with this standard is currently required by some DoD contracts via DFARS clause 252.204-7012.

        To further strengthen the cybersecurity and resilience of DoD, DCI (Defense Critical Infrastructure), DIB (Defense Industrial Base), the President signed Executive Order 13800 in May of 2017, which resulted in an update to the DoD Cyber Strategy. This update raised the bar putting in place a verification mechanism intended to ensure those working with CUI have in place sufficient cybersecurity practices to prevent the information from leaving their networks.

        Both NIST SP 800-171 and CMMC protect CUI, but each of these cybersecurity compliance standards approaches this goal differently.

      • What CMMC Level Do I Need?

        The CMMC is divided into five levels so that DoD contractors are not expected to comply with requirements that are not necessary to protect the type of information they handle. A contractor at the very bottom of the supply chain will most likely be required to certify only to Level 1, while a contractor with access to military base construction projects will be required to certify to one of the highest two levels.

        To determine which CMMC level a contractor should be working toward, it’s important to inventory all systems in order to find out where FCI and CUI data is stored and how. Those contractors that don’t have the capacity to complete this first step in-house should partner with a managed services provider (MSP) offering CMMC readiness assessments. Once a readiness assessment has been performed to reveal how FCI and CUI is stored, and access to information controlled, determining which CMMC to comply with shouldn’t be a problem.

        The next step is to perform a gap analysis to identify what needs to be done to achieve compliance with the appropriate CMMC level. The outcome of the gap analysis should be a comprehensive remediation plan with a clear timeline and actionable steps to fill the identified gaps. Again, DoD contractors that are not confident in their cybersecurity capabilities can outsource the implementation of relevant changes to policies and procedures to an MSP.

      • What Does a CMMC Audit Involve?

        Contractors who want to be able to win future DoD contracts must become certified to one of the five CMMC Levels by a C3PAO.

        C3PAOs are third-party organizations that have received accreditation by the CMMC Accreditation Body (CMMC-AB). Such organizations can perform CMMC assessments, which are evidence-based and take place on-site.

        The result of a successful CMMC assessment is a CMMC certification. This certification represents that the contractor has demonstratively achieved a certain level of cybersecurity capabilities, as defined by the CMMC model.

      • What Is the DFARS Interim Rule?

        The DFARS Interim Rule assesses contractor implementation of security requirements in NIST SP 800-171 and initiates the phased five-year rollout of the Cybersecurity Maturity Model Certification (CMMC) implementation, by creating the following new solicitation provision and contract clauses (none of them is retroactive for existing contracts

        • DFARS clause 252.204-7019 (Notice of NIST SP 800-171 DoD Assessment Requirements)
        • DFARS clause 252.204-7020 (NIST SP 800-171 DoD Assessment Requirements)
        • DFARS clause 252.204-7021 (Cybersecurity Maturity Model Certification Requirements)

        The common objective of these three clauses is to assess contractor implementation of NIST SP 800-171 security requirements, as required by DFARS clause 252.204-7012, to guarantee that DIB contractors can adequately protect sensitive unclassified information at a level commensurate with the risk, accounting for information flowed down to subcontractors. DFARS Interim Rule officially took effect on November 30, 2020.

        How can we help?




        Schedule a call with one of our experts.(301) 312-8908Schedule a call
        Continuous Monitoring

        • Monitoring of data from multiple systems
        • Human analysis of alerts to determine validity (identifying false positives)
        • Notification of verified threats for example:
          • Indications of active ransomware
          • Suspicious remote-control session
          • Malicious file being downloaded
          • Indication of email account compromises (forwarding rules etc.)
        • Guidance on remediation of detected threats
        • Leveraging intelligence from other organizations
        • Expert Cybersecurity professionals
        • Second set of eyes on your systems/network
        • Benefits of using a Continuous Monitoring

        SIEM Solution

        • Web-based monitoring application
        • Works with sensors placed inside your technology ecosystem (monitoring all traffic)
        • Real time reporting of any signs of threat activity found in the monitored network
        • Provides enhanced threat analysis
        • Detecting and investigating threats within log metadata
        • Store logs for compliance (30 days)
        • Seamless deployment for workstations (no software/agents etc.)
        • Lightweight agent on servers (DCs only)
        • Analysis of combined data from multiple sources
        • Comprehensive visual on security posture

        Office 365 Monitoring

        • Analysis of Office 365 logs and ingestion into the SIEM platform
        • Defend against business email compromise (BEC), account takeovers, and have visibility beyond network traffic.
        • Analyzing data from 365 in conjunction with other network assets

        Dark Web Monitoring

        • Personal information can be stolen and purchased on the Dark Web, such as login credentials (username, password, emails etc.)
        • Employee may use work email address on personal websites (LinkedIn, Shopping, Newsletters, etc.)
        • When a password is re-used, one breached account can turn into many
        • If an employee’s personal account is breached, your business is also at risk
        • All it takes is one employee to cause a data breach
        • We monitor employee work email addresses on the Dark Web
        • Alert if breached accounts are found

        Multi-Factor Authentication

        • Provides second layer of security
        • Prevents account compromise even if user password is stolen
        • Deployed on all compatible applications, for example:
          • VPN
          • Email
          • Cloud based services (Dropbox, OneDrive etc.)
        • Mobile app or token devices

        Security Awareness Training

        • Randomized simulated phishing tests
        • Intended to catch users off guard
        • Conducted continuously
        • Includes training content such as for new hire orientation, annual refresher training etc.
        • Designed to decrease social engineering fraud

        Advanced Email Filtering

        • Sophisticated algorithm detects and prevents phishing/spam threats
        • Focuses on CEO Impersonation/ Fraud attacks
        • Monitors outbound email to build profile of trusted contacts within the organization

        Advanced Endpoint Protection

        • Next-Generation Antivirus Solution
        • Uses AI algorithm to detect and prevent threats
        • Able to isolate infection systems immediately
        • In the event of infection, provides rollback capability, for example:
          • Restoring infect system back to previously good state

        Endpoint Encryption

        • Centrally managed encryption of storage on workstations (PC & Mac)
        • Protects data in the event of stolen or lost device
        • Common Cyber Security configuration requirement (audits/insurance etc.)

        Vulnerability Assessments

        • Conducted biannually
        • Agentless scanning of network subnets
        • Identifying the most relevant threats to your environment
        • Remediation tracking and guidance for your IT staff
        • Fulfillment of audit/insurance requirements (historical record)
        • Scanning based on compliance requirements
        • Scanning of 3rd party hosted applications

        WAF/DNS Protection

        • Protects public facing web sites/applications against malicious attacks
        • Provides filtering of inbound connection requests for example:
          • Mitigate denial of service attacks
          • Prevent Customer Data Breach
          • Prevent malicious bots from abusing site or application

        Device Configuration Backups

        • Automated backups of supported network devices, for example:
          • Firewalls
          • Switches
          • Routers
        • If device is compromised, allows for rapid restoration of validated configuration
        • Provides change control/documentation of device configuration changes

        Executive Summary Reports

        • Monthly Executive Summary Reports
          • Identified Threats
          • Remediation actions taken
          • Recommendations and guidance
        • Monthly Status Calls

        Mobile Device Management (MDM)

        • Provides inventory and reporting for mobile devices used to connect to corporate systems
        • Permits devices to be rapidly de-provisioned during employee off boarding
        • Allows for policies to be enforced for security settings and software update

        DNS Filtering

        • Required at CMMC Level 3 (SC.3.192)
        • Provides an additional layer of reporting on endpoint activity, including when users are remote
        • Will block malicious URL’s if a user attempts to access a link in a phishing email, even if that email was delivered to a personal account

          Ready to talk?

          Just provide your contact information and submit your request.