Cybersecurity | Acquisition & Program Management | Systems Engineering | Systems Design & Integration | Data Management | Network Design | Huntsville | Alabama

We strive to detect cybersecurity threats before they happen. Our IT & Cybersecurity analysts help our customers reduce risk and understand the full scope of any threat we detect. We develop cyber strategies that counter the lack of expertise or threat intelligence to serve as obstacles to our customers' security concerns.

We use the NIST Cybersecurity Framework and Risk Management Framework (RMF) to help identify and improve current and targeted states of our customers' cybersecurity programs. Our experts can perform current and target state analysis based on your organization's threat and vulnerability profile. This analysis serves as a driver for prioritized activities to improve your organization's security posture.Â

avacal utilizes the results of comprehensive technical security assessments, interviews, and documentation reviews to design custom solutions for our customers.

avacalÂ also provides Industrial Security Program consulting services for small businesses wishing to compete and perform on DoD-related classified contracts.

Information System Security Management (ISSM)
DSS Assessment and Authorization Process Manual (DAAPM) through the Risk Management Framework (RMF)
National Industrial Security Program Manual (NISPOM) guidance and expertise
Consultation on the procedures outlined in the NISPOM
System Security Plan (SSP) creation and maintenance
Continuous Monitoring Strategy creation and maintenance

avacal specialties include:

National Institute of Standards and Technologies (NIST) Compliant Systems Security Engineering
Risk Management Framework (RMF) Transition, Intelligence Community Doctrine (ICD) 503 Guidance and Reciprocity Consultation
Operational Test and Evaluation of Cybersecurity in Acquisition Programs
Program Protection for complexity levels ranging from small independent standalone systems to Acquisition Category (ACAT) Level 1
Cyber Failure Modes, Effects, and Criticality Analysis (FMECA) â€“ Critical Path Analysis
Secure Software Lifecycle â€“ working with software development teams to build in security and IA compliance from inception through production
Computer Network Defense â€“ boundary defense and host-based security
Security Assessments, Penetration Testing, and Independent Verification and Validation
Information Assurance (IA) Compliance â€“ inclusive of scanning, analysis, patching, remediating
Enterprise Mission Assurance Support Service (eMASS) & Xacta package development, submission, and maintenance
Cross Domain Solutions (CDS) â€“ capabilities definitions, systems design integration between enclaves, guidance and development & representation for approval package
Commercial Solutions for Classified (CSfC)- a NSA-sponsored program that enables commercial components to be used to protect classified National Security Systems information