home / services
// Capabilities index

Five core lines.
One authorization path.

Capabilities across the federal authorization lifecycle: offensive testing, assessment, architecture, implementation, and documentation. Each engagement is scoped around the review the system actually has to clear.

01 Penetration Testing 02 CMMC Readiness 03 Security Engineering & Compliance 04 Network Architecture 05 Cloud & Hybrid Security
01
SVC.PENTEST
// approach
  • External & internal network
  • Web application (OWASP)
  • Assumed-breach engagements
  • Aligned to NIST SP 800-115

Penetration Testing

Adversary-minded assessments against the actual attack surface. External, internal, web application, and assumed-breach engagements.

// deliverables
  • Rules of Engagement & test plan aligned to NIST SP 800-115
  • Findings report mapped to NIST SP 800-53 rev 5 controls
  • Executive brief + technical appendix + remediation walkthroughs
  • Evidence packages suitable for A&A and POA&M ingestion
Inquire about penetration testing
02
SVC.CMMC
// approach
  • CMMC L1 self-assessment
  • CMMC L2 readiness
  • Section 889 / FAR 52.204-21
  • C3PAO coordination

CMMC Readiness

Level 1 and Level 2 readiness for primes and subs handling CUI. Gap to assessment-ready, scoped to the asset categories that count.

// deliverables
  • NIST SP 800-171 rev 2 / rev 3 gap assessment
  • SSP, POA&M, and CUI asset categorization workbook
  • Pre-assessment dry run ahead of C3PAO engagement
  • Evidence package and policy stack ready for assessor review
Inquire about cmmc readiness
03
SVC.SECENG
// approach
  • NIST RMF (SP 800-37)
  • FISMA & A&A support
  • eMASS / Xacta workflow
  • ConMon program design

Security Engineering & Compliance

Control implementation and evidence work for federal cyber programs. RMF lifecycle, FISMA, and ATO support across categorization through continuous monitoring.

// deliverables
  • NIST SP 800-53 rev 5 control assessments
  • SSP, SAR, and POA&M authoring or remediation
  • Continuous monitoring plans aligned to NIST SP 800-137
  • ATO lifecycle support and readiness reviews
Inquire about security engineering & compliance
04
SVC.NETARCH
// approach
  • NGFW design & deployment
  • IPSec & FIPS-validated crypto
  • Secure enclave design
  • STIG-compliant baselines

Network Architecture

Segmented, defensible network designs. NGFW deployments, IPSec with FIPS-validated cryptography, and secure enclave design for federal and regulated environments.

// deliverables
  • Target-state architecture and transition plans
  • NGFW deployment (Fortinet, Cisco, Check Point) with HA configurations
  • IPSec VPN with DH Group 21 / SHA-512 / AES-256-GCM
  • Secure enclave patterns for CUI and tactical systems
Inquire about network architecture
05
SVC.CLOUD
// approach
  • AWS / AWS GovCloud
  • Azure / Azure Government
  • Terraform & Ansible IaC
  • LDAP / SAML integration

Cloud & Hybrid Security

Multi-cloud security architecture across AWS, Azure, and GCP. Landing zones, identity, and centralized monitoring for federal and hybrid workloads.

// deliverables
  • Cloud security architecture (AWS, Azure, GCP)
  • Infrastructure-as-code provisioning (Terraform, Ansible)
  • IAM integration via LDAP and SAML
  • SIEM forwarding and centralized monitoring design
Inquire about cloud & hybrid security
// How we work

Four phases. No surprises.

STEP 01

Discovery

Short call to confirm the program, framework, deadline, and whether this is the right shop for the work.

STEP 02

Scoping

Written scope of work with fixed milestones, a clear evidence list, and explicit assessment boundaries.

STEP 03

Execute

Principal-led delivery. Weekly status, live issue tracking, and no surprises at the closeout briefing.

STEP 04

Transition

Deliverables, evidence package, and a knowledge transfer session so your team owns the work after handoff.

// ready?

Tell us the program,
we'll tell you the plan.

donovan@baldmantech.com About the firm →