GAI cyber





CONSULTING SERVICES



GAI Cyber Solutions specializes in Security Test and Evaluation (ST&E) with an emphasis on FISMA and NIST compliance. We offer services to all sectors, including: the Federal Government, Federal Contractors and Commercial Entities.

Security Test & Evaluation (ST&E)


Security assessments conducted based upon NIST 800-53, NIST 800-171, CIS benchmarks, DISA STIGs, and other industry frameworks and best practices. Our security assessments are independent and can be leveraged in support of new or ongoing Authorities to Operate (ATOs).

Key Deliverables Include:

  • Security Assessment Plan (SAP)
  • Rules of Engagement (ROE)
  • Security Assessment Report (SAR) development



  • Security Scanning


    Utilization of industry leading vulnerability scanning tools to scan your network for vulnerabilities. We work with your staff to understand the impact of identified risks in the context of your business and system architecture in order to give you an accurate risk rating. We analyze all scan results to identify and remove false positives prior to providing results.

    We offer:

  • Vulnerability Scanning
  • Manual Testing
  • Role-based Testing
  • Penetration Testing



  • A&A Documentation Creation


    Development or update of all documents needed for a new or ongoing security authorization and FISMA compliance, including:

  • System Security Plan (SSP)
  • Federal Information Processing Standard Publication 199 (FIPS 199)
  • Incident Response Plan (IRP)
  • Contingency Plan (CP)
  • Privacy Threshold Analysis (PTA)
  • Privacy Impact Assessment (PIA)
  • Configuration Management Plan (CMP)
  • Other Security Artifacts determined to be required for Authorization


  • ISSO Support


    Ongoing operational support related to security matters for your system(s). We can serve as your dedicated ISSO and lead FISMA compliance and ATO retention efforts, or provide supplemental guidance and expertise for your existing security personnel. ISSO support includes duties such as:

  • Security Control and Security Documentation update
  • Security Control Self-Assessment
  • Change Control Board / Security Impact Analysis
  • Ongoing Vulnerability Analysis
  • Continuous Monitoring
  • POA&M Development, Review and Remediation
  • Audit Preparation
  • Regular Review of System Accounts
  • Contingency Plan Testing Exercises



  • Pre-Audit Preparation


    About to undergo a FISMA security assessment? We will conduct a self-assessment with your staff to identify any gaps that exist so that they can be addressed prior to the assessment.




    Post-Audit Review & Remediation


    Review of results from a prior security assessment or audit. We will review the methods of the assessor and determine if the assessment was conducted in a thorough, objective and accurate manner. We then review the assessment results and determine if we believe there are inaccuracies or compensating mechanisms in place that invalidate or mitigate identified risks. We will provide recommendations on how to remediate findings that may be challenging or ambiguous to address.




    Security Posture Assessment & Gap Analysis


    Concerned about your security posture? Our team will conduct a comprehensive security assessment that is tailored to the environment and your needs. A detailed report identifying gaps, risks and vulnerabilities will be provided – identify issues now so they aren’t exploited later.