In the face of ever increasing threats, cybersecurity is critical for every DoD and Federal organization to achieve their mission. Hexagon US Federal provides high skilled, certified cybersecurity professionals to defend and secure your networks, hardware, systems, and applications. We can help you develop, assess, authorize and maintain the security posture of networks, systems, and applications.
Hexagon has provided defensive cybersecurity engineering and support services to DoD and Federal Agencies for over 35 years. This has evolved from our extensive background in system and application development/support experience as well as IT support. We currently provide cybersecurity support to several Navy and Army installations as well as a number of DoD and DHS programs.
Key Benefits
- Experienced, highly-skilled, and cleared staff
- Cybersecurity Workforce (CSWF) qualified staff
- Broad system/application experience
- 35+ years of cybersecurity experience spanning DITSCAP, DAICAP, and RMF
- Active programs supporting Navy, Army, Marine Corps, DHS, and Air Force
- 50 years of Hexagon IT and system experience with networks, systems hardware, database, and applications
- Navy Qualified Validator (NQV) on staff
- GSA MAS SIN 54151 HACS (Highly Adaptive Cybersecurity Services)
For More Information
For more information about the Cybersecurity Engineering and Support Services, contact Hexagon US Federal Sales
Download our Cybersecurity solution sheet (PDF)
Cybersecurity Services
- CyberSecureByDesign® methodology for Secure Software Development
- Hexagon’s Solution Engineering™ methodology combined with decades of experience in computer system/network hardening has led Hexagon to build cyber security into every software and hardware project we undertake; we call this CyberSecurebyDesign®.
- RMF/DIACAP Assessment and Authorization (A&A) for systems and applications
- Skilled with eMASS in preparing, verifying, and submitting RMF packages, including artifacts and forms, policy /procedure assessment and development, SIPRNET and NIPRNET certifications, vulnerability assessments, and risk mitigation
- Continuous Monitoring Support
- ACAS scans, STIG/SRG, STIG Viewer, SCAP checker, HBSS, IAVAM, patching, remediation
- SmartRMF™ Tool
- System Hardening
- STIG/SRG, STIG Viewer SCAP checker, patching, remediation
- GSA MAS SIN 54151 HACS (Highly Adaptive Cybersecurity Services)
- Risk and Vulnerability Assessment
- High Value Asset Assessment
- Cyber Hunt
- Incident Response (IR)
- Penetration Testing
Risk and Vulnerabilities Assessments
- Network Mapping - consists of identifying assets on an agreed upon IP address space or network range(s).
- Vulnerability Scanning - comprehensively identifies IT vulnerabilities associated with agency systems that are potentially exploitable by attackers.
- Phishing Assessment - includes activities to evaluate the level of awareness of the agency workforce with regard to digital form of social engineering that uses authentic looking, but bogus, emails request information from users or direct them to a fake Website that requests information. Phishing assessments can include scanning, testing, or both and can be conducted as a one- time event or as part of a larger campaign to be conducted over several months.
- Wireless Assessment - includes wireless access point (WAP) detection, penetration testing or both and is performed while onsite at a customer s facility.
- Web Application Assessment - includes scanning and/or testing of outward facing web applications for defects in Web service implementation that may lead to exploitable vulnerabilities. Provide a report on how to implement Web services securely and to limit access to only those networks and systems for which they should have legitimate access.
- Operating System Security Assessment (OSSA) - assesses the configuration of select host operating systems (OS) against standardized configuration baselines.
- Database Assessment - assesses the configuration of selected databases against configuration baselines in order to identify potential misconfigurations and/or database vulnerabilities.
- Penetration Testing - conducting and/or supporting authorized Penetration Testing on enterprise network assets.
Penetration Testing
- Conducting and supporting authorized penetration testing on enterprise network assets.
- Analyzing site/enterprise Computer Network Defense policies and configurations and evaluating compliance with regulations and enterprise directives.
- Assisting organizations with the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems, and processes).
Incident Response
- Collect intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential Computer Network Defense incidents within the enterprise.
- Perform command and control functions in response to incidents.
- Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.
Cyber Hunt
- Collecting intrusion artifacts (e.g., source code, malware, and Trojans) and use discovered data to enable mitigation of potential Computer Network Defense incidents within the enterprise.
- Coordinate with and provide expert technical support to enterprise-wide Computer Network Defense technicians to resolve Computer Network Defense incidents.
- Correlating incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation.