Cyber Security

Includes the authentication, verification, validation, and protection of data, information systems, and resources.

We support the protection of cyber infrastructure, assurance of agency information, and operations that protect and defend information and information systems. We provide confidentiality, integrity, availability, accountability, restoration, authentication, non-repudiation, protection, detection, monitoring, and event react capabilities.

What we do

  • Risk Management Framework Support
  • Facility Protection Planning
  • Information Systems Security
  • Security Operations Center Development and Operations Management
  • Application Security
  • Incident Response Planning and Execution
  • System Assessment and Authorization
  • Security Training and Awareness Programs
  • Security Exercises and Simulation
  • Federal Information Security Management Act (FISMA) Implementation Support
  • Health Insurance Portability and Accountability Act Implementation Support
  • Public Key Infrastructure
  • Trusted Internet Connections Implementation
  • Cryptographic Techniques, Cyber Incident Management, Identity and Access Management Information Security Management System (ISMS)
  • IT System Security Evaluation
  • Network Security
  • Security Automation and Continuous Monitoring (SACM)
  • Supply Chain Risk Management (SCRM)
  • Software Assurance
  • Security Engineering
  • Cybersecurity Maturity Model Certification (CMMC) support
  • Critical Infrastructure Asset Identification and Configuration Management Databases
  • Information Assurance of Critical Infrastructure

Experience in action

United States Department of Agriculture,
Natural Resources Conservation Service
NRCS Chief Information Security Officer Support
Role: Sub Type: Small Business Set-aside, T&M
Description: USDA’s National Resources Conservation Service (NRCS) required a business partner with specialized information advisory services, performing as the CISO’s primary cyber program advisor. Leadership activities included providing analytical support for the drafting of IT security policies, standards, and IT security governance documents. Accomplishments included the development of a continuous monitoring strategy for the Agency, the development of a privacy training program for the Agency, and the core strengthening of the Agency Plan of Action and Milestone (POA&M) closure process (with a corresponding metrics framework). In support of our work, we managed multiple security authorizations for core NRCS applications, working with NIST standards. Oxford developed numerous documents, including a Security Impact Analysis and POA&M Process Guide, while managing Agency security staff on a daily basis.