Cyberspace and its underlying infrastructure are vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards. Craig’s Cybersecurity Engineers and Analysts use an agency and mission-based approach that supports the architectural methodology in NIST Special Publication “Managing IT Security Risk” (SP 800-39). Our cyber-security teams meet current Risk Management Framework and DoD 8570 requirements via the CISSP, CompTIA, Sec+ CE certification process and conduct Information Systems vulnerability assessments, risk mitigation, and Plan of Action and Milestone (POA&M) development and tracking.

They provide continuous monitoring, perform compliance assessments within designated enclaves (Systems, subsystems and individual computing/electronic devices), validate compliance against the predetermined Security Technical Implementation Guides (STIG) and mitigate / correct deficiencies as discovered. Our engineers have migrated heterogenous environments and campus networks to the risk management framework and developed / maintained network accreditation documentation in accordance with Federal government, civil and defense agency regulations.

Information Assurance and Certification and Accreditation:

  • Craig cybersecurity technicians provide technical support and documentation to support Information Assurance and Security Certification and Accreditation to both defense and civil agencies in accordance with Federal and agency-unique regulations and requirements.

Material Support:

  • Craig security engineers have assembled programmatic, specification, design, and performance reference material to add greater fidelity to the top-level certification and accreditation plans and allow them to be approved and acted on with minimal disruption or uncertainty.

Cybersecurity Testing:

  • Craig cybersecurity subject matter experts develop necessary security test planning documents, scan systems for compliance using a variety of industry standard tools and conduct specified analysis in support of security risk and vulnerability assessments at all stages of the accreditation process.


  • Craig cybersecurity professionals compile and develop all of the required security documentation and reports and produce the final version of the certification and accreditation package and the System Security Administrator and Operators Manual so the government has the ability to maintain their systems.