Craig provides continuous monitoring, performs compliance assessments within designated enclaves (Systems, subsystems, and individual computing/electronic devices), validate compliance against the predetermined Security Technical Implementation Guides (STIG), and mitigate / correct deficiencies as discovered. Our engineers have migrated heterogeneous environments and campus networks to the risk management framework and developed/maintained network accreditation documentation in accordance with Federal government, civil and defense agency regulations.

Cyberspace and its underlying infrastructure are vulnerable to a wide range of risk stemming from both physical and cyber threats and hazards. Craig’s Cybersecurity Engineers and Analysts use an agency and mission-based approach that supports the architectural methodology in NIST Special Publication “Managing IT Security Risk” (SP 800-39). Our cyber-security teams meet current Risk Management Framework and DoD 8570 requirements via the CISSP, CompTIA, Sec+ CE certification process and conduct Information Systems vulnerability assessments, risk mitigation, and Plan of Action and Milestone (POA&M) development and tracking.

Craig Personnel are certified to perform active threat assessment and penetration testing under DIACAP and RMF controls. DIACAP/RMF is the DoD Information Assurance Process to ensure risk management is applied to Information Systems.

Employees maintain a range of Certifications and Accreditations including:

CISSP-ISSEP – ISC2 – International Information Systems Security Certification

Security+

Certified Ethical Hacker (CEH)

GIAC Penetration Tester (GPEN) – GIAC (Global Information Assurance Certification

GIAC Security Essentials (GSEC)

Computer Hacking Forensic Investigator (CHFI)

CompTIA Certified Advanced Security Practitioner (CASP)