Cyber & Security Services

SECURITY SERVICES CAPABILITIES OVERVIEW

Being a systems integration public sector specialist requires deep knowledge of how government operates and how agencies do their work. The specialized and niche security processes, regulations and mandates that our agency clients must adhere to are numerous and significant. It is important to have a trusted IT partner who can navigate all of these elements — like having a wingman in combat flight.

Mythics has a specialized team, the Systems Integration Team, with the experience and passionate desire to help government entities conquer IT security challenges. We’ve been building this team for over a decade — long before security was a popular sales buzzword. Today, we’re able to confidently deliver the best security services for our Nation.

Although security is a component in every solution architecture we design and implement, there are specialties which require experts in highly sensitive and highly regulated areas of IT management. Our team's expertise in security and security automation allows Mythics to help our clients BUILD IN security instead of BOLTING ON security, further strengthening systems and avoiding risk for our clients. Below, we describe a few of our distinct capabilities in Security Services.
 

SECURITY ENGINEERING & CYBERSECURITY SERVICES
Critical to any system security is the ability to assess risks to enterprise assets, prevent data breaches, and mitigate vulnerabilities. Mythics has been successful with public sector clients by initially and rapidly deploying a small team of experts who perform a tailored (proprietary to Mythics) system assessment to provide a holistic view of your enterprise risks. We employ application development methodologies to ensure your organization has a foundation of secure configurations and development practices for your enterprise applications. Our methodology takes into consideration connectivity to cloud and external providers, and access to in-house resources for remote and onsite business units. Once we present our findings to your security and stakeholder team, we improve your posture by improving and/or building tools to monitor, identify, and report compliance requirements, as well as respond to and mitigate detected threats.

APPLICABLE POLICY/GUIDANCE/MANDATES/STANDARDS

Cross Agency Priority (CAP) — Cyber Security Goals

Trusted Internet Connections (TIC)

NIST Cybersecurity Framework (CSF)

Federal Information Security and Management Act (FISMA)

Continuous Diagnostics and Mitigation (CDM)

Security and Privacy Controls for Federal Information Systems
(NIST SP 800-53 r4)

With a focus on resiliency and compliance, we tailor our team’s focus to carefully assess the existing security environment.

  • Cloud Security
  • Security and Vulnerability Assessment
  • Risk Management — Assembly of Framework
  • Security Operations and Incident Response
  • Security Engineering
  • Security Assurance Support Services — Continuous monitoring of information assets via ISSO, risk review writing, audit and training of agency security teams and personnel.

IDENTITY, CREDENTIALING & ACCESS MANAGEMENT
Mythics provides traditional ICAM (Identity, Credential, and Access Management) services for managing digital access to systems and applications. By automating tasks, our solutions eliminate paper-based processes and implement core information security principles, thereby increasing productivity and reducing data duplications and possible mismanagement of personal identity data. We have experience with identity proofing for public sector agencies, including sponsored partner organizations or citizens.

APPLICABLE POLICY/GUIDANCE/MANDATES/ STANDARDS FEDRAMP

Cross Agency Priority (CAP) — Cyber Security Goals

NIST Cybersecurity Framework (CSF)

Federal Information Security and Management Act (FISMA)

Continuous Diagnostics and Mitigation (CDM)

Federal Identity, Credential, and Access Management (FICAM)

Homeland Security Presidential Directive #12 (HSPD-12)

NIST SP 800-63-3

NIST SP 800-53 Revision 4

NIST SP 800-116 Revision 1

These services include:

  • Centralized identity lifecycle management to ease administrative burden
  • Role-based access control to prevent unauthorized access
  • Automated account and access provisioning and de-provisioning for reduced help desk costs
  • Electronic identification of employees, partners, and customers for access to IT assets
  • Reduction of PII collection points and increased privacy
  • Enablement of Multi-factor authentication and single sign on

CLOUD SECURITY SERVICES
Mythics builds cloud environments that allow on-demand, on-prem, off-prem and hybrid data storage and application access. Security across private and public clouds can be a daunting task without a partner who is adept at navigating public sector process and policy. However, the risks of making the move to the cloud can be mitigated and are easily offset by the reduced costs, increased efficiencies, enhanced enterprise collaboration, agility and innovation gained. Government agencies can rest easy knowing that our team is fully versed in the regulatory and compliance hurdles that your agency must comply with when it comes to security. We are experts in guiding your path to the cloud.

APPLICABLE POLICY/GUIDANCE/MANDATES/STANDARDS FEDRAMP

FITARA

Cloud First Policy (Federal Cloud Computing Strategy)

DoD Risk Management Framework

DoD Cloud Computing Security Requirements Guide

DoD Cybersecurity service provider

Supporting Publications

Federal Information Processing Standards (FIPS)

  • FIPS 199 — Standards for Security Categorization
  • FIPS 200 — Minimum Security Requirements

‚ÄčSpecial Publications (SPs)

  • SP 800-18 — Guide for System Security Plan Development
  • SP 800-30 — Guide for Conducting Risk Assessments
  • SP 800-34 — Guide for Contingency Plan development
  • SP 800-37 — Guide for Applying the Risk Management Framework
  • SP 800-39 — Managing Information Security Risk
  • SP 800-53/53A — Security Controls Catalog and Assessment Procedures
  • SP 800-60 — Mapping Information Types to Security Categories
  • SP 800-128 — Security-focused Configuration Management
  • SP 800-137 — Information Security Continuous Monitoring
  • SP 500-292 — Cloud Reference Architecture

Contact the Security Service experts at Mythics today:
866 MYTHICS | mythics.com/datasecurity | datasecurity@mythics.com