Cyber security

High Value Assets (HVAs)

Every Organization has HVAs

Every organization has HVAs, but how they operate and safeguard them is different. For U.S. government agencies, BOD 18-02 dictates specific processes and procedures to determine HVAs, schedule their detailed assessments, and maintain appropriate security levels. Furthermore, the Cybersecurity and Infrastructure Agency (CISA), responsible for BOD 18-02 execution, designates two different levels of HVAs, one of which the target agency must evaluate internally with CISA-trained and qualified assessors.  

Not Every Organization has Qualified HVA/RVA Assessors

Zen Strategics has built out an ecosystem critical to the success of performing cyber assessments, providing national level data views that inform risk reduction and help strengthen national cybersecurity posture. Our program is available for individuals affiliated with government entities and in the private sector and with out CISA-trained and qualified assessors will evaluate:  

• High Value Asset (HVA)
  Assess the HVA security architecture to identify technical concerns that could expose the organization to risk

• Risk and Vulnerability Assessment (RVA)
  Collect data through on-site assessments and combine with national threat and vulnerability information to provide an organization with actionable remediation recommendations prioritized by risk and known threats in the environment

ZEN will Guide your Organization through the BOD 18-02 Jungle

Zen assessors will ensure a correctly developed assessment is conducted for your HVAs, focused on the system specifications and nuance, not through a cookie-cutter approach. Throughout the process, our Team will maintain communications, delivering updates and observations in a timely manner, and with the utmost respect for your daily operations. All findings and process documentation are provided and we ensure all recommendations to address findings and maintain compliance are fully incorporated into our follow-on engagements.

Security Operations

Most federal agencies face an inefficient security operations environment. The many years of rapid change in federal IT security infrastructure, combined with the changing and new reporting requirements of agencies have led to the acquisition of a broad security toolset. Federal cyber executives now find themselves with too many tools, costly overlaps in many tool capabilities, and gaps elsewhere. The result is technical debt, where significant labor costs are driven simply by operating and maintaining an agency’s existing set of security tools. Zen Strategics assists organizations with developing, implementing, and maintaining the technologies, methodologies, and processes to defend against targeted attacks and advanced persistent threats. We build dynamic, robust, adaptable, and automated security architectures that protect data, resources, and personnel.

Cyber Advisory

We offer organizations the opportunity to align their cyber offerings with the dynamic changes in policy, priority, and the cyber threat landscape. With up-to-the-minute policy and market expertise, Zen Strategics helps clients through competitive intelligence and innovation, leading to successful investment and outcomes. Working with federal and investment organizations, we assist with keeping in line with the latest trends, technologies, and ‘best fit’ solutions in the cyber landscape.

Security Compliance & RMF Services

Our proven methodology of implementing Program and Systems Security Requirement Traceability Matrices (SRTMx), provides Assessment and Authorization (A&A) for complex, existing systems for ongoing authorization. Performing an initial gap analysis and evaluating security controls using National Institute of Standards and Technology (NIST) procedures, Zen Strategics performs Continuous Monitoring (CM) for our clients, leveraging our experience with automated testing tools on both strategic and tactical levels.

In compliance frameworks such as FedRAMP, FISMA, DIACAP/DoD RMF, NIST/RMF, and SOC, we enable public and private organizations to successfully navigate complicated regulatory landscapes. With experience in providing customized, risk-based solutions that address our clients’ unique advisory and assessment needs, we have supported Whitehouse & OMB cyber initiatives to include development and reporting of FISMA metrics that all agencies are responsible for implementing as part of the ISCM mandate.

Continuous Monitoring & Network Security/Risk & Vulnerability Management

Zen Strategics has a proven record of success helping organizations implement continuous monitoring programs. We provide access to industry leading solutions with a unique ability to design, implement, and integrate these solutions into operational environments, enabling high-performance security programs. With over 7 years of working with DHS to create the mandate and policy that the 24 CFO act agencies comply with, we are the insiders and best advisors to your Continuous Diagnostics and Mitigation plans. Zen Strategics uses proven National Institute of Standards and Technology (NIST) compliant methodologies for risk and vulnerability management. Our approach starts by capturing the flow of existing risk management policies, procedures, and security baselines, adding modular components as needed to support management and decision-making. With innovative, unique, and customized continuous diagnostics and mitigation (CDM) solutions, our clients are provided technical engineering and operational/program security support for integrated, modernized systems that leverage contemporary cloud solutions.