Cybersecurity Center of Excellence

A Dedicated Group of Cybersecurity Experts Who Deliver Innovative Solutions and Achieve Operational Excellence for Each of our Customers

Today’s evolving cyber threats faced by Federal departments and agencies (D&A) cover a wide range of malicious activities from nation-state sponsors, criminal organizations, terrorist groups, hacktivists, insider threats, and others. These threats come from highly advanced, group-based entities that seek to operate inside of and maintain a presence on and in their target’s systems. When coupled with increasing regulatory requirements and oversight, the move to a risk management versus a compliance approach, and growing resource constraints, these threats presents huge challenges.

To be effective in this operational environment, Federal D&As must employ a cybersecurity program that focuses on operating in cyberspace instead of reacting to it. The need for innovative cybersecurity approaches, methodologies, and best practices that address interoperability, usability, and privacy is critical for the nation and the Federal government.

Criterion | Cyber
Criterion | Headshot
John Harrison, Director, Cybersecurity Center of Excellence

Core Capabilities

Cybersecurity Engineering and Technical Services

Provides services and capabilities including engineering, implementation, operation, and maintenance support for information system security controls that are implemented through technical mechanisms in system hardware or software.

  • Information System Security Engineering (ISSE)/Security Control Support
  • Cyber Defense Technology/Information System Protection Support
  • Enterprise and Security Architecture Support
  • IT and Cybersecurity Integration
  • Cybersecurity Infrastructure Operations and Maintenance (O&M)
  • CS&P Product Research, Evaluation, Testing, and Secure Configuration Support
  • Secure IT Development, Design, and Implementation Support

Cybersecurity Governance and Program Management Services

Provides services and capabilities including development, implementation, assessment, improvement, maintenance, and governance support for all cross-cutting aspects of the organizational cybersecurity program.

  • Data Security Support
  • CS&P Program Execution
  • CS&P Policy and Governance
  • Risk Management Framework (RMF) Support
  • Enterprise Vulnerability Management and Mitigation Program Support
  • CS&P Training Support

Cybersecurity Operations Services

Provides services and capabilities including implementation, operation, and maintenance support for information system security controls executed primarily by people.

  • Security Operations Center Support
  • Focused Operations Services
  • National Security Systems Cybersecurity Support
  • Intelligence Community Cybersecurity Support
  • Information Operations Support
  • Critical Infrastructure Protection Planning and Program Support
  • Industrial Control Systems (ICS) Support
  • Privacy Protection Support

Cybersecurity Compliance, Risk Management, and Continuous Monitoring Services

Provides services and capabilities including development, implementation, assessment, improvement, and maintenance support for cybersecurity program and system compliance activities, assessment and management of system and organizational level cybersecurity risk, and ongoing conduct of system and organizational continuous monitoring activities.

  • CS&P Program and System Audit Support
  • Command Cyber Readiness Inspection (CCRI) Support
  • Cybersecurity Service Provider (CSSP)
  • Site Assistance Visits (SAVs)
  • Information Operations Condition Implementation
  • Security Assessment and Authorization (SA&A)/RMF Support
  • Information Systems Continuous Monitoring (ISCM) Support
  • Risk Management and Risk Assessment Support
  • Cyber Supply Chain Risk Management Support

Cybersecurity Thought Leadership

Here are our latest blog posts on cybersecurity-related topics written by Criterion subject matter experts.