, LLC

IT Security - Custom Software and Hardware -  Solutions

Let’s face it, navigating through the RMF process can be a challenge. Training can be expensive and sometimes, one-on-one personal interaction really makes a difference. Well, we are here to assist in providing one-on-one personal interaction within your organization. There is no need to send ISSOs or SAs off to training, all training and assistance is performed on the job. Cross Automation & Consulting not only specialize in custom software and hardware but also over 20 years of information security experience. We assign a Subject Matter Expert (SME) to provide the DoD Risk Management Framework (RMF) Support for Assessment and Authorization package for your information systems. The RMF Liaison Consultant has knowledge of a wide range of security concepts, principles and practices, and can resolve difficult and complex security problems. The RMF Liaison Consulting will provide services in risk mitigation, understanding security controls, and navigating risk through continuous monitoring. In addition, the RMF Liaison Consulting provides hands on support in the DoD RMF steps necessary to obtain an ATO.

The RMF Liaison:

  • Possess up to IAT Level II and III and IAM Level III and II
  • Supports security authorization activities in compliance with National Institute of
  • Standards and Technology Risk Management Framework (NIST RMF)
  • Conduct status meetings and determines next steps in moving the systems toward a successful accreditation effort
  • Work with the government customers (and potential customers) on security-related matters by acting as a liaison between ISSO, ISSM, DAO and SCA
  • Provide dedicated support throughout RMF Lifecycle
  • Assist the team members in interpreting and applying mitigation strategies
  • Work with the team to review findings from self-assessment to determine readiness for independent assessment
  • Proactively work on findings once risk assessments are complete.
  • Evaluate and analyze vulnerability results from ATO assessments, penetration tests, or ad Hoc risk assessments from NESSUS.
  • Review POA&M closure and waiver packages in accordance with the IAD POA&M
  • Standard Operating Procedures.
  • Assist with development of evidence documentation
  • Assist in maintaining operational security posture for an information system or program