Statement of Capability

(1)

(2)

Table Contents

Company Overview ... 3 Company Registrations ... 3 Company Registrations ... 4 Forensic Analysis ... 5 Why Us? ... 4 R&K Services ... 5

Program/Project Management & Support: ... 5

Information Management & Support: ... 6

Information Assurance & Support: ... 6

Linguistic Management & Support ... 6

Intelligence Support Services ... 6

Application Security... 7

Certification and Accreditation (C&A) ... 7

Cyber Security /Incident Response ... 7

Malware Analysis ... 7

Penetration Testing ... 8

Risk/Vulnerability Assessments ... 8

Secure Network Design and Implementation ... 8

Contingency Planning ... 8

Application Development & Integration ... 10

BUSINESS INTELLIGENCE SOLUTIONS ... 10

(3)

Company Overview

R&K Cyber Solutions (R&K), LLC is a leading and award winning provider of Application development and Cyber Solution company, specialized Information Assurance (IA) services, and Certified Security processes to all US Federal Government (Civilian, DoD, and IC), and to customers in selected commercial markets. All R&K solutions, specialized IA Services, and certified security processes are backed by our unwavering commitment to our customer's satisfaction. We strive to be a leader in cyber security innovation, while maintaining the highest quality of our training, products, and services. R&K is a Small Disadvantaged, Minority Owned, VA Certified Service-Disabled Veteran-Owned Small Business (SDVOSB). R&K has management teams that have an excellent track record in providing the following services:

 Cyber Security / Incident Response  Certification and Accreditation  Contingency Planning

 Vulnerability Management  Penetration Testing

 Secure Network Design and Implementation  Forensic Analysis

 Malware Analysis / Reverse Engineering  Intelligence

 Linguistics

 Application Development  Business Intelligence

It is our passion to provide the highest qualified personnel and solutions to our customers. We believe in continuously improving our customer's ability to monitor and improve the confidentiality, integrity, and availability of their systems and applications.

R&K has a successful and award winning track record of providing risk-based/Information Security (FISMA, IG, NIST, DIACAP) to our customers. From risk assessments to providing support for an entire Federal Agency's Information Security Program, R&K will ensure our customers' systems and programs exceed Federal, DoD, and IC security requirements.

In addition, R&K provides global support for ongoing and contingency military operations, peacekeeping and civil affairs, refugee support, intelligence collection, analysis, and report. R&K employs the necessary personnel with the translation and interpretation knowledge to fill your assessed needs, whether it is for face-to-face meetings and interviews, or for technically written translation.

(4)

Company Registrations

Business Category:

Service Disabled Veteran owned (SDVO), Disadvantaged Business Enterprise (DBE), Minority Business Enterprise (MBE), and Veteran Owned Small Business (VOSB)

DUNS: 963630251 Cage Code: 63j89

North American Industry Classification System (NAICS): Primary: 541512 - Computer Systems Design Secondary: 541990 NAICS List: 423430 541519 541930 541511 541330 541513 541518 561210 561990

Why Us?

R&K’s focus on our client’s goals and requirements to deliver the right solutions. We supply a superior service and we present a highly skilled workforce to fulfill project success. We preach on flexibility in collaborative efforts with our clients. We are knowledgeable in our strategies to provide a flexible and interconnected IT environment. Through balanced insight into the challenge R&K inherits in our strategies, we are able to advice on how the pros and cons of these strategies might impact a particular project’s objective.

Both internal and external threat must be considered in any security risk management program. That is why we balance security requirements with business imperatives for optimal delivery of services. We support technological solutions with management policies, usage guidelines, and integrate security standards across applications, and communications platforms. We demonstrate knowledge and care in every project that we undertake which in turn instill confidence of our performance from our clients.

Butterfly Effect: Proposes that complex systems rely on an underlying order, that even the smallest change can cause complex behavior or events to occur. IT infrastructures are based on a conglomeration of technologies and interaction among complex systems. Even the smallest change in one technology sector can have unpredictable and dramatic ripple effects on the rest guaranteeing the project’s success.

(5)

R&K’s Services

Forensic Analysis

R&K Cyber Solutions, LLC is an expert at computer forensic investigations and one of the world’s elite computer investigators. We help law firms and companies track and recover millions of dollars in contract violations, embezzled monies or stolen digital assets.

Contact us for an estimate if you have a computer forensic investigations or emergency incident.

R&K is a computer forensic investigations expert of choice for digital forensics for law enforcement, computer forensics for Federal, DoD, IC agencies, private corporations, attorneys, and other professionals for full service incident response, forensic data recovery, presentation, and expert witness testimony.

Our experience combines the best of law enforcement, national security, and private product supplier experience to give your agency quality customer service. We use a proven and systematic methodology in our digital forensics investigations to ensure best evidence and data recovery success.

Program/Project Management & Support:

R&K provides effective program/project management & support through project-specifics, tailored management plans based on Quality Management policies, procedures, and instructions. These quality procedures enable us to perform an outstanding Systems engineering and Technical Support (SETA) as well as Facilities Management & Support to a variety of clients. Our program support services assist with diverse program operations to Government entities. Our Program Management Methodologies are derived from the Program Management Body of Knowledge (PMBOK®).

 Program Office Management & Support  Program/Project Evaluations

 Analysis

(6)

 Logistical Management & Support Services  Business Process Re-Engineering

Information Management & Support:

Our Information Management and Support services deliver innovative solutions for life cycle records management, electronic document management, knowledge management, and network installation & administration services. The crucial factor in the information and decision process analysis is thus individuals’ limited ability to process information and to take decisions under these limitations. We derive our Information Management Methodologies from the Information Management Body of Knowledge (IMBOK®).

Information Assurance & Support:

Recognizing the risks and vulnerabilities of Information Assurance that local, state, federal agency, as well as the Commercial Industries face in this increasingly collaborative environment R&K is dedicated to provide the support and expertise needed to combat and for fill the need of the assurance of Information.

 Security Policies & Procedures  Encryption & VPN

 Disaster Recover

 Business Continuity  Security Auditing

Linguistic Management & Support

R&K provides global support for ongoing and contingency military operations, peacekeeping and civil affairs, refugee support, Intelligence collection, analysis, and report. R&K employs the necessary personnel with the translation and interpretation knowledge to for fill your assessed needs, whether it is for face-to-face meetings and interviews, or for technically written translation.

Intelligence Support Services

R&K provides Subject Matter Experts and staff support for Intelligence Analysis, Resource Management, and Force Management. Additionally, R&K provides IT services to include software engineering and application development services for Decision Support Systems, Information Management Systems, and Database

Management. R&K is ready to supports a variety of Department of Defense customers across a full spectrum of functional areas, ranging from Department of the Army intelligence.

All-Source  CI/HUMINT  Counterterrorism  Regional  Cultural  Religious  Open-Source

(7)

Application Security

Don't wait until your system or software is complete to add security! Our engineers are experts at ensuring your software and system designs meet National, Departmental, and Agency security standards for both classified and unclassified systems and software (FULL SDLC SECURITY SUPPORT - FROM INITIATION TO DISPOSAL). R&K also ensures custom software code is secure by assessing the code through best practice code analysis tools and managing the entire package of software through SDLC established guidelines. If you have already completed the development of a system or software package and need it to be secure, contact R&K and we will use

Commercial-Over-The-Shelf (COTS) products and NIST/NSA/DoD hardening guides to ensure your systems and software meet US Government security compliance.

Certification and Accreditation (C&A)

How do we make the C&A process highly efficient and cost-effective? Hire only the most qualified people and employ only the most effective methodologies. Of course, this is much easier said than done. However, for R&K, anything is possible. We have some of the best engineers and certified security professionals.

They are well-trained and experienced in all C&A standards. R&K has depth, breadth, and vision when it comes to C&A. We work hard to enhance our customers' overall security posture. R&K has supported our customers using NIST, DCID 6/3, DITSCAP, DIACAP, FIPS 200, FIPS 201, FIPS140-2 and commercial (ISO) requirements. We provide services for meeting the FISMA and Independent Verification and Validation (IV&V) requirements. We prepare and assess security documentation to ensure our customers meet their security requirements. Even more than that, we provide tools and insight throughout the C&A process to ensure our customers exceed those

requirements. Best of all, efficiency, quality and cost-effectiveness are very important to us.

Cyber Security /Incident Response

How do we handle IT-related incidents?

R&K has on-hand expertise to prevent, contain, respond, eradicate, and recover from any IT-related incident. We have the expertise to help recover our customers' operations after a major incident. R&K will provide a top notch Threat Management team that will provide detailed Root Cause Analysis of how and why a particular incident took place and will help ensure that the same incident does not happen twice. We can also developed Agency Incident Response Plans and Policies for our federal and private sector customers. R&K will provide a Cyber team that will monitor and analysis all system activity 24x7. This Cyber team while monitoring will consist of the expertise needed to not only understand exactly what is taking place and be able to determine what events are false versus true, but also be reactive.

Malware Analysis

Per OS new AV Vendors Detect On Average 19% Of Malware Attacks

R&K have extraordinary expertise and experience in identifying the impact of unknown code on your enterprise. We are able to perform rapid, dynamic analysis of hostile Windows and Unix programs in order to profile network- and host- based indicators of compromise along with the needed Reverses engineering of unidentified and

(8)

obfuscated code or malware. This analysis lets us identify the scope and intent of the malicious code to find and eradicate malware that antivirus misses.

Penetration Testing

How do we approach penetration testing?

R&K builds each penetration team based on system scope and the background, education, and subject matter expertise of our security engineers. We always work closely with our customer to develop custom-fit rules of engagement that fully address our customer’s needs while ensuring to work within any restrictions or sensitivities. This includes the ability to perform a variety of services ranging from Blackbox and/or Whitebox penetration testing, web application testing, Database application Testing, OS testing, war-driving (wireless assessment), and social engineering scenarios, to the flexibility of providing testing services on weekends and downtime hours. We can also provide consultation on performing specific penetration testing techniques, along with developing and presenting a variety of policy and awareness training. We have hands-on experience penetration testing proprietary black-box/ commercial communications systems, extensive mainframe financial & medical systems, web-based applications, robotic/sensor systems, medical devices/systems, authentication/ encryption applications, slim/fat client applications, embedded systems, wireless systems, and entire data facilities

Risk/Vulnerability Assessments

Is there any risk in trusting us to assess your systems?

Not at all! R&K are experts at providing agency-specific or National level risk and vulnerability assessments. Our team will also provide risk and vulnerability assessments following the NIST SP 800-26, NIST SP 800-30, NIST SP 800-53, and DoD/DHS Critical Infrastructure Protection (CIP) guidelines DoD (8500.2), and have an excellent understanding of DoD IAVAs. We have developed comprehensive security control assessments for desktops, servers (Windows and Unix, Linux), Web servers, Database Servers, and mainframes.

Secure Network Design and Implementation

R&K’s engineers have no problem handling the secure design, implementation, and configuration of network and security devices. Our secure network designs are based on Defense-In-Depth Strategies, Federal and Industry Best Practice and always exceed our customer's certification and accreditation requirements. R&K has been responsible for installing, configuring, monitoring, and auditing firewalls, Intrusion Detection/Prevention Systems (IDS/IPS) host and network based, Anti-Virus, Application proxies, VPN appliances and other related security infrastructure throughout the Federal Government and Department of Defense (DoD). Our expertise can reduce any customer's daily false-positives from several million to less than twenty per day. R&K also specialize in pre-security design for new applications and post security design to help secure older legacy versions.

Contingency Planning

 Did you know that according to the Forster Research Group 43% of all companies that experience a loss of computer records never reopen their doors?

 Did you know that 51% of the companies that experienced a loss of computer records closed their doors within 2 years and that only 6% survived over the long term?

(9)

R&K has extensive experience in identifying, developing and implementing recovery strategies and the supporting technical solutions to ensure they fully meet the requirements and the budget of our customers. We have a track record of success in developing continuity policies, procedures, and guidelines. Our proven, repeatable and scalable methodology in conducting Business Impact Analysis (BIA), and Recovery Strategy Analysis (RSA) accurately identifies recovery requirements and the most efficient, cost effective means of meeting those needs. We expertise in developing and testing Preparedness Plans, Emergency Evacuation Plans, System Backup Standard Operating Procedures, system specific Contingency Plans, Continuity Of Operations (COOP) Plans, data center Disaster Recovery Plans (DRP).

As independent consultants, we have no biases! No hidden agendas! Our recommendations are made because they’re in YOUR BEST INTEREST! We have no stake in strategies that we recommend to you.

Is the protection of health care information a concern? We have extensive experience ensuring the confidentiality, availability, and integrity of both Federal and Commercial customers. Our expertise has been used in the URAC-sponsored HIPAA implementation guide among several Federal Contingency Planning Guidelines. We know your concerns and can guide you through the issues of recovery, so you can focus on your patients’ well being.

We are firm believers in providing secure real and implementable solutions for our customers – not just producing mass amounts of paper. Our processes are in compliance with ALL Federal, requirements and best practices. We ensure the system and infrastructure prioritizations resulting from our BIA process meet HSPD-7 and the National Infrastructure Protection Plan, FIPS 199, FIPS 200, NIST SP 800-34, NIST SP 800-53, DoD 8500.2, and DCID 6/3 requirements. You are assured that the recovery plans we develop for you will implement the strategies necessary to comply with the availability categories as well as the mandatory security controls that will ensure compliance with the integrity and confidentiality requirements.

FISMA Compliance: We will not recommend or implement recovery solutions that are not 100% FISMA compliant. Information Security protections will be identified commensurate with the risk and magnitude of the harm that could be caused to your organization through unauthorized access, use, disclosure, disruption

modification or destruction. Our SMEs are true experts in developing recovery programs under FCD-1 and NSPD-51/HSPD-20 so that any COOP capability developed dovetails with whatever COOP, COG, or ECG requirements your organization may have. The recovery strategies we recommend, will address ALL of your concerns, at any level of Government. Your system contingency plans will be updated, enhanced and incorporated into your comprehensive recovery plan, so that you will have an easy to execute, scalable recovery plan allowing you to respond to any size emergency from the loss of a single system to a catastrophic loss of your entire facility. When the plan is written we do not stop there. We will conduct a tabletop exercise with your recovery principals to ensure they understand how to implement the plan. We can also maintain your plan on a recurring basis as well continue to support your exercises. We offer training classes tailored for each level of your organization.

1. Develop the Continuity policy statement. A formal department or agency policy that provides the authority and guidance necessary to develop an effective recovery capability.

2. Conduct the business impact analysis (BIA). The BIA helps to identify and prioritize all your functions and determine the critical IT systems and components. A template for developing the BIA is also provided to assist the user.

3. Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.

4. Develop recovery strategies. Thorough recovery review and analysis to ensure that your organization’s functions along with the mission essential systems may be recovered quickly and effectively following a disruption.

5. Plan Development. The contingency plan should contain detailed guidance and procedures for restoring whatever may have been affected by the incident.

(10)

6. Plan testing, training, and exercises. Testing the plan identifies planning gaps, whereas training prepares recovery personnel for plan activation; both activities improve plan effectiveness and overall agency preparedness.

7. Plan maintenance. The plan must be a living document that is updated regularly to remain current with system enhancements.

Application Development & Integration

Developing applications to meet business needs relies on technology, tools and technical architectures. R&K’s research focuses on best practices and technologies for delivering applications to the production environment and maintaining their evolution over their life cycle, including governance and control issues.

BUSINESS INTELLIGENCE SOLUTIONS

R&K’s BI solutions provide comprehensive BI functionality that can empower users to make effective, informed decisions based on solid data and analysis. All users, from the high-end analyst to the casual business user, have access to the information they need - with minimal dependence on IT resources and developers.

With these powerful solutions, users can access, format, analyze, navigate, and share information across the enterprise. R&K’s BI solutions enable:

 Advanced analytics

 Dashboards and visualization

 Information infrastructure

 Query, reporting, and analysis

 Reporting

(11)

Contact Us

[email protected] Office: 703.881.7774 Location:

10432 Balls Ford Rd. Suite 300 Manassas, Va 20109

R&K’s, quality policy is to achieve sustained, profitable growth by providing services, which consistently satisfy the needs and expectations of its customers. This level of quality is achieved through adoption of a system of procedures that reflect the competence of the Company to existing customers, potential customers, and independent auditing authorities. Achievement of this policy involves all employees who are individually responsible for the quality of their work, resulting in a continually improving working environment for all.