Key Management Solutions, LLC (KMS) is a Veteran Owned Small Business (VOSB) that provides Information System Security Engineering (ISSE), Department of Defense (DoD) and Federal Certification & Accreditation (C&A), Research, Development, Test and Evaluation (RDT&E), and Rapid Technology Transition services with an emphasis on supporting the development and transition of NSA Suite B-enabled Commercial Solution for Classified (CSfC), Secure Cloud, Cross Domain Access (CDA) and/or Quantum Computer Resistant Algorithm-enabled Prototype and Instantiation efforts.
The following sections provide additional information about our Core Services.
Cybersecurity Information Systems Security Engineering (ISSE) is the art and science of discovering users’ information protection needs and then designing and making information systems, with economy and elegance, such that it can safely resist the forces to which it may be subjected. The ISSE process is an integral part of systems engineering (SE) and should support certification and accreditation (C&A) processes. The ISSE-supporting processes and activities include, but are not limited to system security design, engineering life cycle, vulnerability management, cross domain solutions, anomaly identification/management, risk management, intrusion detection, contingency planning, incident handling, configuration control, change management, auditing, and C&A.
Applying a standardized, CMMI-based Security Engineering process, KMS applies applicable NSA Information Assurance Technical Framework (IATF) and NIST Framework for Improving Critical Infrastructure Cybersecurity engineering recommendations to every ISSE effort we support. Additionally, KMS Security Engineers meet/exceed training requirements for, and apply area-specific knowledge gained from achieving DoD 8570.01 Information Assurance Workforce Improvement Program certifications including, but not limited to, IA Technician (IAT) Level III, IA Manager (IAM) Level III, IA System Architect and Engineer (IASAE) Level III, and Computer Network Defense (CND) Analyst, Incident Responder and Auditor. For additional information on KMS Suite B/CSfC services contact at firstname.lastname@example.org
Engineering and developing preventative methods and practices used to protect information from being stolen, compromised or attacked. This requires a deep understanding of potential information threats, such as viruses and other malicious code. Our cybersecurity engineering strategies include:
Our engineering experts understand the importance and role cybersecurity plays in advanced technologies. We work with customers to ensure effective cybersecurity is baked into the system requirements and also work with customers to implement effective security controls later in the System Development Lifecycle (SDLC).
KMS Engineers strive to embody the very definition of the Information Systems Security Engineering (ISSE) process – The art and science of discovering users’ information protection needs and then designing and making information systems, with economy and elegance, so they can safely resist the forces to which they may be subjected.
Within the scope of this definition, KMS Engineers systematically service and support research laboratories to develop and field systems for experimentation and testing.
Our advanced engineering RDT&E services include:
A critical gate (and many times an acquisition milestone) in a systems development lifecycle includes getting an advanced technology into the hands of the warfighter during a field testing. For many years, our engineers have successfully supported the field testing of vehicle, ship, and aircraft mounted advanced technology systems and technologies, providing pre, during, and post Field Test support including, but not limited to, the following services:
A successful system demonstration is another gate / milestone to maintaining the critical path to operational fielding. While Field Testing venues allow a system the ability to self-test and document pass/fail results against named requirements, System Demonstrations generally showcase a number of prototype / developmental systems that compete to showcase specific system capabilities based on warfighter / Operational requirements. Leveraging our deep operational support background, and recognizing that a different skill sets are required to support a lab demonstrations vice a field demonstrations, KMS engineers thrive in both lab and field demonstration environments, providing pre, during, and post demonstration support services to advance the new technology.
Over the years, while providing technical and Program-level Information System Security Engineering (ISSE) and Research, Development, Test and Evaluation (RDT&E) support services for countless Advanced Concept prototype development efforts, we have seen a number of exceptional technologies die on the vine because they could not satisfy Information Assurance requirements, were field tested unsuccessfully or tested in the wrong test environment, and/or did not provide the minimum system documentation required for a successful transition to a Program of Record. Unnecessarily stopping these efforts not only wasted taxpayer dollars, but negated the possibility of transitioning potentially life-saving technologies to our war-fighters, coalition partners, partners for peace, civil servants and/or First Responders.
Leveraging previous Program of Record (PoR) support experience, KMS provides tailored Technology Transition services - traditionally focusing on development and execution of a Pre-planned Product Improvement (P3I) and/or an Integrated Logistics Support (ILS) Plan.
KMS's team or Penetration Testers (with certifications including FBI-Qualified Licensed Penetration Tester (LPT), Certified Ethical Hacker (CEH), Certified Advance Ethical Hacker (AEH), and Certified Reverse Engineering Analyst (CREA)), have extensive experience safely exploring the edges and inner workings of our customer’s networks and systems. From information gathering to application exploitation, KMS cybersecurity engineers can help you identify your weaknesses before an adversary does to include:
KMS Penetration Testers / Ethical Hackers use the same methods and techniques to test and bypass a system's defenses as their less-principled counterparts, but rather than taking advantage of any vulnerability found, they document them and provide actionable advice on how to fix them so the organization can improve its overall security. Penetration Testing and/or Ethical Hacking is not an unstructured field. The DoD 8570.01 Information Assurance Workforce Improvement Program specifically includes/requires Certified Ethical Hacking (CEH) certificates as an entrance requirement to perform IA-specific roles including, but not limited to Computer Network Defense (CND) Analyst, Incident Responder and Auditor. KMS Meets and exceeds all certification requirements for DoD and Federal System Penetration Testing and/or CEH.
RMF / C&A
KMS is a Certified, Fully Qualified Corporate Navy Validator (FQCNV) as appointed by the US Department of the Navy Certification Authority, and has supported a number of Navy, Naval, Service, COCOM, and Federal system Certification and Accreditation (C&A) efforts. Our Security Engineers have been Certified for both Enterprise Mission Assurance Support Service (eMASS) and Xacta C&A automation tools, and have extensive experience with both 'new start' Risk Management Framework (RMF) efforts and supporting system C&A migrations from DIACAP to RMF.
Unlike the previous C&A approach (under DIACAP), RMF allows, and requires, a tailoring of system and operations-specific security controls. This tailoring, in turn, requires experienced Security Engineers - such as KMS Certified C&A engineers - to efficiently and effectively define and implement the optimal security posture.
The selection and specification of security controls for an information system is accomplished as part of an organization-wide information security program that involves the management of organizational risk---that is, the risk to the organization or to individuals associated with the operation of an information system. The management of organizational risk is a key element in the organization's information security program and provides an effective framework for selecting the appropriate security controls for an information system---the security controls necessary to protect individuals and the operations and assets of the organization.
The Risk Management Framework (RMF) steps illustrated below provide a disciplined and structured process that integrates information security and risk management activities into the system development life cycle.
The risk-based approach to security control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations.
The Commercial Solutions for Classified (CSfC) program within the NSA IAD uses a series of vendor agnostic Capability Packages (CPs) to provide configurations that will allow customers to independently implement secure solutions using layered, NSA Suite B cipher-based Commercial Off the-Shelf (COTS) products.
Since 2007, KMS has and continues to provide a number of CSfC and CSfC-related Integration Services and Technologies. View More