Services and Capabilities

Large umbrella-like structure suspended from cables and lit in blue, seen from below

CUI Protection

The Federal government defines information regulated by law, regulation, or Government-wide policy that is not related to national security or otherwise classified as Controlled Unclassified Information (CUI). The protection of CUI, regardless of where it resides, is a lead goal of the U.S. Federal Government. While all agencies protect this information, the safeguards implemented are not uniform and that can sometimes create reluctance to sharing this information. Both federal and non-federal organizations are subject to requirements to protect CUI under 32 Code of Federal Regulations (CFR) Part 2002. 

Defense Department contracting rules will require Non-Federal organizations handling CUI to demonstrate they can adequately protect such information according to Federal specifications starting as early as December 31, 2017. Similar requirements are expected to be applied to other Federal agencies at a later date. If your Non-Federal organization handles government data your operations might be at risk. 

Elfsec has experience assisting non-federal organizations conduct compliance gap assessments against the requirements of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. We can help assess your compliance posture with a quick gap assessment, or a more in-depth assessment exploring compliance needs and proposing a plan of action. Elfsec's gap assessments, compliance analyses, readiness assistance, and compliance reports will help bring your organization into compliance and maintain your eligibility to support Federal clients. We can also provide full life-cycle and maintenance security support depending on your needs. 

Risk Management and Cybersecurity Frameworks

The Federal IT Risk Management Framework (RMF), defined in NIST SP 800-37 is a robust program for the implementation and maintenance of cyber security controls. These services usually support compliance with requirements under the Federal Information Security Modernization Act (FISMA) and related Government-wide policies. Elfsec has experience providing assessments and consulting services based on this and related guidance. 

The Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) was developed in support of Executive Order 13636 (EO), “Improving Critical Infrastructure Cybersecurity,” on February 12, 2013.  The Framework is technology neutral and relies on a variety of existing standards, guidelines, and practices to enable critical infrastructure providers to achieve resilience. Building from those standards, guidelines, and practices, the Framework provides a common taxonomy and mechanism for organizations to: 

  1. Describe their current cybersecurity posture; 
  2. Describe their target state for cybersecurity; 
  3. Identify and prioritize opportunities for improvement within the context of a continuous and repeatable process; 
  4. Assess progress toward the target state; 
  5. Communicate among internal and external stakeholders about cybersecurity risk.

Elfsec can assist organizations assess their cybersecurity posture and fully implement the Framework consistently with all the applicable regulatory requirements related to their industries and client-base.

Cloud Technology

Elfsec can assist your organization in the selection of Cloud Service Providers (CSPs); planning and implementation of cloud migration strategies; and on-going monitoring of cloud-based systems. Adoption of cloud strategies requires a shift in operations and maintenance from in-house hosting and Elfsec can assist in updating relevant policies and procedures to help realize their full potential. 

Elfsec has assisted commercial organizations providing cloud based services to Federal agencies and supported two Third Party Assessment Organizations (3PAOs) under the Federal Risk and Authorization Management Program (FedRAMP). We can also help your organization make a successful transition to "the Cloud."

Contingency Planning and Incident Response

Contingency Plans can make the difference between a fairly routine event and a mission interrupting situation. Elfsec has developed a methodology for developing and testing Contingency Plans in support of continuity of operations to help minimize the impact of unexpected events. Training personnel on their contingency responsibilities and testing the Contingency Plan's effectiveness are critical to avoiding major service interruptions. Our methodology allows various levels of testing, including exercises that challenge readiness without threatening actual operations.

Policies and Procedures

The availability of adequate and actionable policies and procedures are critical to demonstrating the proper design and implementation of security controls. As most organizations are subject to financial audits, service attestations, and security compliance assessments, development of the appropriate policies and procedures is critical. IT policies and procedures can also be critical in demonstrating due care during legal challenges and inspections. Elfsec has experience assessing IT and cyber security policies and procedures. We have also helped develop IT and related risk management policies and procedures to help reduce service interruptions. 

Cyber Risk Management

Elfsec can help your organization benefit from multiple risk management tools and techniques that include:

  • Strategic planning;
  • Uniformly implemented and applied IT, cyber security, and privacy policies and procedures;
  • Continuous security monitoring;
  • Documentation and tracking of control weakness remediation activities; 
  • Implementation of government and industry defined cyber security frameworks and guidance;
  • Training including security awareness, Contingency Plan, incident response, etc.

We Enable Your Mission Goals

Can You Function Without IT?

Whether you are a government organization, business, multi-national corporation, charity, or community organization, you can no longer operate successfully without information systems. Given that reality, understanding the value of your information assets and safeguarding them appropriately needs to be a lead activity. 

Cyber security can be a very intimidating topic, but regardless of your level of comfort you have a role in it. When it comes to safeguarding your information assets Elfsec has the breath of knowledge and experience to communicate the issues using a vocabulary you can understand and act upon. Armed with better understanding, you will be able to better leverage IT to further your organization's strategic goals while cost-effectively managing technology, privacy, regulatory, and other business risks.

Cyber Risk Affects Every Organization

Cyber security can affect anyone, anywhere, anytime. Threats to your organization can come from insiders and an increasing variety of external actors. The size of your organization or volume of business may not reduce your level of risk. The incentives to target your organization need not be large because deployment of attacks can be automated and require very little effort. The good news is that better understanding of risk factors, sound management practices, financial and technical controls, automated tools, cloud and managed services, effective incident response and contingency planning, data analytics, and effective IT Governance can bring significant benefits cost effectively and provide measurable return on investment (ROI). 

Is Elfsec Right for You?

Elfsec can tailor a cyber security strategy for your organization that aligns with your business/mission goals. We rely upon our in-house talent and a network of business partners to meet your needs with the right mix of technology, automation, and personnel.

Contact us at for more information or a quick consultation!