Cloud and On-Premise Systems

System and Network C&A:

» Initial security assessment


» Post-accreditation maintenance

Security Test and Assessment:

» Vulnerability assessment

» Penetration testing

» Software application certification

» Risk assessment

Malicious Software Management/Analyses


Security Assessment, Compliance and Authorization

Risk Assessments

Telos cybersecurity consultants use their expertise in security assessment, compliance and authorization to analyze threats to cloud and on-premise systems based on their likelihood of occurrence. By combining known threats, architectural design, and the probability of occurrence with mitigation and risk transference strategies, we are able to provide a clear representation of an organization's risk posture.

We have performed assessments of complex multi-level secure systems, small, dedicated systems, cloud-based services, and e-commerce systems. Our consultants have assisted the FBI and the Army with a major insider incident investigation and with other security incidents.

Network Security Testing and Evaluation

Telos cybersecurity consultants leverage their background in networking, systems deployment and support, architecture, and an extensive library of compliance and security test scripts to evaluate and test the security of your network. By using our experience, as well as in-house, commercial and open source tools, and penetration-testing techniques, we can evaluate the security of your system from multiple points of view to ensure that defense-in-depth security strategy is working properly.

Evaluations can be performed from multiple locations within and outside your network to thoroughly understand and explain the threats from each attack point to ensure the best return on investment for security and functionality.

Vulnerability Assessment

When Telos IT security consultants analyze a system, they perform security assessments of system design, implementation, and configuration; determine the adequacy of security measures; and identify security deficiencies. Our consultants then develop and implement solutions for rectification/mitigation of the vulnerabilities.  

We've led large-scale vulnerability assessments and network redesigns and chaired and participated in security working groups; researched, evaluated, and discovered vulnerabilities; and developed technical solutions to resolve them. We can also use our Xacta® IA Manager software to help accelerate vulnerability management and remediation business functions within and across an entire enterprise.  

Assessment and Authorization / Compliance and A&A

Leveraging our Xacta® IA Manager software, Telos consultants provide turnkey cybersecurity assessment and authorization (A&A) support in accordance with the DoD RMF, NIST, USGCB/SCAP, and CNSS 1253 standards, as well as service- and agency-specific standards.

We have performed A&As on more than 350 systems across the government, and have developed a methodology that significantly reduces life-cycle accreditation costs while improving risk profiles. We have been instrumental in including vulnerability assessment and mitigation suggestions/security safeguard solutions as a portion of an accreditation’s certification efforts to ensure a proactive risk management profile.

In addition to addressing A&A mandates, Telos' comprehensive standards-based security programs enable organizations to evaluate their security in accordance with the Federal Information Security Management Act (FISMA) and defined in the five-level Security Assessment Framework (SAF). Telos also supports compliance with regulatory requirements in the commercial sector such as GLBA, HIPAA, Sarbanes-Oxley, international standards such as ISO-17799, and industry best practices.

Malicious Code Analysis

Telos has developed automated and manual processes and procedures to ensure consistency and completeness in analyzing software source code for malicious code. We will review software source code to check for Trojan Horses, time and logic bombs, and back doors, as well as software flaws such as inadequate bounds-definition and software race conditions that could allow the software to be exploited.