DTS provides tailored, scalable cyber solutions for every stage of the cybersecurity lifecycle and every level of involvement. We can fully manage your security program, provide fractional CIO and CISO leadership, augment your staff or other IT resources, or serve as a third-party review.
Security Reviews and Assessments
Our thorough reviews compare your current cybersecurity posture to required compliance or best-practice standards. Security reviews can inform your compliance strategy or help you prepare for an audit or certification assessment.
We work with you, explaining each standard or practice, detailing what is required of your organization and leadership, identifying gaps in your practices, and providing remediation options.
Use DTS services for a one-time review or as the first step in your compliance journey.
Our review process includes:
- Review of organizational and systems environment
- Architecture review of technology, vendors, and services
- Explanation of future certification audits or assessment processes including documentation and personnel requirements
- Detailed assessment report with remediation recommendations
- Third-party assessments
Remediation and Compliance
DTS helps you transform your cybersecurity posture to become compliant with government or industry standards. We are a cost-effective single source for all of the system, process work, and documentation you’ll need for a CMMC assessment, ISO 27001 audit, or other certification.
Every project is unique, not a package stuffed with extras you don’t understand and don’t need. We tailor our scope of work to your needs, including reviewing and updating policy and procedures, writing POA&M, compliance documentation, and employee training. Compliance doesn’t happen in days – DTS guides you through the entire process, which often takes weeks or months, depending on your current security posture and appetite for cultural change.
Our CISSP-certified cybersecurity experts work directly with you and any internal resources you have. DTS can even become your Managed Security Service Provider or provide training for self-supported monitoring.
- ISO 27001/27002
- Zero Trust
- SOC2 – Types 1 & 2
Any company that performs contract work for the DoD and handles Controlled Unclassified Information (CUI) is required to be compliant with DFARS 252.204-7012. Clause 7012 isn’t new; it’s been finalized since 2016. Many companies assume it applies only to those contracts where its specifically mentioned, but under the Christian Doctrine, it is part of every DoD contract whether or not it is explicitly included, and compliance is required of all those handling CUI.
It’s ultimately the contractor’s responsibility to be aware of whether they are handling CUI in the performance of their contracts and to provide adequate security, as well as proof of their security steps.
Contractor security requirements are shifting toward CMMC certification, where a third-party verification/certification will replace most self-attestations. Since CMMC Level 1 & 2 aligns with NIST 800-171, contractors can prepare with a gap analysis or remediation to close POAMs, documentation, and leadership-focused education around the assessment process and requirements. DTS helps contractors create a strong cybersecurity stance that meets all the standards and protects the business from new or evolving attacks.
When it comes to compliance, if it isn’t documented, it isn’t happening.
For NIST SP 800-171, ISO 27001, and other standards, meeting the objectives isn’t enough; organizations must also document their compliance, write System Security Plans in the correct format, and provide objective evidence of meeting each of the required controls – a step that is rarely considered in the early days of remediation.
Having DTS lead documentation saves time and reduces frustration. Our program is a guided process that includes expert assistance, customizable templates, and insight into your organization’s compliance with all assessment objectives.
For CMMC and ISO 27001 certification and other recognitions of your security posture (including SPRS scores and self-attestation), your organization needs proper documentation to prove your compliance. This includes:
- System Security Plan (SSP)
- Data Flow Diagram/System Architecture
- Incident Response Plan
- Policies and Procedures
- Plan of Action & Milestones (POAM)
- Other Tracking Documents, Lists, and Certificates
DTS is a Certified AvePoint Professional Services Partner (CAPS) for AvePoint Fly. We use AvePoint Fly Server and AvePoint Fly SaaS migration platforms to transfer data from one information system to another. AvePoint Fly Saas is FedRAMP Moderate and meets the needs of government organizations needing to migrate their data to the cloud per Executive Order (EO) 14028.
AvePoint Fly can also be utilized in response to mergers, acquisitions, divestitures, or other data restructuring needs.
We use AvePoint Fly to move, migrate, and consolidate legacy systems, cloud files, mail, and Microsoft Office 365 tenants into Microsoft Office 365 and SharePoint while maintaining data integrity and rigorous security. It can be used for on-premises to cloud or cloud-to-cloud.
AvePoint Fly can be used to migrate data from the following systems into a Microsoft 365 cloud environment
- On-Premises SharePoint
- File Server
- Another Microsoft 365 cloud environment
For those utilizing PreVeil, we offer a migration tool that enables customers to migrate files from various data sources into their PreVeil drive, typically to help meet compliance requirements. DTS supports this process during onboarding of the PreVeil tool.
Combining the roles of a Managed Network Services Provider (MNSP) and a Managed Security Service Provider (MSSP), DTS delivers value with an eye for continual improvement and operational efficiency. Our expert team keeps you ahead of threats with services for monitoring and maintenance, policies, procedures, training, and emergency response.
DTS can tailor services to your needs and augment self-managed cybersecurity. We help small and medium-sized businesses, especially those involved in government contracting, explore their options and provide the framework and support for success.
Our security-focused managed services can include:
- On-premise hardware configuration
- Security configuration management
- Maintain and review audit logs and documentation
- Security automation
- Software updates and security patches
- Continuous monitoring
- Security incident response
- Emergency response
Self-managed vs. Cybersecurity as a Service
Considering managing your network and cybersecurity program yourself? It takes a staff of knowledgeable, experienced, key personnel to maintain compliance by conducting monitoring and logging activities, regular audits, vulnerability scans, and any security incidents. Plus, someone to head up security training for staff. SMBs often can’t invest in those salaries and maintaining the knowledge base.
If you’re considering self-management, talk to DTS to understand the scope of the commitment, get the ad-hoc support you may need, or schedule our team to provide an audit or security assessment to verify and validate your program.
Cybersecurity threats are constantly evolving, and that’s why many requirements, including NIST SP 800-53 & NIST SP 800-171, include provisions for for the organization to verify it is continuing to meet the cybersecurity requirements in between assessment periods. DTS can help manage these extra steps and scheduled reviews for organizations without cybersecurity talent on staff.
What’s required? Continuous monitoring, like that in CMMC practice CA.L2-3.12.3, requires organizations regularly verify the continued effectiveness of all cybersecurity controls.
What’s at risk? When senior executives self-attest to compliance, they should be doing so based on continuous monitoring results. Depending on the regulation, they can become personally liable if they attest compliance and have a reported breach or data loss triggering a DOJ investigation.
Compliance monitoring services from DTS provide a well-organized, well-documented system for demonstrating and recording your compliance. We drive towards continual improvement and operational efficiency while providing confidence that your organization is fully conforming with NIST 800-53, NIST 800-171, CMMC, ISO 27001, and any other industry regulations you follow.
System Security Plans (SSP) and proof of ongoing monitoring and maintenance will be required for CMMC certification and recertification audits with “maturity” requirements.
Fractional CIO and CISO
A fractional Chief Information Officer (CIO) or Chief Information Security Officer (CISO) from DTS is an experienced, multi-faceted senior technology executive who can serve part-time or as needed.
This leadership-as-a-service offering leverages the IT and cybersecurity expertise and perspective of a senior executive without the time, commitment, or high cost of a full-time hire. Use a DTS fractional leader to determine and implement your broad technology agenda, adjust to or plan for growth, benefit from leading-edge technologies, or manage compliance.
Our fractional leaders typically serve several companies, managing day-to-day IT operations, resources, and staff as well as the alignment between the business and technology.
- Cybersecurity and business alignment
- IT or cyber leadership and management
- Current technology landscape
- Key performance metrics definition
- Performance status reports
- ROI evaluation and budgeting
- Resource management
- Service provider partnerships management
- Risk management
- Processes design and optimization
- Standards and policies
- Security and compliance management
- Contract renewals
- Board advisory
Licenses and Partnerships
As a one-stop source for your cybersecurity needs, DTS actively and continuously scans the industry for best-in-class partners and licenses. We help you choose licenses that meet your needs, preferences, and budget and offer wrap-around services for flawless integration.
DTS is vendor-agnostic, meaning our recommendations aren’t based on, or limited to, what our current partners offer. Rather, we focus on what you need and want. We’ve done our homework to identify cybersecurity and secure data storage solutions, including:
- Data migration
- Enterprise architecture
- Integration of multiple operating systems: Android, macOS, iOS, Windows, Linux
- Data restoration
- Cloud-to-cloud backups
- On-premises backups
- Microsoft environments for commercial, GCC, GCC High, and Azure
At DTS, we emphasize the necessity for everyone in your organization to receive training in cybersecurity. No business can assume that employees know or follow proper cyber hygiene in their personal lives. Allowing them to connect personal devices to your network or use company resources without training is taking a big chance.
Growing a cybersecurity knowledge base within your organization does three things:
- Strengthens the first line of defense against cyber threats
- Helps embed a security mindset into the organization’s culture
- Develops security stance as a competitive advantage
Our consultants can recommend cybersecurity training content or guide your organizations through a needs evaluation and curriculum and materials development. For cyber basics and awareness, companies should plan for cybersecurity training every four to six months, covering new schemes and tactics bad actors use. Certification requirements range from classroom hours to continuing education credits to retesting.
Continuing education is an element of the employee experience that can been seen as a burden or a boost depending on the quality and applicability of the training offered. DTS’ training and learning enhancement solutions deliver the right information at the right time, using methods that are convenient, engaging, and memorable to drive a culture of security.
- Employee manuals and policies
- Lunch and learns, webinars, coaching
- Audio, video, and digital content
Real progress requires real numbers.
Take the first step by completing our cyber assessment questionnaire. Request yours today.