U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES | COMPUTER SECURITY INCIDENT RESPONSE CENTER SERVICES (CSIRC)

B&M is providing Department-level 24x7x365 Security Operations Center (SOC) and Network Operations Center (NOC) support to HHS. B&M is responsible for continuous monitoring, detection, analysis, and response support activities across HHS networks and systems, supporting a large, complex Federal enterprise environment. Under this contract, B&M successfully transitioned SOC/NOC services from the incumbent contractor without disruption to ongoing 24x7x365 security and network monitoring and response activities. During the transition, B&M conducted a comprehensive current-state analysis of existing SOC and NOC processes, resources, and capabilities to ensure continuity of operations and alignment with HHS mission requirements. B&M established governance mechanisms to monitor performance, defined and implemented enhanced SOC and NOC performance metrics, and developed an SOC/NOC Enhancement Roadmap to guide continuous improvement of SOC and NOC processes, capabilities, and performance throughout contract execution.

U.S. GOVERNMENT PUBLISHING OFFICE | ZERO TRUST ARCHITECTURE (ZTA)

B&M is providing robust technical engineering and dedicated operational support to GPO for the implementation, maintenance, and maturing of GPO’s ZT capabilities. We worked with GPO security and IT teams to evaluate their current ZTA capabilities within each pillar (Identity, Device, Network, Application/Workload, Data) and cross-cutting capability (Visibility/Analytics, Automation/ Orchestration, Governance), leveraging the CISA Zero Trust Maturity Model. Based on the results of this analysis, we developed and supported the implementation of a roadmap to strengthen ZT capabilities in alignment with GPO policy and NIST guidelines (SP 800-207). This includes strengthening GPO’s alignment to ZT principles and ZTA requirements at the organizational, functional area, and system levels, through a series of immediate (0-6 months), near-term (6-12 months), medium-term (1-3 years), and longer-term initiatives designed to achieve quick-wins with existing capabilities while also guiding strategic longer-term initiatives.

U.S. DEPARTMENT OF AGRICULTURE | FOOD, NUTRITION, AND CONSUMER SERVICES

B&M is providing cybersecurity engineering, RMF, cyber defense, and program strengthening support to USDA FNCS through a comprehensive suite of cybersecurity services. Our team is providing technical security engineering, incident response (IR), and security operations support that includes configuring, maintaining, and enhancing the Agency's IT security tools; providing security engineering and architecture support, including zero trust implementation; providing 24/7 IR identification, investigation, and reporting support; performing web application scanning; designing and implementing ISCM capabilities and dashboards; and providing overall vulnerability management support for the Agency. B&M is also providing RMF implementation and strengthening support; performing targeted control assessments of Agency IT systems; and providing ongoing compliance and audit liaison support.

U.S. DEPARTMENT OF AGRICULTURE | FOREST SERVICE

B&M is providing security and risk awareness support to the USDA Forest Service, including asset inventory development and maintenance, vulnerability dashboarding and reporting, secure configuration compliance monitoring, security architecture and engineering, application monitoring dashboarding and reporting, and monitoring of GFE laptops and phones provisioned for international travel.

U.S. DEPARTMENT OF HOMELAND SECURITY | OFFICE OF THE INSPECTOR GENERAL

B&M is providing advanced cybersecurity assessment and IT audit support services to the Department of Homeland Security Office of the Inspector General. Our support includes planning and conducting advanced cybersecurity assessments and penetration testing for critical DHS systems, applications, programs, and facilities.

FEDERAL DEPOSIT INSURANCE CORPORATION (FDIC)

B&M provided program strengthening support to the FDIC through a systematic review and overhaul of internal controls, security services, and procedures. B&M was asked to develop recommendations and strategies to strengthen IT program structures, policies, procedures, methodologies, and capabilities in alignment with Federal requirements, as well as leading industry practices. B&M also provided compliance program support that includes assistance with GAO/DHS/OMB data calls and reporting; audit liaison response support; and briefing development.