Edwards plays a role in nearly every aspect of the Cybersecurity Maturity Model Certification (CMMC) ecosystem — training and education, audits, and certification. Currently, Edwards supports Organizations Seeking Certification (OSC) as a Registered Provider Organization (RPO) and Certified Third Party Assessment Organization (C3PAO), providing CMMC-AB approved assessments, consulting, and audit preparation through our proprietary Compliance Assessments. We are also Licensed Training Provider (LTP) and Licensed Partner Publisher (LPP), developing training and providing CMMC-AB certified classes to organizations and individuals planning to take CMMC-AB certification exams or utilize other LPP curriculum. View our full services on our CMMC page.

Compliance Assessments provide a baseline of information systems and assets to identify organizational risks. Our assessments (HIPAA, CMMC, NIST, DFARS, etc.) uncover the gaps to help you understand your risk posture and management strategies – establishing a plan of action based on business needs. We identify the information and processes critical to your success, and determine your risk tolerances. The result is meaningful artifacts, to accomplish corporate objectives. Our assessments also consider regulatory, compliance, and industry best practices. Our standards-based methodology focuses on assessment and risk mitigation at the enterprise and individual systems level.

The majority of security attacks are not targeted − cybercriminals pursue vulnerabilities. Continuous Assessment – Offensive Services (CAOS) provides a real-time approach to penetration testing and vulnerability management.

Our in-house Senior Penetration Tester mirrors the cadence of actual cybersecurity attacks through proven campaigns, operations, and tasks. While CAOS is designed as a continuous assessment, we also offer point-in-time assessments and phishing campaigns as an additional attack vector. Understanding that the most common attack vector is email, we also offer phishing campaigns to ensure your team is aware of common attacks and help you identify opportunities for internal training.

Risk management requires a continuous process of assessing, monitoring, and mitigating potential threats. Edwards’ approach develops a baseline of your organization, with further updates to mature our understanding of your business risk. Risk Management as a Service (RMaaS) provides risk assessment, compliance assessment, and cybersecurity risk management services, tailored for your business and organizational needs, including:

• Continuous Security Risk Assessment Services (compliance oriented)
• Continuous Vulnerability Analysis and Penetration Testing
• Security Project Planning and Monitoring (Plan of Action and Milestone [POAM] Management)
• Enterprise-Wide Security Program Maturity Assessment and Dashboard Management
• Vendor Risk Management

Risk management requires a continuous process, but ensures consistent processes and makes onboarding additional systems more efficient and cost effective. Helping you achieve business goals and reduces your risk posture for continued success.

Edwards helps you build a business focused cybersecurity program – continuing to support that program throughout management and governance. Our solution provides a roadmap to develop and refine a strategically oriented, business focused information security program. We approach security from every angle, ensuring our solution addresses Risk, Compliance, Policy, Security Project, and Vulnerability Management.

Security as a Service is an increasingly go-to option among enterprises to add value to the management, implementation, and oversight of cybersecurity complexities. Our in-house cyber team brings decades of security program, CISO, penetration testing, and assessment experience.

We utilize a “Governance” model to guide and manage the full cybersecurity picture, specific to your organization. We also provide reporting through dashboards, delivering strategic insight into the health and maturity of your program throughout its lifecycle.

Our Security Governance as a Service offering provides your organization the support you need to improve your overall cybersecurity program. Our team approach provides you the right resources at the right time to accomplish your security objectives. Our team of professionals work routinely with organizations to provide essential cyber security support in a more efficient and affordable service model.

An incident response plan ensures you have the right tools in place in the event of a security breach. A cybersecurity incident can be daunting, and if the response has no structure then the potential outcome could result in damage to your organization – both internally and externally.

Our team brings extensive cybersecurity expertise to fully equip your organization with the tools needed to be prepared for every outcome. Having an incident response plan allows for a structured investigation to take place to provide a targeted response to contain and remediate the threat