DMI has the capability to provide a full suite of Security Managed Services.

DMI provides Cybersecurity Services using a mix of DMI and partner services to complement our infrastructure and security managed services offerings.

We have 724 security engineers, architects, and analysts providing expertise that includes network traffic monitoring and vulnerability management. Our internal and partner-based security ecosystem allows DMI to offer consistent and constant monitoring of critical systems such as servers, switches, routers, web sites, and applications.

DMI works closely with our clients to recommend national level strategies, outreach programs, and risk analysis methodologies.

We develop strategic, tactical, and implementation plans, charters, roles and responsibilities, program plans, and other IA documentation to promote accurate communication and facilitate responses by relating cybersecurity goals and objectives. Upon commencement of a DMI engagement, DMI gains an initial view of the customer’s IT environment through a vulnerability assessment and penetration testing, as well as regulatory compliance reporting. DMI utilizes these outputs to customize the transition to proactive ongoing security management and monitoring.

Our holistic approach to managing cyber risks is reflected in our cybersecurity Risk Management Framework (RMF).

DMI’s framework stems from applicable laws, regulations, and client guidance. The focus area of this team will be implementing the NIST SP 800-37 Rev 1, Guide for Applying the Risk Management Framework (RMF) to Federal Information Systems: A Security Life Cycle Approach.

We follow the RMF to evaluate threats to determine acceptable risk using Federal and industry information derived from continuous monitoring, and threat statements. Another step is to determine how to cost-effectively mitigate risk based on the intrinsic value of information and importance of the mission/function to be supported. This leads to the identification of controls to be implemented and residual risk in a cost-contained environment. The next step is the implementation of cybersecurity controls and their responsiveness to changes in the threat profile based on continuous monitoring. Finally, a risk review is provided to ensure program and staff offices are working within the framework, individual risks are communicated, and an enterprise view of acceptable risks is provided to our clients.