Cyber & Technology Solutions
Delivering Innovative Solutions and Services that Embraces Digital Transformation, Addresses Emerging Needs, and Secure What Matters
Enabling compliance for Government Contractors as an Authorized RPO and C3PAO
Delivering tomorrow’s solution for today’s problem with secure, reliable, and efficient software, tools, and technologies
Protecting Industrial and Distributed Control Systems, IoT and Smart Technology with Cyber Resilience
- Compliance Assessments
- Authorization Packages
- Secure Operations
- IT Transformation
- Software Engineering
- Research & Development
- ICS Security Solutions
BGS conducts compliance assessments to address (CMMC, NIST, etc.) governance needs and ensure mission assurance. With a comprehensive cross walk to facilitate multiple compliance frameworks, we assess for both compliance and effectiveness by examining documentation, interviewing key individuals, and testing through activities such as penetration testing to compare actual behavior with expected behavior. We develop a roadmap to address deficiencies and implement best practices to address security beyond compliance. BGS performs:
Federal Compliance Assessments – for Government boundaries
Cybersecurity Maturity Model Compliance (CMMC) – for Corporate information systems processing Government data
Corporate Cybersecurity Assessments – for Corporate environments that do not process Government data
Cloud Security Compliance – for public cloud, private cloud, hybrid cloud, or FedRAMP boundaries
Software Application Security Assessments
Safety Software Assessments
Authorization Package Development
Federal agencies require that all information systems, industrial control systems, and major applications submit an approved Authorization Package to obtain an Authority to Operate (ATO). Based on compliance requirements and mission needs, BGS creates authorization packages. The Risk Management Framework (RMF) is used to facilitate the security authorization process.
Temp network for Contract Transition
Establishing new boundaries
BGS provides secure operations capabilities on-premise, in a secure cloud environment, and/or in a hybrid environment. Our secure operations include enterprise security, industrial control security, IoT Security, all with the capability to provide Security Operations Center (SOC) development and management. The SOC is dedicated to proactively stopping cybersecurity threats by providing expert staff, effective processes and efficient technologies to monitor and respond to security events.
- Threat Intelligence
- Response Actions
- Customized Notifications & Alerts
- Data Aggregation, Correlation, & Visualizations
- Incident Response Play Book
- Threat Hunting
- Security Information and Event Monitoring (SIEM)
Classified Computing & SCIF Capabilities
BGS designs and manages Classified environments at various client sites. We have a large pool of Q/TS-SCI Cleared resources who support secure missions. In addition, the BGS Corporate Headquarters supports SCIF capabilities to facilitate support within our facility to process information at approved levels.
IT Transformation and Modernization
The BGS approach focuses on revitalizing people, processes, and technology to position the organization to quickly deliver services and solutions in response to changing needs and missions. Aligning the Strategic Direction, Operating Philosophy, Technology, and Processes eliminates the barriers between departments and allows the IT/Cyber organization to move beyond a support role to enabling mission success.
BGS provides agile Software Engineering services, while ensuring quality assurance methodologies are utilized. With our extensive experience and capabilities in the Nuclear Technology industry, we have developed robust software engineering processes and procedures, including those which utilize an NQA-1 approved program. For customer engagements, we utilize their preferred methodology, processes, and procedures. Our Software Engineers commonly utilize DevSecOps and/or SAFe methodologies.
DevSecOps combines security requirements with the development process to support secure, agile development. The resulting product integrates security and engineering, allowing for Security by Design.
SAFe – Scaled Agile
SAFe focuses on delivering an agile development product on a predictable schedule, resulting in faster time to market, while increasing the quality level.
Research & Development
Technology advancements and emerging technologies drive capabilities while increasing challenges. As technology enables the opportunity to work faster, smarter, and more “connected,” the challenge becomes technology integration, leveraging investments, compliance requirements, and staying competitive. In this area, BGS:
- Supports technology partners in evaluating new technology for compliance and integration needs
- Develops targeted, secure, customized solutions
- Tests products and the integration of multiple product lines
Industrial Control System Security
Industrial Control Systems are integral to securing critical infrastructure, with continual increasing challenges and risks from cybersecurity threats. BGS is teamed with ICS industry leaders to ensure that the right mixture of solutions, processes, and resources are utilized to protect Industrial Controls, Distributed Controls, and Internet of Things (IoT). BGS focuses on: Asset Inventory, Configuration Control, and Visibility of Changes; Identification and Characterization of Risk; Understanding the Organizational Risk Tolerance Level; Tailored Security Controls; Monitoring communications; Physical Security Controls; and improving the ICS Network Architecture.
BGS leverages innovative mechanisms to secure Industrial Controls and increase visibility. Examples include:
- Virtual machine technologies
- Engineering segmented architecture
- Security monitoring technologies specializing in ICS monitoring methods
- ICS intrusion detection and prevention systems
- Security Information and Event Management (SIEM) technologies
- ICS cloud Security Operation Centers in a secure BGS cloud
- ICS supply chain management
Boston Government Services Cybersecurity and Technology team members Bridgitte Mase, Ron Ford, Jon Truan, and Jared Chambliss presented and led various discussions on cybersecurity and innovation at the 2022 DOE Cybersecurity and Technology Innovation Conference held...
Oak Ridge, Tennessee - Boston Government Services, LLC (BGS), headquartered in Oak Ridge, TN, is the fourth company in the nation to pass the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC). BGS is now a certified CMMC Third Party...
Providing NASA Pu-238 production system support services for ORNL to re-establish production of Pu-238, which uses isotopes to power deep space exploration probes. Supported development, automation, and system integrations of multiple technologies (IoT, databases,...
BGS performed Blue Team penetration testing and gap analysis of cyber defenses at two National Nuclear Security Sites. We are now working to modernize the IT infrastructure and increase cyber resiliency for the unclassified and classified networks. This project is...
BGS is the 4th company to be authorized by the CMMC Accreditation body to assess (C3PAO) a companies cybersecurity program for CMMC compliance. BGS can also perform a preliminary evaluation (RPO) to identify weaknesses, provide a roadmap to compliance and assist with...
Oak Ridge National Lab (ORNL): BGS supports the Wearable Intelligent Nuclear Detection Advanced Technology Demonstration (WIND ATD) Project by providing IT project management and software development services for the next generation of integrated, mobile, smart...