Security Auditing

AmVet provides both manual assessments including interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the systems, and automated assessments including system generated audit reports and monitoring software to identify and report changes to files and settings on the system.

Security Engineering

AmVet can provide detailed plans and designs for security features, controls and systems, that satisfy pre-defined functional and user requirements, but with the added dimension of preventing misuse and malicious behavior.

FISMA/Sarbanes Oxley Compliance

Using NIST developed standards, metrics, tests, and validation programs, AmVet can develop procedures to monitor the organization's security in delivering information systems and services. AmVet can perform periodic assessments to ensure ongoing compliance, and provide recommendations to strengthen the organization's compliance-related processes and procedures.

Penetration Testing

AmVet delivers an active analysis of a customer's system for any potential vulnerabilities. Any security issues that are found will be presented to the customer, together with an assessment of their impact, and with a proposal for mitigation or a technical solution.

Certification and Accreditation (C&A)

AmVet will help you prepare your Plan of Action and Milestones (POA&M), including estimated length of the approval cycle, identify key C&A approval personnel, identify your required resources, document authors and production schedule, and develop your test schedule and other supporting milestones. We will also help develop all required documentation to ensure your system is operating securely and safely, such as your System Security Plan, Federal Information Processing Standard (FIPS) 199 Security Categorization, Risk Assessment, Security Control Assessment (SCA) Test procedures, Privacy Impact Assessment, E-Authentication, Contingency Plans, etc. We will perform the Certification and Accreditation following NIST SP800-37 and your requirements for your systems, and Security Test and Evaluation on systems when required.