InfoSec Compliance & Investigation

ACI Federal provides a comprehensive InfoSec investigation & compliance services and solutions to prevent, detect and resolve growing cybercrime, frauds and security incidents including digital forensics.

The global nature of the Internet has allowed criminals to commit almost any illegal activity anywhere in the world causing monetary and non-monetary losses to individuals, organizations and governmental entities. In order to tackle these new breed of cybercrimes, we at ACI Federal deliver comprehensive technical services to support domestic and international cybercrime investigations.

Over the years we have served wide variety of people and organizations with our cybercrime investigation service which includes healthcare, corporations, and government agencies.

ACI Federal’s Cyber Investigation services aims to ensure that the evidence collected in the process of a forensic investigation from any electronic communication media should be able to withstand legal scrutiny providing our clients with a seamless and holistic solution in the most complex cybercrime scenario. ACI Federal is backed by Cyber Security Professionals and highly certified staff which has the ability to take immediate action to solve our clients Information Security challenges with absolute confidentiality.

After a complete report of the incident is made and the source of the attack can be identified, all the information obtained during the investigation process can be transmitted to the agencies. The most common types of fraud and cybercrime incidents we investigate are:

Our Cyber Investigation Services Model: 

  • Tracing Attacker
  • Fraudulent Transactions
  • Web Hijacking
  • Online Identity Theft
  • Denial of Service Attacks
  • Social Network Crime Investigation
  • Insider Attacks
  • E-mail Tracking
  • IP Tracking
  • Computer Forensics
  • Mobile Forensics
  • Software Piracy
  • Phishing

InfoSec Compliance

ACI Federal, an ISO/IEC 27001:2013 (InfoSec) Certified Company, can assist in reducing the cost and complexity of implementing NIST security, risk management framework strategies, and processes. Our certified and cleared team will identify and implement the appropriate risk management and information assurance program necessary to insure the agency is compliant with NIST 800-53 standards, NIST 800-37 Risk Management Framework, insuring the organizations assets remain secure and protected. We cover the following NIST standards;

  • NIST SP 800-53 Recommended Security Controls for Federal Information Systems and Organizations
  • NIST SP 800-53a Assessing Security Controls
  • NIST SP 800-37 Guide for Applying the Risk Management Framework
  • NIST SP 800-48 Wireless Network Security
  • NIST SP 800-35 IT Security Services
  • NIST SP 800-42 Guideline on Network Security Testing
  • NIST SP 800-50 IT Security Awareness and Training Program
  • NIST SP 800-34 Contingency Planning for IT Systems
  • NIST SP 800-41 Guidelines on Firewalls and Firewall Policy
  • NIST SP 800-44 Securing Public Web Servers
  • NIST SP 800-45 Email Security
  • NIST SP 800-47 Interconnection IT Systems

FISMA requires each U.S. government agency to develop, document and implement an agency-wide program to provide information security for the information systems that support the operations and assets of the agency, including those provided or managed by another agency and contractors. Agencies have to meet the specific requirements established by NIST in support of the FISMA requirements and be able to provide a risk-appropriate level of assurance that critical information security controls are operationally effective and producing the intended outcomes. ACI Federal has the experience in assisting with implementation, design, authorization and configuration of FISMA.

  • Initiation Phase – preparation; notification and resource identification; and system security plan analysis, update, and acceptance
  • Security Certification Phase – security control assessment and security certification documentation
  • Security Accreditation Phase – security accreditation decision and security accreditation documentation
  • Continuous Monitoring Phase – configuration management and control, security control monitoring, and status reporting and documentation