CORPORATE CAPABILITIES BRIEF 2020
H2L Proprietary | 3
▪ Headquarters: Huntsville, Alabama
▪ Established in 2014
▪ HUBZone Certified, Service Disabled Veteran Owned Small Business
▪ Providing cybersecurity and information assurance services and support
▪ Strengthening your defenses and helping you build a stronger, more secure America.
COMPANY OVERVIEW
CO DES
DUNS: 079515723
CAGE: 7ASU4
NAICS: 541330, 541512, 541513, 541519, 541611, 541614, 541690, 541990, 561110, 561210, 561499, 611420
Defending America. It’s at the core of who we are.
H2L Proprietary | 4
MISSION & VALUES
Our Mission
To be the most trusted provider of professional, technical, and program management cybersecurity services for our customers and to ensure customer success and satisfaction in all that we do.
Core Values
▪ Integrity and the highest ethical standards▪ Excellent Service to the Warfighter, customers, and the public▪ Loyalty to the corporate mission, employees, and customers▪ Teamwork and providing a positive work environment▪ Performance with professionalism and recognition of results
H2L Proprietary | 5
H2L Solutions is committed to total customer satisfaction through delivery of high quality services.
Certifications in Progress
▪ ISO/IEC 27001:2013
▪ ISO/IEC 20000:2011
▪ PMI Project Management Professional (PMP)
▪ Individual certifications for our key Project Managers
QUALITY INITIATIVES
Staff Certifications
▪ Security Management: CISSP, CISM, CASP, Security+, GIAC GSEC
▪ Networking, OS, and software: Network+, CCNA, Linux+, Microsoft
▪ Penetration Testing: CEH, PenTest+, GIAC GPEN
▪ Forensics and Incident Response: ACE, GIAC (GCFA, GCIA, GCIH)
H2L Proprietary | 6
▪ Vulnerability Assessments
▪ Penetration Testing
▪ Red Team Services
▪ Information Assurance
▪ Network Security
▪ Security Awareness Training
▪ Policy & Process Development and Documentation
▪ Customized Hardware/Software Solutions
▪ Security Staff Augmentation
▪ Risk Management Framework (RMF)
▪ DFARS 252.204-7012 Security Assessments
▪ NIST SP 800-171 Assessments
▪ ICS & SCADA Security (UFC, UFGS)
▪ FAR 52.204-21 Assessments
▪ PCI Security Assessments
▪ HIPPA Security Assessments
CORE COMPETENCIES
COMPLIANCE SERVICES CYBERSECURITY SERVICES
H2L Proprietary | 7
FEATURED SERVICES
▪ Compliance GAP Analysis
▪ Policies & Process Development and Documentation
▪ CUI Data Classification & Management
▪ Cyber Incident Response Plan Development
▪ Subcontractor Compliance Management
▪ NIST 800-171 Implementation
▪ Vulnerability Assessment
▪ Security Consulting
DFARS 252.204-7012
▪ RMF Categorization Guidance
▪ Migration from DIACAP to RMF
▪ RMF Implementation Plan
▪ Risk Assessment
▪ Package Creation
▪ Artifact Development
▪ System Security Plan
▪ STIG Implementation
▪ IAVA updates
▪ eMASS Navigation
▪ POA&M Management
RISK MANAGMENT FRAMEWORK (RMF)
H2L Proprietary | 8
FEATURED SERVICES (CONT.)
▪ On-Site Pre-Inspections
▪ Automated and Manual STIG Checklists
▪ Recommendations for Mitigation or Remediation
▪ SCAP, ACAS/Nessus Scans
▪ Personnel Interviews
▪ Physical Security Walk-Throughs
▪ eMASS Subject Matter Expertise
▪ Documentation Review
▪ Review of Self-Assessment of Controls
▪ Risk Assessment Workbook (RAW)
▪ Support during Design, Construction, and Commissioning
▪ Implementation of UFC 4-010-06
▪ Unified Facilities Guide Specifications (UFGS) Tailoring for Facility-Related Control Systems (FRCS)
▪ Security Controls Selection and CCI Lists
▪ Policies and Plans (e.g. SSP, POA&M, SAP)
▪ Equipment Hardening
▪ Scans and Checklists
▪ Performance and Functional Testing
ARCHITECTURE & ENGINEERING
SECURITY CONTROLS ASSESSMENTS
H2L Proprietary | 9
FEATURED SERVICES (CONT.)
▪ Identify Security Requirements
▪ Implement Best Practices
▪ Product and Application Development
▪ Implementation of SDLC Models to Manage Engineering Projects
▪ Troubleshoot, Debug, and Implement Software Code
▪ Meet Software Assurance Requirements
SOFTWARE DEVELOPMENT LIFECYCLE
▪ Red Team Services
▪ External Penetration Tests
▪ Internal Penetration Tests
▪ Web Application Tests
▪ Social Engineering Campaign
▪ Phishing Campaign
▪ Executive Report
▪ Technical Report
▪ Mitigation Strategies
▪ Technical Recommendations
PENETRATION TESTING
H2L Proprietary | 11
What We Provide ▪ Full RMF Support (IAVA Updates)
▪ Software Development Plan
▪ Configuration Management Plan
▪ Account Management procedures
▪ Roles Based Access Permission description
▪ System Backup and Restoration procedures
▪ User Manual(s): System Administrator and Maintainer
▪ Information System Design Architecture documentation
▪ Cybersecurity Vulnerability Management Software Maintenance Plan
▪ Tactical Public Key Infrastructure (TPKI) Implementation Analysis
▪ Host Based Security System (HBSS) Implementation Analysis
JLTV and FMTVA2( J o i n t L i g h t T a c t i c a l V e h i c l e a n d F a m i l y o f M e d i u m T a c t i c a l
V e h i c l e s A 2 )
H2L Proprietary | 12
What We Provide ▪ Electronic Security System (ESS)
▪ Network and Dataflow Diagrams
▪ HW/SW and PPS Lists
▪ Switch Configuration
▪ STIG Checklists
▪ Continuous Monitoring
▪ HVAC, Fire Suppression System, DDC/BMS
▪ Review of Charrette Report
▪ Cybersecurity Consulting
US ARMY CORPS OF ENGINEERS
H2L Proprietary | 13
What We Provide ▪ Facility-Related Control Systems – HVAC,
ESS (Physical Access Control, Closed-Circuit Television System, Intrusion Detection System), Lighting Control System, Automatic Transfer Switch, and Generator
▪ Tailored UFGS and CCI lists
▪ Diagrams, Policies, and other Artifacts
▪ MicroGrid
▪ RMF consulting and package creation
NAVFAC
H2L Proprietary | 14
What We Provide
▪ Independent Verification & Validation
▪ Review System Artifacts
▪ eMASS Control Validation
▪ Risk Assessments and Analysis
▪ Review SSPs, ATOs, ACTs, IATTs
▪ Conduct CCRI Preparation
▪ Conduct Vulnerability Controls Validations Tests (CVTs)
▪ Perform Compliance Checks
MISSILE DEFENSE AGENCY
H2L Proprietary | 15
What We Provide
▪ Risk Assessment
▪ RMF Categorization Guidance
▪ Perform Vulnerability Scanning
▪ STIG Testing, Hardening, and Documentation
▪ Implementation Plan
▪ Package Creation
▪ Artifact Development
▪ eMASS Navigation
▪ POA&M Management
RANGE REPLACMENT RADAR PROGRAM (RRRP)
H2L Proprietary | 16
What We Provide
▪ Cyber Penetration Testing of Ground Combat Systems, Tactical Vehicles, Robots, and Autonomous Systems
▪ Determine Cyber Vulnerabilities and Gaps
▪ Identify the Potential Attack Surface/Vectors
▪ Develop Interrelated SOPs, Report Templates, and Draft MOAs to Streamline Operations
▪ Software Development Expertise
▪ Information System Security Management (ISSM) Subject Matter Expertise
GROUND VEHICLE SYSTEMS CENTER (GVSC)
H2L Proprietary | 17
What We Provide
▪ Cybersecurity engineering for avionics components integrating into Air Force cargo planes
▪ Secure integration of the ADS-B out systems for Air Force platforms
▪ Led the effort to integrate digital signing of update packages for aircraft avionics software
▪ Army-related work was developing a secure field-loadable mechanism for the apache/uasteaming hardware
AVIATION EXPERIENCE
H2L Proprietary | 18
What We Provide
▪ Cybersecurity for the Navy’s new class of fleet replenishment oiler, the future USNS John Lewis (T-AO 205)
▪ Account Management, Identification and Authentication
▪ Removal of Unnecessary Services, Programs, and Accounts
▪ Hardware Configurations
▪ System and Information Integrity
▪ Audit and Accountability
▪ System and Communications Protections
▪ Configuration Management
▪ Software Assurance
SaCoS o n e
( S a f e t y a n d C o n t r o l S y s t e m o n e n g i n e )
H2L Proprietary | 19
Pre SCA-V
What We Provide▪ Technical Scans
▪ Manual Reviews
▪ Documentation Review
▪ Completed STIGs including Manual Review
▪ Completed ACAS/Nessus Scans
▪ Review of eMASS Self-Assessment/Documentation
▪ All deliverables given to the client at the end of the pre-validation event or within 2 weeks of the last day on-site
MTRS Inc-II
CRS-I
JAB
H2L Proprietary | 21
SPARTAN SECURITY SOLUTION
▪ Complete Security Solution
▪ Intuitive Interface
▪ Google Design Standards
▪ Customizable Dashboards
▪ Multiple Frameworks
▪ CMMC
▪ NIST 800-53
▪ Plug-and-Play Modules
▪ Dynamically Generates Artifacts
▪ Notifications and Timelines
▪ Trend Analysis/Progress Tracking
Reduce time spent on paperwork so you can focus on actual cyber analysis!
Risk Management Framework (RMF)
NIST 800-53
Cybersecurity Maturity Model
Certification (CMMC)
H2L Proprietary | 22
SMEs in Safeguarding CDI, DFARS 252.204-7012, NIST
800-53, & NIST 800-171
Competitive Pricing
Devotion to Customer Satisfaction
Expertise in Cybersecurity Governance, Risk, and
Compliance
50+ Years Experience Working w/ State & Federal
Government
SOLUTIONS DIFFERENTIATORS
H2L Proprietary | 23
We have a passion for giving back to the community.
That is why H2L Solutions is dedicated to helping so many non-for-profits; to help change lives and improve our community.
To date H2L has given to more than 40 different organizations that help the community in one way or another.
COMMUNITY INVOLVEMENT
Our Company and employees are actively involved in contributing to the greater Huntsville community.
H2L Proprietary | 26
Jonathan HardChief Executive Officer
CONTACT US
w w w. h 2 l s o l u t i o n s . c o m