Our consultants implement security policy and procedures that protect information systems, computer systems and networks.  We work to maintain confidentiality, integrity, availability, authentication, and nonrepudiation in line with applicable laws, directives, Executive Orders, policies, national standards, or regulations.

Our consultants conduct Security Control Assessments (SCAs) on your information system, computer system, and network. An SCA will test and evaluate the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly based on the National Institute of Standards and Technology (NIST) and industry best practices. The JMB Consulting Group, LLC will help determine if the controls are operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. 

Our consultants will conduct penetration  testing with your written consent and on agreed terms to strengthen your security posture against malicious hackers, threats to data , personally identifiable information (PII), and privacy. Short phrased as “pen test,“ we will perform a simulated cyber attack against your computer system to check for exploitable vulnerabilities and identify security gaps.

Our consultants will implement the NIST Risk Management Framework (RMF) which is a risk-based approach that integrates security and risk management activities into the system development lifecycle. RMF is a risk-based approach to security control selection and specification that considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations. Within the RMF implementation we will work to ensure that NIST Special Publication 800-series is incorporated in each step tailored to your effort, project and organizational goals. We also support assessment and authorization (A&A)/ certification and accreditation (C&A) to ensure your systems get a full Authority to Operate from the Authorizing Official (AO). 

Our consultants will work with your stakeholders to identify your organizational requirements and assist and develop information security documentation. The examples of information system security documentation that might be required by your organization include but not limited to the following:

• Information System Contingency Plans (ISCPs)
• System Security Plans (SSPs)
• Notification of Change (NOC)
• Planned Change Comparafive Analysis (PCCAs)
• Privacy Impact Assessments
• Security Categorization Forms
• e-Authentication Risk Assessments
• Security Assessment Results Briefings for executive-level audiences 
• Authorization Boundary 

Our consultants will help you identify hardware, software and other needed supplies to ensure your organization is reaching optimal performance. We support the armed services, state, local, federal and tribal governments.  The JMB Consulting Group, LLC is eligible to participate in the Department of Defense Indian Incentive Program (IIP).  The IIP offers. 5% rebate back to the Prime Contractor of the total contract awarded to The JMB Consulting Company, LLC as a subcontractor.