Bankowość i finanse
|CS.112
Cyber Risk Management in Strategic Investments
Supporting the general contractor of a U.S. military base construction in Europe in meeting CMMC 2.0 and RMF requirements for building automation systems.
Client
General contractor of a U.S. military base construction in Europe (U.S. DoD, USACE, NAVFAC contract)
Challenge
New U.S. Department of Defense cybersecurity standards required the contractor to simultaneously meet two frameworks: CMMC 2.0 for information protection and Risk Management Framework (RMF) for building automation systems (HVAC, access control, power). Non-compliance would prevent project acceptance.
Approach
CMMC 2.0 implementation
Development of the compliance model, implementation of Level 1 (17 practices), and preparation for Level 2 (110 requirements per NIST SP 800-171).
RMF process execution
6 steps: system categorization (DoDI 8500.01), control selection (UFC 4-410-06, NIST SP 800-53), STIG/SCAP implementation, vulnerability scanning (Nessus), penetration testing, authorization, and monitoring.
Results
Full CMMC 2.0 compliance
Completion of all 6 RMF steps
No delays in the construction project schedule
Authorization of building automation OT systems
Organizational readiness for future DoD contracts
Related case studies
CS.106
Adversary Emulation Security Testing
APT attack emulation against a bank in critical infrastructure - 7 scenarios, SOC collaboration, and 2-day training workshops.
CS.102
AI Deployment Risk and Compliance Analysis in Banking
Comprehensive risk analysis of AI solution deployment (Microsoft 365 Copilot, Azure AI, AWS AI) at a systemically important bank.
CS.101
Secure Retail Banking Migration to AWS Cloud
Supporting a retail bank in secure migration to AWS cloud - risk analysis, data classification, and KNF regulatory compliance verification.
We'll discuss scope, methodology, and timeline.
Free consultation, no strings attached.