What Does BOSS Know?

BOSS has developed in-depth knowledge of tactics, techniques, and procedures (TTPs) to assess enterprise architectures, multi-device solutions, or stand-alone devices, that communicate across various IEEE standards; 802.3, 802.11, 802.15.4/Zigbee, and vendor proprietary communication methods. Protocols tested range from traditional SCADA protocols of Modbus, BACnet, and Ethernet/IP, to traditional IT protocol usage.

While the cybersecurity industry has a common standard of assessment tools, new tools and assessment techniques are developed every day, and BOSS seeks to utilize any tool available that can assist our assessment team in providing quality analysis, while holding true to the BOSS proprietary "Own Your Security" methodology.

Compliance and Standards Knowledge:

NIST 800-37, Risk Management Framework for Information Systems and Organizations
NIST 800-53, Security and Privacy Controls for Federal Information Systems and Organizations
NIST 800-82, Guide to Industrial Control Systems (ICS) Security
NIST 800-115, Technical Guide to Information Security Testing and Assessment
NIST 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)
ISO/IEC 27000 Standards Family
ISA/IEC 62443