Frequently Asked Questions

Have questions? We're here to assist. Browse common questions about our capabilities and how to work with KSG.

Common Questions

Find answers to the common questions

Browse common questions about our capabilities and how to work with KSG. Still unsure? Our team is one call away.

CMMC Level 2 ReadinessCMMC Level 2 certification is required for defense contractors that handle Controlled Unclassified Information (CUI) and is based on the 110 security controls in NIST SP 800-171. KSG guides you through the full path: scoping your CUI boundary, a gap assessment against all 110 controls, building your System Security Plan (SSP) and POA&M, remediating gaps, running a mock pre-assessment, and supporting you through the official C3PAO assessment to achieve and maintain certification.

Artificial IntelligenceWe don't treat AI as a standalone tool. KSG integrates AI - including Microsoft Copilot agents and agentic workflow automation - directly into secure, governed business processes with proper access control, auditability, and risk management. This moves agencies from manual, document-heavy operations to secure, intelligent, automated workflows while maintaining strong data protection and compliance.

CybersecurityKSG delivers full-spectrum security operations: SOC monitoring, SIEM & SOAR, vulnerability management and remediation, penetration testing and red teaming, incident response, digital forensics & e-discovery, identity & access management (ICAM/IDAM), firewall/VPN/IDS-IPS/SD-WAN engineering, EDR, and DevSecOps. We hold GSA HACS designations for RVA, HVA, Pen Test, IR, and Cyber Hunt.

Strategy & GovernanceOur GRC practice covers IT and cybersecurity policy & process development, risk management and IT assurance, ISSO support, Continuous ATO and Continuous Monitoring, automated FISMA compliance, and Assessment & Authorization (A&A) support - keeping your agency audit-ready and aligned to federal mandates.

Risk ManagementWe perform near real-time risk management - vulnerability scanning, patch management, POA&M management and trend analysis - plus continuous monitoring and authorization for on-prem and FedRAMP systems. We develop meaningful KRI/KPI risk metrics, automated dashboards (Tableau, Power BI), and Cybersecurity Supply Chain Risk Management (C-SCRM) programs.

Digital TransformationWe modernize legacy environments through Zero Trust strategy and implementation, IT enterprise architecture, cloud migration, Kubernetes and application lifecycle management, Cloud Access Security Broker (CASB), and DR/COOP planning - for example, supporting Maryland DoIT across 30+ agencies and ~25K end users.

ContractingYes. As an SBA 8(a) certified Small Disadvantaged Business, KSG can receive sole-source awards up to $4.5M (non-manufacturing) and $7.5M (manufacturing). We hold GSA MAS (including the 8(a) Pool), GSA OASIS+ (8a), FAA eFAST, and GSA HACS SINs, plus MDOT MBE/DBE/SBE certification.

ClientsKSG is trusted by federal and state agencies including the Dept. of the Interior (ONRR), PBGC, FDIC, the Administrative Office of the U.S. Courts, Maryland DoIT, the National Endowment for the Arts, the Central Ohio Transit Authority, the FAA, PG County (MD), and the City of Berkeley (CA).

Still have questions? Our team is happy to help.