top of page
Servers

CYBER LAB

EXPERT IN CYBERSECURITY COMPLIANCE

CYBER LAB is a recognized thought leader in cybersecurity for industrial control systems (ICS), supporting a wide range of federal agencies. Our team is composed of experienced professionals who understand cybersecurity, information technology (IT), and operational technology (OT) environments.
We bring deep industry knowledge, advanced credentials, and hands-on experience in Information Operations. Our mission is to deliver practical, effective, and compliant cybersecurity solutions tailored to the needs of critical infrastructure and defense-related projects.

MEET THE EVER-EXPANDING REQUIREMENTS OF CYBER OFFENSE AND DEFENSE ACTIVITIES

CYBER LAB meets the evolving demands of cyber offense and defense operations, including full-spectrum Information Operations (IO) and security engineering. We design integrative solutions that help organizations comply with the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, with a particular focus on operational technology (OT) networks and industrial control systems (ICS). This DFARS clause forms the foundation of the Cybersecurity Maturity Model Certification (CMMC) and requires DoD contractor information systems to meet the standards outlined in NIST Special Publication (SP) 800-171, as assessed by accredited third-party organizations.
 
CYBER LAB’s subject matter experts (SMEs) and staff collectively bring extensive experience, specialized training, and industry-recognized certifications. With a strong foundation in Federal and DoD Information Assurance (IA) and Risk Management Framework (RMF) execution, our team supports a wide range of cybersecurity functions including system authorization (A&A), eMASS documentation, STIG implementation, vulnerability management, and POA&M remediation. Our professionals apply structured methodologies and a mission-focused approach grounded in compliance, operational security, and governance excellence.

 
Our team’s collective experience spans large-scale defense environments, including cloud-based systems, Launch and Test Range Systems (LTRS), overseas installations, and containerized application platforms. CYBER LAB staff maintain certifications aligned with DoD 8570/8140 requirements, including CISSP, CISM, SSCP, CDPSE, and PMP, and include personnel with active Top Secret/SCI clearances. This depth of expertise, combined with organizational agility and a commitment to quality, makes CYBER LAB a dependable, low-risk cybersecurity partner for mission-critical defense programs.

 

As our clientele and capabilities continue to grow, we remain a cybersecurity-focused company at our core. Innovation and imagination drive our solutions, while our commitment to process discipline and quality execution ensures we consistently deliver results that meet Federal and DoD cybersecurity standards.

 
* DoDI’s 8500 Cybersecurity (DoD Directive, DoD Instruction)
** DoDI’s 8510 Risk Management Frameworks (RMF) for Information Technology


Our cybersecurity professionals combine strong IT foundations, real-world defense experience, and mission-driven leadership. CYBER LAB is committed to excellence through structured methodologies, quality assurance, and a deep understanding of both IT and OT environments.

WHO WE ARE

TRUSTED IT AND CYBERSECURITY PROFESSIONALS

With a primary focus on supporting the U.S. Federal Government, including the U.S. Air Force, Navy, and Army, CYBER LAB operates from the Washington, D.C. National Capital Region and Guam, with strategic presence across the Asia-Pacific, Europe, Middle East, and Africa. Our operational footprint includes Japan, South Korea, Italy, Poland, Romania, the United Arab Emirates (UAE), and Djibouti, and other allied regions.

​

We deliver expert cybersecurity and IT services globally through a network of trusted associates and consultants, enabling mission success in defense, construction, and critical infrastructure projects worldwide.

Veteran Memorial Service

Team Leader: The individual brings over two decades of experience supporting federal and defense cybersecurity operations worldwide. With a Top Secret/SCI clearance and high-level certifications including CISSP, CISM, and PMP, this team member has led mission-critical efforts in Risk Management Framework (RMF) implementation, system authorization (A&A), eMASS documentation, STIG compliance, and POA&M remediation across both IT and OT environments.

​

Their career spans support for major DoD programs such as Launch and Test Range Systems (LTRS), overseas defense networks, and containerized cloud-based platforms. Having briefed senior leadership at the GS-15 and O-5 levels and led cybersecurity teams across multiple combatant commands, this individual brings proven leadership, deep technical expertise, and a mission-driven approach to every project CYBER LAB delivers.

Powerful Computer

DFARS 252.204-7012 Compliance & RMF Support

CYBER LAB supports DoD contractors in developing and updating integrated cybersecurity solutions to meet the requirements of DFARS 252.204-7012, with a specific focus on networks that include Facility-Related Control Systems (FRCS), Industrial Control Systems (ICS), and commercial Internet of Things (IoT) products. Our approach leverages a subset of the 110 NIST SP 800-171 / RMF security controls tailored to operational environments.

Our deliverables meet the specifications outlined in UFGS 25 05 11 – Cybersecurity of FRCS and include the following artifacts:
Contractor Computer Cybersecurity Compliance Statement, Cybersecurity Schedules, FRCS Inventory Spreadsheet, Contractor Temporary Network Cybersecurity Compliance Statement, Factory Acceptance Test (FAT) and Site Acceptance Test (SAT) Checklists, ACI TTP Fully-Mission Capable (FMC) Baseline, Information Systems Contingency Plan (ISCP), System Security Plan (SSP), Security Audit Plan (SAP), and a Security Monthly Audit Reports (SMARs).

​

CYBER LAB implements the Risk Management Framework (RMF) for both IT and OT systems using a multi-tiered risk management strategy as described in DoDI 8510.01, aligned with the Purdue Model for Control Hierarchy. This model structured across five zones and six levels enables technical, administrative, and physical implementation of controls based on NIST SP 800-53 and the ICS-specific guidance in NIST SP 800-82.

​

In addition, CYBER LAB prepares organizations for the Cybersecurity Maturity Model Certification (CMMC), a mandatory framework that extends beyond traditional DFARS self-attestation. As outlined by the DoD, contractors are now expected to demonstrate full implementation of technical controls, not just provide an SSP and POA&M. CMMC assessments will assign contractors a certification level from 1 to 5, with Level 5 representing the highest cybersecurity maturity.

Image by ThisisEngineering

WHAT WE DO

COMPREHENSIVE CYBERSECURITY & COMPLICANCE SUPPORT

With deep DoD expertise, we deliver specialized cybersecurity, compliance, engineering, and vulnerability management solutions.

Projects

  1. J-032, J-036, J-038, J-039, J-037 BEQ Facilities, Marine Corps Base Guam – N62742-21-C-1342

  2. J-755 Urban Combat Training Facility, Andersen Air Force Base, Joint Region Marianas, Guam – JFY14

  3. J-023 BOQ-A, Marine Corps Base Guam – N62742-21-C-1334

  4. J-025 GOJ Medical Dental Clinic, Marine Corps Base Guam – N62742-21-C-1333

  5. J-015 Enlisted Dining Facility, Marine Corps Base Guam – N62742-21-C-1322

  6. Replace Substation Transformers T-11 (CNR-5931) & T-12, Naval Base Guam – N401921802803

  7. J-017 U&SI Distribution Nodes & Telecom Buildings, Marine Corps Base Guam – N62742-21-C-1331

  8. P-013 Communications/Crypto Facility, NCTAMS, Joint Base Pearl Harbor-Hickam, Wahiawa, Hawaii – FY18

  9. P-803 Individual Combat Skills Training Facility, Marine Corps Base Guam

  10. Replace/Renovate Buildings 6003 A/B/C, Naval Base Guam – WON 1647272

  11. Replace Pumps, Motors, and Valves at SLS-28, Naval Base Guam – WON 1652509

  12. PHNSY Detachment Interim Facility Adjacent to B6060, Naval Base Guam – WON 1720999

  13. Repair Bldg. 1706SV & Modernize Fuels Lab, Lower Sasa Valley, Piti Guam – WON 1605193

  14. Building 309 Generator Install, Camp Blaz – N4019222D2706 / N4019223F4100

  15. P-309 Ground Combat Element – Infantry Battalions 1 & 2, Camp Blaz – N6274223F9922

  16. P-871U CBRNE Training Facility, Camp Blaz Guam

  17. Install Raptor Screens & Catwalk at WWTP, NBGAH – WON 1756834

  18. J-014 Physical Training Complex, Marine Corps Base Camp Blaz – N6274223F9930

  19. Upgrade Fluoride & Chlorine Injection Systems, Bldgs 576 & 588, Naval Magazine – WON 1792693

  20. Replace Pole-Mounted Transformers (P-129 & P-527), Naval Base Guam – WON 1810967

  21. BEQ Breezeway (Section 1) – Repair and Replace Damaged Utilities at Bldgs 1a-6, Naval Base Guam Apra Harbor – WON 1808660

  22. Repair Haputo Trail, Marine Corps Base Camp Blaz – WON 1799643

  23. Repair Typhoon Mawar Damage, Marine Corps Base Camp Blaz – WON 1807265

  24. Remote Facilities Support (TO#07), Naval Base Guam – WON 1810963

  25. Construction of the Guam Public Health Training and Laboratory Facility – 470-5-1085-F-MAN

  26. Building 62 Convert to Current Operations Information Center, NCTS Barrigada, Guam – WON 1774542

  27. ​Replace HVAC System at Building 580, Camp Covington, Naval Base Guam – WON 1796737

  28. R-0074 Repair POL Facility 26203 at Andersen AFB, Guam

  29. R-0075 Repair Andy II Facility 14507 and Facility 14511 Andersen AFB, Guam

  30. P-696 ERCIP Inner Apra Harbor Resiliency Upgrades, Naval Base Guam – N6274223D1323

  31. P-806 ERCIP Generation, Controls, and Feeder Upgrades, Naval Base Guam – N6274223D1323

  32. Install Clean Agent Fire Suppression System at Building 3012 – WON 1726304

  33. Replace HVAC System at Building 581 with Bid Option at Building 584, Camp Covington, Naval Base Guam – WON 1796746

  34. P-950 FY23 Enhanced Energy Security and Control Systems, Camp Lemonnier, Djibouti

  35. AJJY 25-1072M Repair Palau Dorm B25016, Andersen Air Force Base, Guam

  36. AJJY 25-1073M Repair Rota Dorm B25017, Andersen Air Force Base, Guam

  37. AJJY 25-1049M Upgrade Generator and Switchgear-Det 2, AAFB, Guam

  38. WON 1835059 Install Motorized Fence with CAC Reader, Security Hut and CCTV Radio Barrigada 

  39. AJJW 25-1071M, Repair Marbo Bulk Pumping Station Tank 2 and Wells 1&3 AAFB

  40. Repair Cracks & Epoxy Coat at Water Reservoirs

  41. WON 1807939 CNIC-680 Fuel Controls & Monitoring, Camp Lemonnier, Djibouti

  42. Repair, Renovate BEQ 17

  43. Fena Dam Safety Surveillance Monitoring

  44. P-693 Site 14 Command Center, Andersen Air Force Base, Guam

  45. P-408 Religious Ministry Services Facility, Marine Corps Base Guam

  46. P-649 Joint Communication Upgrade, Marine Corps Base Guam

Cybersecurity for Buildings and Facilities

CYBER LAB conducts vulnerability assessments (VAs) on federal buildings with a focus on control systems and operational technology (OT) environments, supporting the Department of Defense (DoD) and its mission-critical infrastructure.

Powerful Computer

Cyber Compliance Frameworks

Risk Management Framework (RMF) Assessment & Authorization (A&A)

​

RMF for DoD Agencies

CYBER LAB brings extensive experience working with secure DoD enclaves such as SIPRNet, NIPRNet, and Classified WANs (CWAN). We collaborate closely with your team to address the unique cybersecurity and compliance requirements of these mission-critical networks.

​

RMF ATO Services

The Risk Management Framework (RMF) empowers DoD agencies to manage cybersecurity risk and make informed, mission-aligned decisions. We support the full RMF lifecycle from initial system assessment to achieving your Authority to Operate (ATO) ensuring compliance with NIST SP 800-53 and DoD cyber standards.

​

End-to-End RMF Support

Need to certify your information systems to DoD RMF standards? CYBER LAB provides complete RMF assessment and authorization services, including system categorization, control implementation, artifact development, and continuous monitoring support. With deep knowledge of the 6-step RMF process and years of hands-on experience, we help DoD agencies navigate the path to ATO confidently and efficiently.

Powerful Computer

THE SIX-STEP DOD RMF PROCESS

Our deep experience with DoD RMF compliance ensures you have expert guidance through every phase of the process. From system setup to continuous monitoring, CYBER LAB provides proactive, full-lifecycle support for achieving and maintaining your Authority to Operate (ATO).

​

1. Categorize the System

We coordinate with the authorizing agency to determine system categorization based on CNSSI 1253 and mission/business needs. This establishes the foundation for appropriate control selection.

​

2. Select Controls

Based on system categorization and data types, we help select baseline controls, apply overlays, and tailor them as needed. We also prepare the Continuous Monitoring Strategy and implementation planning documents.

​

3. Implement Controls

We support documentation of system boundaries, initiate the Risk Assessment Report (RAR), draft interconnection agreements, and register systems in eMASS. Security controls are documented in the System Security Plan (SSP) and implemented in line with DoD architecture guidance.

​

4. Assess Controls

Our team conducts pre-assessments, prepares the Security Assessment Plan (SAP), and performs Security Test & Evaluation (ST&E) activities. We develop the Security Assessment Report (SAR), document any gaps in POA&Ms, and assist with artifact preparation for SCA and AO review.

​

5. Authorize System

We support your team through the ATO review process, incorporating updates and resolving findings until the system is approved by the Authorization Official (AO).

​

6. Monitor Controls

To sustain ATO compliance, we help manage your continuous monitoring activities—from weekly to annual reporting cycles—ensuring your system remains secure and audit-ready.

Powerful Computer

COMPLETE RMF A&A PROJECT PACKAGE

Steps 1 & 2 – Categorize & Select

  • Develop a complete Risk Assessment Report (RAR) for Tier 3 systems

  • Determine overall system security categorization using mission context and contract requirements

  • Assist with system registration in eMASS and security control selection

  • Tailor security controls to fit system-specific risks and operating conditions

  • Map each control to the relevant supporting documentation, policies, and procedures

​

Steps 3 & 4 – Implement & Assess

  • Use STIG Viewer to assess technical implementation of controls

  • Document any unimplemented or partially implemented controls in a detailed Plan of Action and Milestones (POA&M)

  • Provide mitigation strategies and recommendations for each gap

  • Prepare and organize all required RMF package artifacts for submission

​

Step 5 – Authorize (ATO Support)

  • Guide your team through ATO review checkpoints

  • Upload validated artifacts to eMASS

  • Respond to Authorization Official (AO) feedback or rework directives

  • Resolve flagged issues and secure ATO issuance

​

Step 6 – Monitor (Post-ATO Support)

  • Maintain compliance through continuous monitoring of controls

  • Deliver an Embedded Defense Cyber Plan to support long-term RMF sustainability

  • Offer scalable support for control reviews, compliance checks, incident response, and ATO renewal

  • Fixed-cost options available for predictable budgeting and consistent readiness

Services

1.jpg
8_edited.jpg

Facility Related Control Systems (FRCS), Operational Technology (OT), and Informational Technology (IT) Systems and Applications

CYBER LAB manages, monitors, and maintains FRCS, Operational Technology (OT), and Information Technology (IT) systems to ensure they operate efficiently, meet mission and operational requirements, and minimize disruptions. Our work supports government cybersecurity execution as outlined in NAVFAC P-805, UFC 4-010-06, and DoD control system policies.

Core Capabilities

  • Support and implementation of the Cybersecurity Program for FRCS, OT, and IT systems

  • Real-time system monitoring and adjustments during normal working hours for energy efficiency

  • Deployment of Buy American Act-compliant laptops for system diagnostics, updates, and monitoring

  • Coordination of all hardware/software configuration changes, including BCS, UCS, SCADA, EMCS, and DDC

  • Execution of Configuration Management per UFC 4-010-06

​

Response & Reporting

  • Respond to outages within one hour of notification (automated or manual)

  • Immediate notification to the COR for unresolved issues beyond 24 hours

  • Generate reports for:

    • Systems in manual/override/bypass modes (per Section F)

    • System alarms or incident activity

    • Root cause analysis of recurring failures

    • Access violations or cybersecurity breaches

​

Update & Patch Management

  • Coordinate and install software/firmware upgrades within 30 days of release

  • All updates are pre-approved by the Government, installed using contractor-provided standalone laptops, and performed at no additional cost

​

Systems Covered

  • Building Control Systems (BCS)

  • Direct Digital Controls (DDC)

  • Energy Management and Control Systems (EMCS)

  • Utility Control Systems (UCS)

  • Supervisory Control and Data Acquisition (SCADA)

  • Advanced Metering Infrastructure

  • Plant-level Control Systems

​

Informational Note

Many upcoming MILCON and support facilities (per Attachment J-1501000-02) will include:

  • Johnson Controls METASYS Building Automation Systems

  • Schneider Electric PowerLogic ION8650B utility revenue meters
    These are integrated into the Area-Wide Energy Management System.

​

Support Areas within the FEOC

  • FEOC Management

  • Control System Operations

  • Smart Grid Advanced Analytics

  • Cybersecurity and Application Support

8_edited.jpg

CMMC 2.0 Level 2 Readiness & Sustainment

Cyber Lab helps defense contractors reach and sustain CMMC 2.0 Level 2 by aligning their environments with DFARS 252.204-7012 and NIST SP 800-171. We guide teams through what Level 2 actually requires, whether a self-assessment or C3PAO assessment, plus annual affirmation, so you’re ready for solicitations that make CMMC status and SPRS entries a condition of award.

Our delivery is end-to-end and practical: baseline gap analysis, policy/procedure updates, and documentation (network diagrams, inventories, and the System Security Plan) paired with hands-on implementation, firewalls, switches, endpoint hardening, and a ticketing workflow, so your controls aren’t just written, they’re working. We also establish an annual rhythm for updates, patching, and inventory reviews to keep compliance current.

​

The result is an assessment-ready posture that maps directly to Level 2 expectations and scales with your program. Whether your contract calls for self-attestation or a C3PAO review, we translate the requirements into clear tasks and artifacts so your team can focus on delivery, while demonstrating due diligence to the DoD.

​

The Department of Defense has finalized CMMC by embedding it into DFARS, making cybersecurity a condition of award for contracts where contractors handle Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). The rule rolls out in phases across selected solicitations and then becomes broadly required, with contracting officers checking a contractor’s current CMMC level in SPRS at time of award.

​

At award, Level 1 must be final; Levels 2–3 can be granted on a conditional basis for limited periods while remaining requirements are closed. Contractors must maintain their CMMC status for the life of the contract and submit an annual affirmation of continuous compliance. The clause flows down to applicable subcontractors (COTS excluded), and primes are responsible for ensuring subs meet the required level.

​

Cyber Lab translates these requirements into an assessment-ready posture aligned to NIST SP 800-171: we baseline your environment, implement the needed controls and documentation (SSP, inventories, diagrams), and establish an operating cadence for patching, reviews, and updates, so compliance is working day-to-day, not just on paper.

6.jpg

WHO WE SERVE

Image by Florian Krumm

WHO WE SERVE

Cybersecurity for Government Agencies

Government agencies have a duty to protect classified, sensitive, and proprietary information. Adversaries and rogue actors actively seek vulnerabilities that can disrupt operations, compromise data, and threaten national security.

​

To meet mission-critical goals, federal agencies and military branches require cybersecurity solutions that are both resilient and compliant—designed to detect, defend, and respond in today’s evolving threat landscape.

US DoD & INTEL AGENCIES

We are uncompromising in delivering excellence—honoring our commitments to each other, our customers, and the communities we serve.

FEDERAL, STATE & LOCAL GOVERNMENT

We believe exceptional results are achieved by developing and leveraging individual strengths in highly collaborative environments.

CONTACT

Washington DC, United States
PO BOX 9132 TAMUNING

GUAM 96931

richard.k@cyberlabus.com

+1 671 649 0011

Thanks for submitting!

+1 671 649 0011

  • Facebook
  • LinkedIn

©2021–2025 by CYBER LAB. All rights reserved.

bottom of page