Apply RMF processes to support system Assessment & Authorization (A&A), including control selection, implementation, assessment, and continuous monitoring
Develop, review, and maintain security documentation such as SSPs, POA&Ms, SARs, and ATO artifacts in tools such as XACTA or eMASS
Conduct vulnerability assessments and compliance scans (e.g., ACAS) and track remediation of findings and IAVM requirements
Implement and validate security controls aligned with NIST 800-53, CNSSI 1253, and related DoD guidance
Support system hardening, patching, and configuration management in compliance with STIGs for Linux, Windows, and network devices
Monitor systems for security events and support incident response and risk mitigation activities
Assess security impacts of system changes and support configuration control boards (CCBs)