Assessments and Tests

Be cyber confident.

Our comprehensive set of cybersecurity assessments and testing services can be tailored based on your business needs and your organization's threat profile.


Cybersecurity Assessments and Tests

We provide detailed assessments of the effectiveness your cyber defense and resiliency when measured against likely cyber threats. Assessments and tests are in separable modules that can be aligned to your current needs. Specific gap mitigation steps to further reduce potential cyber incident risks will be recommended based on our findings.

Assessments, testing and subsequent recommendations are based on our broad and deep cybersecurity experience using proven, market leading methodologies and current industry standards and best practices such as NIST, NERC CIP, ISO, DHS, and DoE to name a few.


Leidos cybersecurity assessments are the best way for companies to learn where they stand as security practitioners. Organizations receive:

  • Quantifiable scores
  • Tailored guidance from experts in the Computer Network Defense industry
  • Contextual intelligence on outpacing your adversaries

Three core cybersecurity assessments to support your unified enterprise defense strategy:

Essential Processes

Core Security Framework Assessment

Recommended for any organization defending IT/OT systems and processes against broad-based cybersecurity threats. The Core Security Framework assessment evaluates and measures the level of cybersecurity implementation across the 5 functions and 22 categories of the NIST Cybersecurity Framework to establish a cyber defense baseline and benchmark your organization against industry peers.


Defense Maturity Baseline

Cyber Defense Maturity Evaluation

For organizations protecting critical infrastructure or high-value assets that would attract advanced adversaries such as the Advanced Persistent Threats (APT), insider threats, or sophisticated cyber criminals.


Supplementary Assessments and Tests:

Review Technology

Technology Vulnerability Assessment and Testing

This assessment consists of documentation reviews and analysis, supplemented by targeted physical inspections to determine the completeness and adequacy of security controls used in the design and implementation of an organization’s networks as well as its IT/OT architectures, systems, operating processes, and applications. It also identifies potential weaknesses in system architectures, configurations, vulnerability management programs, and application development.


Objective Penetration Testing

Penetration Testing

Technical testing from either inside or outside the organization’s perimeter. Penetration testing services are designed to systematically identify and remediate security weaknesses in the organization’s most critical systems and applications. Penetration testing provides objective evidence of system resiliency and hardening through the application of adversarial tactics.


Benchmark Defense Capabilities

Advanced Persistent Threat Simulation Testing

We assess the organization’s capability to detect, monitor, and mitigate advanced threats at each step of an attack. Unlike penetration testing, which focuses on achieving an objective such as ‘gain domain admin privileges’ or ‘access a protected network’, APT simulation utilizes a broad spectrum of cyber adversary tactics, techniques, and processes (TTP). This testing examines two factors for each scenario: 1) did the tactic/technique/process work in the client’s environment, and 2) was anyone in the client’s enterprise alerted to the activity (whether it was successful or not)? A typical APT simulation involves dozens of test scenarios, and is a very effective way of benchmarking an organization against real-world adversary tactics.


Evaluate Insider Risk

Insider Risk Assessment

When addressing insider challenges, the commercial enterprise should focus on managing the associated risks, taking into account the threats, related vulnerabilities, and affected assets. Understand and evaluate your organization’s current state, flush out vulnerabilities, identify risk treatments, and help improve your overall insider risk program with our Insider Risk Assessment.


Talk to a cybersecurity expert today.