Big IT Networks · Federal & Defense Cyber Practice · SBA 8(a) Certified · Capability Map v1.0

MSSP Services for Law Enforcement & Defense Agencies — Capability, Framework, GRC & Statutory Mapping in the AI Era

Service portfolio · Tooling stack · NIST CSF 2.0 · MITRE ATT&CK / D3FEND / ATLAS · ISO / CMMC / FedRAMP / CJIS · US & international statutes · Police · Army · Navy · Air Force applicability matrix · Delivery tier indicators

Full / Mature offering
Partial / Hybrid
Specialist / Cleared-only
Reference / Info
Priority for force
T1 Anchor service · T2 Recurring · T3 Project
May 2026 · BIG It Pre-Sales Intelligence
SERVICE / DIMENSION → Capability SynopsisWhat is deliveredService Definition Tools & Tech StackRepresentative platformsTooling NIST CSF 2.0Function · CategoryCyber Framework MITRE / Other FrameworksATT&CK · D3FEND · ATLAS · CISAdversary Framework GRC FrameworksISO · CMMC · FedRAMP · SOC 2GRC US Statutes & RegulationFederal law / executive directiveLaw of the Land International AlignmentEU · UK · UN · cross-borderInternational PoliceFederal · State · MunicipalLEA Civilian ArmyLand force · TacticalDefense NavyMaritime · Coast GuardDefense Air ForceAir · Space · ISRDefense
01CYBER OPERATIONS & THREAT DEFENSE
T124×7 Cleared SOCTier 1–3 monitoring Co-managed or fully outsourced SOC with cleared analysts (Secret/TS/SCI). Mission-aligned use cases, classified-network monitoring, and joint operations integration with cyber-protection teams.
  • Splunk ES · Sentinel · Chronicle
  • CrowdStrike · SentinelOne · Defender
  • Tanium · Velociraptor
  • Cortex XSOAR · Tines · Torq
  • Recorded Future · Mandiant
 DE.CMDE.AERS.ANRS.MI
Detect/Respond core; continuous monitoring & analytics		 ATT&CK EnterpriseD3FENDCIS Controls v8
Detection engineering aligned to TTPs; D3FEND countermeasure mapping		 NIST 800-53 (SI/IR/AU)CMMC L2/L3SOC 2 Type IIISO 27001 FISMAFedRAMP M/HEO 14028CJIS Sec Policy v6
DoD CIO 8530 / cyber-defense direction		 NIS2 (EU)UK NCSC CAFBudapest Conv. Anchor
Federal LEA SOCs & fusion centers		 Anchor
Garrison + tactical SOC overlay		 Anchor
Fleet / shore SOC consolidation		 Anchor
AOC / wing-level SOC support
T1Tactical / Deployable SOCContainerized, edge Field-deployable SOC stack in containerized / ruggedized form factor for FOBs, joint task forces, disaster response, expeditionary operations. Operates over DDIL networks.
  • Containerized Splunk / OpenSearch
  • Suricata / Zeek IDS at edge
  • Velociraptor for live forensics
  • StrongSwan / WireGuard tunnels
  • Local Sigma / YARA rule packs
 DE.CMPR.DSRS.CO
Mobile detect/respond posture		 ATT&CK MobileJIE Reference ArchDoDIN APL NIST 800-171/172CNSSI 1253DISA STIGs DoD 8500 seriesCJCSI 6510.01FRMF (NIST 800-37) NATO STANAG 4774/4778FVEY interop Episodic
DHS / FEMA disaster cyber		 Anchor
CPT & expeditionary missions		 High
Underway / forward-deployed		 High
Forward bases · expeditionary
T1Managed Detection & ResponseMDR · XDR · ITDR Endpoint, network, identity & cloud telemetry fused into a single MDR/XDR pipeline. Includes identity threat detection (Okta/AD/Entra), with cleared on-call IR retainer.
  • CrowdStrike Falcon · MS Defender XDR
  • SentinelOne Singularity · Cortex XDR
  • Vectra · ExtraHop · Corelight NDR
  • Silverfort · Semperis (ITDR)
  • Wiz / Prisma · CrowdStrike Cloud
 DE.CM-1/3/9DE.AE-2/3RS.MI-1/2 ATT&CK EnterpriseATT&CK CloudD3FENDMITRE Engage CMMC L2 IR/SIFedRAMP M/HPCI DSS 4.0 EO 14028 §2/§7CISA BOD 23-01OMB M-21-31 (logging) NIS2 Art. 21UK CAF Obj C High
Federal & large-state PDs		 High
Garrison endpoint estates		 High
Fleet IT & shore networks		 High
Mission-system endpoints
T2Threat Intelligence as a ServiceStrategic · operational · tactical Curated TI on nation-state APTs, organized cybercrime, hacktivists, terrorist financing networks, narcotics syndicates and gang cyber-fronts. Includes dark-web priority-intel-requirements (PIRs).
  • Recorded Future · Mandiant Advantage
  • Flashpoint · Intel 471 · Sixgill
  • OpenCTI · MISP (sovereign deploy)
  • VirusTotal Enterprise · GreyNoise
  • STIX 2.1 / TAXII feeds
 ID.RA-2/3DE.AE-7GV.RM MITRE ATT&CKCAPECDiamond ModelF3EAD ISO 27001 A.5.7CMMC L2 SI.L2TLP 2.0 CISA Auto Indicator SharingEO 13691CTIIC coord. EU CyCLONeInterpol Cybercrime DRFVEY threat exchange High
FBI/HSI/state fusion		 High
CTI cell support		 High
Maritime CTI / ONI feeds		 High
Air/space CTI / NASIC
T2Threat HuntingHypothesis-driven Proactive hunts against active TTPs in the agency's environment. Dwell-time reduction, hidden-implant discovery, behavioural anomaly investigation. Quarterly hunt sprints.
  • Splunk · Sentinel KQL · BigQuery
  • Velociraptor · GRR Rapid Response
  • Sigma rules · Hayabusa · Chainsaw
  • Jupyter notebooks (MSTIC patterns)
  • Custom YARA / yara-x
 DE.AEDE.CM-7ID.IM ATT&CK · TTPsPEAK Hunting FrameworkTaHiTI CMMC L2 SI.L2-3.14.6ISO 27001 A.8.16 EO 14028 §6 (hunt)DoDI 8531.01 UK MITRE adoptionCCDCOE TI doctrine Selective
Federal & high-cap state		 High
Hunt-forward operations		 High
FCC/CYBERFLT support		 High
16 AF / 67 CW augment
T2Vulnerability Mgmt & ASMExternal + internal exposure Continuous vuln management with EASM/ASM, prioritization via exploitability + reachability, SLA-driven remediation. Includes SBOM tracking and zero-day notification service.
  • Tenable One · Qualys · Rapid7 InsightVM
  • Censys · Shodan Enterprise
  • Microsoft Defender EASM · Wiz
  • Vulcan · Brinqa (risk fusion)
  • SBOM: Anchore · Dependency-Track
 ID.RA-1PR.IP-12DE.CM-8 CVE · CVSS v4 · EPSSCISA KEVSSVC FedRAMP M/HCMMC L2 RA/SIPCI DSS 11.3 CISA BOD 22-01 (KEV)BOD 23-02 (mgmt iface)EO 14028 §4 (SBOM) NIS2 Art. 21EU CRA High Anchor
ACAS / ESS reporting		 Anchor
CMF / fleet IAVA		 Anchor
USCYBERCOM IAVA
T2Pentest / Red & Purple TeamAdversary emulation Authorized offensive testing — black-/grey-/white-box, full-scope adversary emulation, purple-team exercises with the agency's blue team, social-engineering & phishing simulation.
  • Cobalt Strike · Brute Ratel · Sliver
  • Burp Pro · ZAP · Caido
  • BloodHound · Impacket · CrackMapExec
  • Atomic Red Team · CALDERA
  • SafeBreach / Picus / AttackIQ (BAS)
 ID.RA-1PR.IP-10DE.DP-3 ATT&CKCALDERATIBER-EUCBEST · iCAST CMMC L2 CA.L2-3.12PCI DSS 11.4SOC 2 CC4.1 CFAA §1030 (auth scope)DoDI 8530.01 (RT auth)FRCP discovery TIBER-EUUK CBEST · STAR-FSHKMA iCAST High Anchor
CCMD red-team support		 High High
T2Cyber Range as a ServiceAdversary emulation environments On-demand cyber range for crew certification, weapons-system rehearsal, adversary-emulation drills. Custom scenarios mapped to agency mission threads.
  • SimSpace · Cyberbit · CYBER RANGES
  • Persistent Cyber Training Environment
  • RangeForce · Hack The Box Enterprise
  • OpenStack / Proxmox lab fabrics
  • Custom CALDERA + Atomic libraries
 PR.AT-2PR.IP-9RC.IM-2 ATT&CK EvaluationNICE FrameworkDoDM 8140 ISO 27001 A.6.3CMMC AT.L2 DoDM 8140.03 (workforce)EO 13870 (cyber WF) ENISA CSF trainingNATO CCDCOE Locked Shields Selective Anchor
PCTE / CMF training		 High High
39 IOS / mission rehearsal
02DIGITAL FORENSICS & INCIDENT RESPONSE
T1Computer / Endpoint ForensicsDisk · OS · artefact Court-admissible forensic acquisition & analysis of laptops, servers, removable media. Bit-stream imaging, hash verification, timeline reconstruction, expert witness coverage.
  • Magnet AXIOM / FTK · X-Ways · EnCase
  • Autopsy / Sleuth Kit (open source)
  • Volatility 3 (memory)
  • KAPE / RegRipper / Plaso
  • Tableau / Atola write-blockers
 RS.AN-1/2/3RC.RP SWGDENIST SP 800-86ISO/IEC 27037ACPO Principles ISO/IEC 17025ASCLD/LABFBI QAS Federal Rules of Evid. 702/9014th Amendment / warrantsECPA · SCA · CALEA Budapest Conv. Art. 19EU e-Evidence Reg.UK PACE 1984 §19 Anchor
All criminal investigations		 High
CID / counter-intel		 High
NCIS support		 High
OSI / counter-intel
T1Mobile & Wearable ForensicsiOS · Android · smartwatch Logical, file-system, full-file-system, BFU & AFU extraction of phones & tablets. Wearable / smartwatch acquisition, encrypted-app artefact recovery, location-graph reconstruction.
  • Cellebrite UFED Premium / Inseyets
  • Magnet GrayKey · VERAKEY
  • MSAB XRY · Oxygen Forensic Detective
  • Elcomsoft iOS/eXplorer · Belkasoft
  • ADB / iLEAPP / aLEAPP (open)
 RS.AN-1/2DE.AE-3 ATT&CK MobileNIST SP 800-101r1SWGDE Mobile ISO 17025CFCE / GMOB / IACIS SCA 18 USC §2701Riley v. California (2014)Carpenter v. US (2018) EU LED 2016/680UK IPA 2016 Pt 5 Anchor
Highest-volume case type		 High High High
T2Cloud ForensicsSaaS · IaaS · M365 · Workspace Cloud-native acquisition across M365, Workspace, AWS, Azure, GCP. Snapshot & volatile-data capture, cross-tenant chain-of-custody, court-admissible cloud-evidence packaging.
  • Magnet AXIOM Cyber · Cado · Cyber Triage
  • AWS detective · Azure Sentinel
  • UAL / MAL parser · Hawk (M365)
  • Sysdig · Wiz forensic snapshot
  • Kape cloud collectors
 RS.AN-1DE.AEPR.DS-2/4 ATT&CK CloudCSA CCM v4NIST SP 800-201 FedRAMP HCSA STAR L2ISO 27017/18 CLOUD Act 2018SCA · ECPADoD CC SRG IL4/5/6 EU GDPR Art. 48EU e-Evidence Reg.UK CLOUD bilateral High High High High
T2IoT / OT & Vehicle ForensicsConnected estate Forensic acquisition from non-traditional endpoints — connected vehicles (CAN/infotainment), home IoT, industrial controllers, telematics units. Critical for narcotics, OCG, and homicide cases.
  • Berla iVe (vehicle infotainment)
  • MSAB XRY Drone · MSAB Vehicle
  • Cellebrite Smart · IoT extraction kits
  • Nuix / X-Ways for SCADA logs
  • Custom UART/JTAG/chip-off rigs
 RS.AN-1ID.AM-3/4 ATT&CK ICSSAE J3061ISO/SAE 21434 (auto) IEC 62443ISO 17025 SCA / CALEAFMVSS / NHTSA cyber UNECE WP.29 R155/156EU Cyber Resilience Act Anchor
Vehicular crime · narcotics		 High
Tactical vehicle forensics		 Selective Selective
T3Game Console & XR ForensicsPS5 · Xbox · Switch · VR Specialist console & XR-headset forensics — increasingly relevant for CSAM, gang communication, narcotics coordination, extremist radicalisation. Headset acquisition for grooming & harassment cases.
  • XRY / UFED console support
  • Cellebrite XR / Quest add-on
  • Custom HDD imaging rigs
  • Discord / Steam artefact parsers
  • Open-source: console-forensics CLI
 RS.AN-2 SWGDE ConsoleNIST SP 800-101 (extended) ISO 17025 (scope) PROTECT Act18 USC §2258A (NCMEC)SCA Lanzarote Conv.EU CSAM Reg. (proposed) Anchor
ICAC task forces		 Rare Rare Rare
T2Drone / UAV ForensicsFlight log · payload UAV evidence recovery — flight log reconstruction, geofence / RTH analysis, payload (camera) extraction, operator-attribution, swarm-controller forensics. Critical for prison contraband, terrorist surveillance, border ops.
  • DRONEFOX · DJI flight-log parsers
  • MSAB XRY Drone
  • Cellebrite UAV add-on
  • AeroScope / RemoteID decoders
  • Custom DAT / TXT log analysers
 RS.AN-1DE.AE ATT&CK MobileFAA UAS data std. ISO 17025 (specialist) FAA Part 107FAA Remote ID ruleEAR · ITAR (export) EASA UAS reg.CAA UK CAP722 High
Borders · prisons · OCG		 Anchor
Counter-UAS attribution		 High
Maritime UAS		 Anchor
Air domain primary
T2Network & Memory ForensicsLive triage · packet capture Volatile capture & deep packet analysis for active intrusions and live-incident triage. RAM acquisition with implant detection and lateral-movement reconstruction.
  • Wireshark · Zeek · Suricata
  • NetworkMiner · Arkime (Moloch)
  • Volatility 3 · Rekall · MemProcFS
  • Velociraptor live triage
  • Splunk Stream · Corelight
 DE.CM-1RS.AN-2/3 ATT&CK EnterpriseNIST SP 800-61r3 ISO 17025SOC 2 CC7 Wiretap Act 18 USC §2510Pen Reg. 18 USC §3121 EU LED Art. 6UK IPA 2016 Pt 6 High Anchor High High
T2Crypto / Blockchain ForensicsTracing · sanctions · ransom On-chain investigation for ransomware-payment tracing, narcotics & terrorism financing, sanctions evasion (OFAC), exchange seizure support, mixer/tumbler de-anonymisation.
  • Chainalysis Reactor / Storyline
  • TRM Labs · Elliptic
  • CipherTrace · Crystal · Merkle Science
  • OXT / Mempool / etherscan tooling
  • Open: walletexplorer · BlockSci
 RS.AN-2ID.RA-3 FATF Travel RuleEgmont Group SOPs FinCEN BSAISO 17025 BSA / AML31 USC §5318 (KYC)OFAC SDN listCFAA · 18 USC §1956 FATF R.15 / R.16EU MiCA · TFRUK MLR 2017 Anchor
FBI · Secret Service · IRS-CI		 Selective
Counter-terror financing		 Rare Rare
T2Dark Web InvestigationHUMINT-cyber crossover Authorized covert dark-web operations — undercover persona management, marketplace monitoring, vendor attribution, Tor/I2P de-anonymisation support, leak-site monitoring for breach intelligence.
  • Searchlight Cyber (DarkIQ)
  • Flashpoint · Sixgill · KELA
  • Recorded Future · Intel 471
  • OnionScan · Ahmia (open)
  • Maltego with dark-web TFs
 ID.RA-2DE.AE-7 F3EADDiamond ModelCTI Maturity Model ISO 27001 A.5.7TLP 2.0 CFAA (avoid violation)CIPA (operator policy)FBI UCO guidelines Budapest Conv. Art. 32EU LED Ch. III Anchor
Narcotics · CSAM · OCG		 Selective Selective Selective
T1ISO 17025 Lab Build & Expert WitnessLab-as-a-service Forensic Lab CoE establishment — accreditation programme management, evidence-handling SOPs, validated tool catalogue, court-credentialed examiner pipeline (CFCE/GCFA/EnCE/ACE/CCO).
  • Quality mgmt: Qualtrax · MasterControl
  • Evidence: Foray ADAMS · Tracker
  • Validated tooling matrix per discipline
  • Faraday rooms · clean-imaging stations
  • Mock-courtroom training facilities
 GV.RMPR.AT-2/4 SWGDE / OSAC standardsENFSI Best Practice Manuals ISO/IEC 17025ISO 17020ANSI/ASB FRE 702 (Daubert)FBI QAS / DEA guidelines ENFSI accreditationILAC MRA Anchor
Every fed/state crime lab		 High
DC3 / DCFL alignment		 High High
03COUNTER-DISINFORMATION & SYNTHETIC MEDIA
T1Deepfake / Synthetic Media DetectionAudio · video · image Authenticity verification for audio, video, image, text. Multi-model ensemble detection for face-swap, lip-sync, voice-clone, fully-synthetic content. Court-admissible authentication reports.
  • Reality Defender · Hive · Sensity
  • Truepic · Pindrop (audio)
  • Microsoft Video Authenticator
  • Open-source: FaceForensics++ · Deepware
  • NIST MFC dataset benchmarks
 DE.AERS.AN-1 MITRE ATLASNIST AI 100-4SWGDE Image & Video ISO 17025 (digital media)NIST AI RMF DEEPFAKES Account. ActDEFIANCE Act 2024FRE 901(b)(9) authent.State NCII / deepfake laws EU AI Act Art. 50UK Online Safety Act 2023 Anchor
NCII · fraud · evidence chal.		 High
PSYOP / influence ops		 High High
ISR auth · OSINT verif.
T2C2PA Provenance VerificationContent authenticity Verification & chain-of-custody for media using C2PA / Content Credentials. Provenance signing, manifest validation for body-cam, dash-cam, evidentiary photography, OSINT verification.
  • C2PA SDK (Adobe / Microsoft)
  • Truepic Vision · Numbers Protocol
  • JPEG Trust signing
  • Hardware-attested cameras (Sony Alpha)
  • OpenTimestamps · public ledgers
 PR.DS-6DE.AE-2 C2PA 2.x specJPEG TrustW3C VCDM ISO/IEC 21617 (forthcoming) DOJ body-cam evidence rulesFRE 901 EU AI Act Art. 50DSA Art. 35 Anchor
Body-cam authentication		 Selective Selective High
ISR product attribution
T2Coordinated Inauthentic BehaviorCIB · bot networks Detection & attribution of coordinated influence ops — bot-net mapping, narrative tracking, astroturfing & sock-puppet identification, foreign-malign-influence (FMI) tracking.
  • Graphika · Logically · Blackbird.AI
  • Pyrra · Cyabra · Alethea
  • Open: Bot Sentinel · Hoaxy
  • Custom NLP / GraphSAGE pipelines
  • Brandwatch · Meltwater
 ID.RA-2DE.AE-7 DISARM FrameworkSCOTCH attributionCTI Diamond NIST AI RMF GOVERN FARA52 USC §30121 (foreign donor)1st Amend. (US-person care) EU DSA · Code of PracticeUK NSI Act 2023 High
Election & civil-unrest cases		 High
PSYOP / IO support		 Selective Anchor
16 AF / IO mission
T2SOCMINT & Geo-OSINTSocial media intelligence Lawful social-media intelligence with geolocation, image-based location, attribution support. Strict compliance scaffolding for First-Amendment / privacy / minors / DPA 2018 environments.
  • Babel Street · ShadowDragon
  • Maltego · Hunchly · OSINT Combine
  • Bellingcat tooling stack
  • Geospy.ai · GeoEstimation
  • Tweetdeck/Skybridge legacy adapters
 ID.RA-2DE.AE F3EADOSINT FrameworkSOCMINT taxonomy CJIS Sec Policy v628 CFR Part 23 28 CFR Part 23 (criminal intel)PPD-28 (signals intel)Privacy Act 1974 EU LED 2016/680UK DPA 2018 Pt 3GDPR Art. 6/9 Anchor
Investigations · missing pers.		 High Selective High
T2Election Infrastructure ProtectionVoting · poll · campaign End-to-end election cyber defense — voter registration DB hardening, voting machine security, EAC EAC-tested system validation, county BoE MDR, candidate & campaign security advisory.
  • Cloudflare Athenian Project
  • CIS EI-ISAC Albert sensors
  • Microsoft AccountGuard
  • Hybrid SIEM (Sentinel · Splunk Cloud)
  • OSINT for narrative threats
 PR.DSDE.CMRS CISA Election Sec. ToolkitEAC VVSG 2.0 CISA CDMEI-ISAC handbooks HAVA 2002EAC VVSGPPD-21CISA EI-CIPAC EU Code of Practice on Disinfo. Anchor
State/county-direct primary		 N/A N/A N/A
T2AI-Generated CSAM TriageSynthetic vs real victim AI-assisted triage separating fully-synthetic from real-victim CSAM to prioritise rescue operations & reduce examiner trauma exposure. Hash-set management (NCMEC, Project VIC, ICSE).
  • NCMEC Hash Sharing
  • Project VIC / VICS
  • Microsoft PhotoDNA
  • Thorn Safer · Griffeye Analyze DI
  • Synthetic-detection ML stack
 DE.AERS.AN Project VIC standardsINTERPOL ICSE ISO 17025ICAC standards 18 USC §2252 / §2256PROTECT ActREPORT Act 2024 Lanzarote ConventionEU CSAM Reg. (proposed) Anchor
ICAC · NCMEC referrals		 N/A N/A N/A
04AI INVESTIGATIVE & SURVEILLANCE ANALYTICS
T1CCTV / Body-Cam TriageComputer vision at scale AI-accelerated review of thousands of hours of video — person re-ID, object detection, event clipping, scene-of-crime reconstruction. Includes audit logging & bias-tested models.
  • BriefCam · Veritone Redact
  • Avigilon Unity AI
  • Magnet Witness · iNPUT-ACE
  • Open: DeepSORT · YOLOv8 · Ultralytics
  • NVIDIA DeepStream / Metropolis
 DE.AEPR.IP-9 MITRE ATLASNIST FRVT NIST AI RMFISO/IEC 42001 CJIS · 28 CFR Part 23DOJ body-cam policyState BWC laws EU AI Act Art. 6 (high-risk)EU LED Art. 11 Anchor
All major investigations		 Selective Selective High
ISR FMV exploitation
T2ANPR / ALPRLicense plate · vehicle License plate recognition at scale with hot-listing, geofencing, convoy detection. Privacy-preserving retention policies, audit trails, and warrant-aware access controls.
  • Genetec AutoVu · Vigilant Solutions
  • Flock Safety · Rekor
  • Axon Fleet · Motorola Solutions
  • Open: OpenALPR / OpenLPR
  • Edge inference (Jetson Orin)
 DE.CMID.AM IACP ALPR PolicyNIST OCR benchmark CJIS Sec Policy v6NIST AI RMF 28 CFR Part 23State ALPR retention laws4th Amend. case law EU LED Art. 11UK Surveillance Camera Code Anchor
Patrol · investigations		 Selective
Gate / FPCON		 Selective
Port / pier security		 Selective
Base entry control
T2Facial Recognition (FRT)NIST-tested · bias-audited Facial recognition with mandatory NIST FRVT testing, demographic-bias reporting, human-review-in-the-loop, & warrant-/lead-only deployment. Designed for Western LEA legal scrutiny.
  • NEC NeoFace · Idemia MorphoFace
  • Clearview AI (controversial)
  • Cognitec · Paravision
  • NIST FRVT-leader benchmarks
  • Open: InsightFace (research only)
 DE.AEGV.RM NIST FRVT 1:1 / 1:NMITRE ATLASFBI FACE policy NIST AI RMFISO/IEC 42001ISO/IEC 19794-5 FBI NGI policiesState FRT laws (e.g. WA, CA)Privacy Act 1974BIPA (Illinois) EU AI Act (Art. 5 ban + Art. 6)UK DPIA & SCC Code Anchor
High-risk · policy-bounded		 High
Base access · biometrics		 High High
T2Voice / Speaker BiometricsVoice ID · language ID Speaker identification, language identification, dialect detection, voice age estimation. Used for hostage / extortion calls, gang affiliation, OCG attribution.
  • Nuance Gatekeeper · Pindrop
  • Phonexia Voice Inspector
  • NIST SRE benchmarks
  • Open: SpeechBrain · pyannote
  • Whisper-LangID variants
 DE.AE NIST SRESWGDE Audio NIST AI RMFISO/IEC 19794-13 Wiretap ActFRE 901(b)(5)State BIPA-equivalents EU AI ActEU LED Anchor
Hostage · OCG · extortion		 High High High
T3Gait & Crowd AnalyticsBehaviour at distance Behavioural analytics — gait recognition, crowd-density estimation, anomaly & loitering detection, abandoned-object alerts. Critical for VIP protection & mass-event security.
  • Watrix · iOmniscient · Sighthound
  • NVIDIA Metropolis · DeepStream
  • Open: OpenPose · MMPose
  • YOLOv8 + tracking pipelines
 DE.CMDE.AE MITRE ATLAS NIST AI RMF 28 CFR Part 23PPD-28 EU AI Act Art. 5 (limits) High
VIP · stadium · transit		 High
FPCON · gate		 Selective High
Base perimeter
T1Multi-Modal Investigation GraphCase correlation engine Investigation analytics platform linking phones, financials, geolocation, OSINT, custodial records, intelligence into an entity graph. Palantir / i2 / Cellebrite Pathfinder-class delivery.
  • Palantir Gotham · IBM i2 Analyst
  • Cellebrite Pathfinder / Endpoint Insp.
  • Nuix Investigate · Penlink Tangles
  • Linkurious · GraphAware Hume
  • Neo4j + custom ingest pipelines
 RS.ANDE.AEID.RA F3EADSOCMINT pyramidCIA Tradecraft CJIS Sec Policy v628 CFR Part 23FedRAMP H CJIS · Privacy Act28 CFR §23.20 (intel mgmt)Federal Records Act EU LED Art. 4–8UK Code of Practice CHIS/SCS Anchor
Major-case fusion		 Anchor High Anchor
T3Lawful Intercept ProcessingCALEA · IPA · MLAT Lawful intercept ingestion, normalisation, retention for warrant-bound content. Includes minimization workflows, MLAT-evidence packaging, prosecutor-ready disclosure.
  • SS8 · Verint · Utimaco
  • NICE Actimize · Trovicor
  • ETSI TS 102 232 / 103 221 stacks
  • 3GPP LI architectures
 PR.DSPR.AC-1 ETSI TS 102 2323GPP TS 33.107 ISO 27001 A.5.34 CALEA 1994Wiretap Act 18 USC §2510-22FISA 50 USC §1801+ UK IPA 2016 Pt 2EU LED Art. 6/8 High
Federal & state task forces		 Rare Rare Rare
05AI SECURITY & GOVERNANCE
T2AI Red TeamingAdversarial robustness Adversarial testing of agency AI — prompt injection, jailbreaks, model extraction, evasion, training-data leakage, agentic exploit chains. Aligned to NIST AI 600-1 / OWASP LLM Top 10.
  • HiddenLayer · Robust Intelligence
  • Microsoft PyRIT · Counterfit
  • Garak · Promptfoo · Giskard
  • NVIDIA Garak · IBM ART
  • OWASP LLM Top 10 testbench
 ID.RAPR.IP-10 MITRE ATLASNIST AI 600-1OWASP LLM Top 10 NIST AI RMF MANAGEISO/IEC 42001 EO 14110 (rev'd)OMB M-24-10DoD CDAO RAI Toolkit EU AI Act Art. 15/55UK AI Safety Inst. High
Pre-deployment AI testing		 High
Project Maven-class systems		 High Anchor
ABMS · JADC2 ML
T2ML Model SecurityPipeline integrity ML supply-chain & model integrity protection — data poisoning detection, model inversion / membership inference defense, weights-tampering detection, model SBOMs.
  • Protect AI · CalypsoAI · HiddenLayer
  • Lakera Guard · Robust Intelligence
  • ML SBOM (CycloneDX-ML)
  • OpenSSF SLSA-AI · Sigstore
 PR.DSPR.IP-12DE.CM-8 MITRE ATLASNIST SP 800-218ASLSA ISO/IEC 42001CMMC L2 SI/CM EO 14110 §4.6 (model wt sec.)OMB M-24-10 EU AI Act Art. 15EU CRA Selective High High Anchor
T2Bias / Fairness AuditDemographic parity Independent bias auditing of operational AI — face/voice recognition, predictive analytics, risk-assessment tools. Demographic parity, equalised odds, calibration analysis, statutory-bias safeguards.
  • Fiddler AI · Arthur AI · Credo AI
  • IBM AIF360 · Microsoft Fairlearn
  • NIST FRVT demographic reports
  • Custom subgroup analysis pipelines
 GV.RMGV.SC NIST AI RMFISO/IEC TR 24027 ISO/IEC 42001NIST AI RMF MEASURE 14th Amend. EPCivil Rights Act Title VIEEOC AI guidance EU AI Act Art. 10/15UK Equality Act 2010 Anchor
FRT · risk tools		 Selective Selective High
T2AI Governance & AssuranceNIST AI RMF · ISO 42001 Programmatic AI governance — risk register, model inventory, lifecycle controls, third-party AI assurance, alignment to NIST AI RMF, ISO/IEC 42001, EU AI Act, OMB M-24-10.
  • Credo AI · Holistic AI · Saidot
  • OneTrust AI Governance
  • ServiceNow AI Control Tower
  • Custom GRC + ML registry
 GV (entire fn) NIST AI RMF (full)ISO/IEC 23894 ISO/IEC 42001SOC 2 (extended) EO 14110 (rev'd 2025)OMB M-24-10DoD RAI Strategy EU AI Act (full)UK pro-innovation paper High Anchor High Anchor
T3Synthetic Data GenerationPrivacy-preserving training Synthetic-data factories for AI training without PII exposure. Differential-privacy guarantees, utility benchmarking, statutory-disclosure-safe outputs.
  • Mostly AI · Gretel · Tonic.ai
  • NVIDIA Omniverse Replicator
  • SDV · Synthcity (open)
  • OpenDP / Google DP libraries
 PR.DS-5GV.RM NIST SP 800-188 (de-id) ISO/IEC 27559ISO/IEC 42001 Privacy ActHIPAA Safe Harbor GDPR Recital 26EU Data Act Selective High Selective High
T2PQC / Quantum ReadinessCrypto migration Crypto inventory, vulnerability assessment, hybrid & PQC migration roadmap aligned to CNSA 2.0 and NIST FIPS 203/204/205. Critical for long-life classified systems with HNDL exposure.
  • SandboxAQ · QuSecure · PQShield
  • Crypto4A · ISARA
  • OpenQuantumSafe (liboqs)
  • Microsoft / IBM PQC test suites
 PR.DS-1/2ID.AM-2 CNSA 2.0NIST FIPS 203/204/205NSM-10 FIPS 140-3CMMC L3 SC NSM-10 (2022)QCRP Act 2022CISA PQC Roadmap EU CRA · ENISA PQCUK NCSC PQC guide Selective Anchor
Long-life classified systems		 Anchor
Submarine comms		 Anchor
Space · ISR · nuclear C2
06CRITICAL INFRASTRUCTURE & OT / ICS SECURITY
T2Garrison & Base OT MonitoringFRCS · BMS · utilities OT-aware monitoring for installation utilities, building management, fuel depots, ammunition plants. Passive ICS monitoring with engineering-aware playbooks.
  • Dragos Platform · Claroty CTD/xDome
  • Nozomi · Armis · Microsoft Defender IoT
  • OT SOC integrations (Splunk add-ons)
  • UFC 4-010-06 / SP 800-82r3 mappings
 DE.CM-1/4PR.PT-4 ATT&CK ICSNIST SP 800-82r3UFC 4-010-06 IEC 62443-2-1/3-3CMMC L2 SI/CM FERC CIP (where ext.)DoDI 8530.01UFC 4-010-06 NIS2 Annex I/IIEU CER Directive Rare Anchor Anchor Anchor
T2Maritime IT/OT CyberVessel · port · AIS Maritime-specific cyber defense — shipboard IT/OT convergence, navigation/AIS integrity, port systems, undersea-cable monitoring, fleet shore-network resilience.
  • Dragos Maritime modules
  • HudsonCyber CyberOwl
  • Naval-specific overlays (SHIPS-OT)
  • AIS-anomaly: Spire · Windward
 DE.CMPR.PT ATT&CK ICS MaritimeIMO MSC.428(98) IEC 62443BIMCO Cyber GL USCG NVIC 01-20MTSADoDI 8500.01 IMO Resol. MSC.428(98)EU NIS2 maritime Selective
Port police		 Rare Anchor
Primary force		 Rare
T2Aviation / ATC CyberATC · airfield · avionics Aviation cyber defense — air-traffic control, ground control, airfield ICS, avionics supply chain, mission-planning system protection. Includes RTCA DO-326A alignment.
  • GE Cyber Aviation Suite
  • Honeywell Forge Cybersecurity
  • Custom OT IDS (Claroty / Dragos)
  • Avionics SBOM tooling
 DE.CMPR.PT ATT&CK ICSRTCA DO-326A/356A IEC 62443DO-326A FAA Cyber StrategyDoDI 8500.01 EASA Part-ISICAO Annex 17 N/A Rare High
Naval aviation		 Anchor
Primary force
T3Connected Weapons PlatformsVehicle · ship · aircraft Cybersecurity assessment of connected weapons platforms — vehicles, ships, aircraft, ground combat systems, cybersecurity table-top & live-fire mission validation.
  • RunSafe · Tortuga Logic (silicon)
  • Custom platform red teams
  • Vehicle-specific test rigs
  • SBOM / component vetting
 PR.IP-10PR.PT DoD CIO Cyber SurvivabilityDoDI 5000.90 IEC 62443DoD JSIG DoDI 5000.90 (acq.)DoDI 8500.01CSCS NATO STANAG cyber survivability N/A Anchor Anchor Anchor
T3TEMPEST & TSCM AdvisoryEMSEC · counter-surveillance Emanations security & counter-surveillance partner-integrated advisory — facility certification, RF/IR sweep coordination, secure-room design, TS/SCI build-out support.
  • Partner-led RF/IR sweep delivery
  • NSA/CSS TEMPEST guidance
  • SCIF design per ICD 705
  • NSCS technical surveillance
 PR.PTPR.AC-2 NSTISSAM TEMPEST/1-92ICD 705 CNSSI 7000-series NSTISSAM TEMPEST/1-92ICD 705EO 13526 NATO SDIP-27 Rare Anchor Anchor Anchor
07COUNTER-DRONE & SPECTRUM DOMAIN
T2C-UAS Detection-Grade ServiceRF · radar · optical fusion Managed counter-UAS detection integrating RF, radar, EO/IR optical, acoustic. Mitigation typically partner-delivered (legal restrictions). Includes attribution & evidentiary chain.
  • DroneShield · Dedrone · Echodyne
  • Hidden Level · Robin Radar
  • Anduril Lattice C-UAS
  • Custom RF spectrum sensors
 DE.CMDE.AE DoD JCO C-UAS doctrineFAA UAS detection guide DoD JCO standards Preventing Emerging Threats Act 2018FAA Reauth. 2024 §120818 USC §32 EASA UAS reg.UK CAA airspace High
Prisons · stadiums · borders		 Anchor High
Pier · port		 Anchor
Air domain primary
T3Spectrum Monitoring & AnomalyEMS situational awareness Spectrum monitoring for unauthorized RF emitters, jamming detection, eavesdropping device sweeps, electromagnetic anomaly detection on installation perimeters.
  • Bastille · CRFS · Keysight Spectrum
  • SDR-based monitoring (USRP · HackRF)
  • Custom EMS analytics
  • NICT spectrum sensors
 DE.CM NIST SP 800-86DoD JEMSO doctrine CNSSI 7003 Communications Act §30147 USC §333FCC enforcement ITU Radio Regulations Rare High High Anchor
T3GPS Spoofing / Jamming DetectionPNT integrity PNT integrity monitoring — GPS spoofing & jamming detection for fleet, aircraft, base ops, including alternative PNT (eLORAN, GPS-anti-spoof) advisory.
  • Spirent / Orolia (Safran)
  • Septentrio · NovAtel
  • Custom GNSS anomaly analytics
  • SAASM / M-Code receivers
 DE.CMPR.PT DoD PNT policyDHS RPI v2 CNSSI 7003 EO 13905 (RPI)DoDI 4650.08 EU Galileo PRSUK NCSC GNSS Rare High Anchor
Navigation safety		 Anchor
Mission planning
08IDENTITY, ZERO TRUST & SOVEREIGN CLOUD
T1Zero Trust ArchitectureNIST 800-207 · DoD ZTA ZTA design, implementation & managed enforcement across identity, device, network, application, data & analytics pillars. Aligned to DoD ZT Reference Architecture v2.0 & CISA ZTMM v2.
  • Zscaler ZIA/ZPA · Netskope · Palo Alto
  • Microsoft Entra · Okta · Ping
  • Illumio · Akamai Guardicore
  • Cloudflare One · Cisco Duo
 PR.AC (full)PR.PT-3 NIST SP 800-207DoD ZT RA v2.0CISA ZTMM v2 CMMC L2/L3 ACFedRAMP M/HSOC 2 CC6 EO 14028 §3OMB M-22-09DoD ZT Strategy 2022 UK NCSC ZT principlesEU NIS2 Art. 21 High Anchor Anchor Anchor
T2PIV / CAC / Derived CredentialsFIPS 201 · FICAM Credential lifecycle management — PIV/CAC issuance, derived mobile credentials, FIDO2 / passkeys, attribute-based access control. Aligned to FIPS 201-3 & DoD ICAM RD.
  • Entrust IDG · Idemia
  • SailPoint · Saviynt (gov)
  • HID Crescendo · Yubico FIPS
  • Microsoft Entra Verified ID
 PR.AC-1/6 FIPS 201-3NIST SP 800-63-4 FedRAMP HFICAM HSPD-12FISMADoDI 1000.13 eIDAS 2.0 (EU)UK GOV.UK Verify High Anchor Anchor Anchor
T2Privileged Access ManagementTier 0 · admin · session PAM for high-value administrators on classified & unclassified estates — vaulting, session monitoring, just-in-time access, privileged-task automation, admin-tier-zero protection.
  • CyberArk · BeyondTrust · Delinea
  • HashiCorp Boundary · Teleport
  • SailPoint Privileged · Saviynt
  • Custom JIT workflows
 PR.AC-4PR.PT-3 NIST SP 800-53 AC-6CIS Control 6 CMMC L2/L3 AC.L2-3.1.5PCI DSS 7 EO 14028FISMA UK CAF Obj B2 High Anchor Anchor Anchor
T1Sovereign / Air-Gapped CloudIL4 · IL5 · IL6 · top-secret Sovereign / classified cloud landing zones — AWS GovCloud, Azure Government / IL5/IL6, Oracle Gov, with secure landing zone design, ICAM integration, cross-domain solutions.
  • AWS GovCloud · Azure Gov / DoD
  • Oracle Gov · GCP Assured Workloads
  • Cross-Domain: Forcepoint · Owl
  • Crypto: Thales Luna · AWS CloudHSM
 PR.ACPR.DSPR.PT DoD CC SRG IL4-6CNSSI 1253 FedRAMP H · DoD IL4-6FISMA High FedRAMP Authoriz. ActDoD CIO Cloud StrategyEO 13526 (classification) EUCS (forthcoming)UK G-Cloud / OFFICIAL-SENSITIVE High
CJIS-cloud workloads		 Anchor Anchor Anchor
T1Compliance EngineeringCMMC · FedRAMP · CJIS Programmatic compliance delivery — CMMC L2/L3 readiness, FedRAMP M/H authorization, CJIS Sec Policy v6 attestation, SOC 2, ISO 27001, supply-chain & SBOM.
  • Drata · Vanta · Hyperproof · Tugboat
  • Telos Xacta · CertWA · CSAM
  • Compliance-as-code (OSCAL)
  • Continuous-control monitoring
 GV (full) OSCALCSF 2.0 CMMC · FedRAMP · CJIS · ISO · SOC 2 FAR / DFARS 252.204-7012FISMACMMC Final Rule (32 CFR Part 170) EU NIS2 Art. 21UK Cyber Essentials Plus Anchor
CJIS-bound		 Anchor Anchor Anchor
09TRAINING & CAPACITY BUILDING
T2Curricula & CertificationsNICE · DoD 8140 Custom training curricula for cyber investigators, forensic examiners, intel analysts. Cert-aligned (CFCE, GCFA, GCFE, OSCP, CISSP, CCFP) with academic-to-practitioner progression.
  • SANS / GIAC pathways
  • IACIS · Magnet Forensics Academy
  • Cellebrite Academy · Offensive Sec.
  • Custom LMS (Moodle / Cornerstone)
 PR.AT (full) NICE FrameworkDoDM 8140.03 ISO 27001 A.6.3CMMC AT.L2 DoDM 8140.03EO 13870 ENISA ECSF Anchor Anchor Anchor Anchor
T2Cyber Range ExercisesRed · blue · purple · joint Live-fire range exercises — joint inter-agency, red/blue/purple, scenario-based mission rehearsal, capability assessment. Custom adversary emulation per agency threat model.
  • SimSpace · Cyberbit · CYBER RANGES
  • Persistent Cyber Training Env.
  • RangeForce · Hack The Box
  • Custom CALDERA / Atomic libs
 PR.AT-2PR.IP-9 ATT&CK EvalsNICE Framework CMMC AT.L2 DoDM 8140.03 NATO Locked Shields Selective Anchor High High
T3Tabletop & WargamingCyber + influence + kinetic Multi-domain wargaming — cyber-influence-kinetic scenario crossover, with executive C-suite participation, ministerial-level decision-flow rehearsal, after-action capture.
  • Custom scenario design + facilitation
  • NIST SP 800-84 alignment
  • CISA TTX templates
  • NATO multi-domain scenarios
 RC.IM-2PR.IP-10 NIST SP 800-84 ISO 22301 BCM EO 14028 §6 NATO CMX series High Anchor High High
T1CoE / DFL EstablishmentLab-as-a-service Centre-of-Excellence build-out for cyber, AI, digital forensics, or counter-disinformation. Includes governance, tooling, accreditation, talent pipeline, financial & operating model.
  • Programmatic build-out methodology
  • Reference architectures · vendor matrix
  • QMS / SOP libraries
  • Talent & cert. pipeline design
 GV (full)PR.AT NIST CSF · ISO 27001SWGDE / OSAC standards ISO 17025 · ISO 27001 · ISO 42001CMMC L2/L3 FISMADoDM 8140.03 ENFSI · ILAC MRA Anchor Anchor Anchor Anchor
10ADVISORY & PROGRAMMATIC SERVICES
T2vCISO / CISO-as-a-ServiceFractional executive Fractional CISO leadership for smaller commands, sheriff's offices, fusion centers, or specialized programs lacking full-time C-suite cyber leadership. Includes board-level reporting.
  • vCISO frameworks · maturity tools
  • BoardClick · Diligent
  • Custom risk register · KRI dashboards
 GV (full) NIST CSF 2.0FAIR ISO 27001 · SOC 2 FISMAEO 14028 UK CAF Obj A Anchor
Mid/small agencies		 Selective Selective Selective
T3Cyber Strategy & DoctrineCapability planning Multi-year cyber strategy & doctrine development — capability roadmaps, investment cases, mission-thread analysis, force-design integration, doctrine refresh.
  • Strategic-planning frameworks
  • Cap. portfolio mgmt · POM cycles
  • Big Four-style maturity models
 GV.OCGV.SC NIST CSF 2.0DoD JCIDS ISO 27001 · ISO 22301 FISMADoDD 8140.01National Cyber Strategy NATO Cyber Defence Pledge High Anchor Anchor Anchor
T2Maturity & Capability AssessmentCSF · C2M2 · CMMI-cyber Maturity assessments against NIST CSF 2.0, C2M2, mission-specific maturity models. Includes gap analysis, prioritized investment plan, board-ready scoring.
  • NIST CSF / C2M2 toolkits
  • RSA Archer · ServiceNow GRC
  • Custom scoring frameworks
  • FAIR risk quantification
 GV.RMID.GV CSF 2.0 · C2M2 v2.1CMMI Cybermaturity ISO 27001 · CMMC L2/L3 EO 14028 §3FISMA UK CAF · ENISA NCAF High Anchor Anchor Anchor
T3IV&V & Cyber Insurance AdvisoryIndependent assurance Independent verification & validation for major cyber programs; cyber-insurance underwriting support & claim assistance; merger-cyber due diligence.
  • Independent assessor playbooks
  • Cyber-insurance schemas (NetD)
  • Custom IV&V methodology
 GV.RMID.SC NIST SP 800-37 (RMF) ISO 27001 · SOC 2 SEC Cyber Disclosure (2023)FAR Part 39 UK SOX-cyber High High High High
ΣFORCE PORTFOLIO MIX
Primary service mixHighest-fit anchor lines Force-by-force priority bundle — services with Anchor rating dominate first 24 months of engagement; High services are recurring T2 lines; selective & rare are project-by-project.
  • DFIR (computer · mobile · console · vehicle)
  • Crypto / blockchain forensics
  • Dark-web investigation
  • Body-cam / CCTV triage + C2PA
  • FRT / ANPR / voice biometrics
  • Election infra protection
  • AI-CSAM triage · ICAC support
  • vCISO & CJIS compliance
  • Cleared SOC + tactical SOC
  • VM/ASM · pentest · cyber range
  • Connected weapons platform sec.
  • Garrison OT · TEMPEST
  • C-UAS · spectrum · PNT
  • ZTA · PIV/CAC · sovereign cloud
  • AI red team · ML model security
  • Strategy / doctrine / IV&V
  • Cleared SOC + fleet/shore consolidation
  • Maritime IT/OT · AIS integrity
  • GPS/PNT integrity (navigation)
  • Connected ship platforms
  • Submarine PQC migration
  • ZTA · PIV/CAC · IL5/6 cloud
  • TEMPEST · TSCM
  • Strategy / maturity assessment
  • Cleared SOC + AOC support
  • Aviation/ATC cyber · DO-326A
  • C-UAS · spectrum monitoring
  • GPS/PNT integrity (mission)
  • AI red team — ABMS / JADC2
  • ML model security · ATLAS
  • Counter-disinfo (16 AF / IO)
  • Multi-modal investigation graphs
SCOPE: Capability map covering 58 MSSP service lines across 10 mission domains, mapped against tooling, NIST CSF 2.0, MITRE ATT&CK / D3FEND / ATLAS, GRC frameworks, US federal statute, and international alignment, with applicability ratings for Police, Army, Navy, and Air Force buyers.  |  TIER LOGIC: T1 = Anchor service (multi-year, foundational, >30% revenue line); T2 = Recurring engagement (annual/quarterly retainer); T3 = Project-based (episodic, specialist).  |  FORCE FIT: Anchor = primary mission relevance & recurring buy; High = significant relevance, common procurement; Selective = scenario-driven; Rare = exceptional procurement; N/A = out of mission scope.  |  CLEARANCE PIPELINE: Federal LEA / DoD lines require a cleared workforce mix (Secret · TS · SCI). BIG IT's SBA 8(a) status enables sole-source set-asides up to $4.5M (services) under FAR 19.8, and unlimited via 8(a) competition; CMMC L2 (minimum) and FedRAMP Moderate are gating credentials for hosted offerings.  |  STATUTORY DISCLAIMER: Statute and regulation references are illustrative for service-design discussion only; jurisdictional applicability, contract scope, and case-specific facts must be validated by competent counsel before any service delivery touches regulated content. Export-controlled tooling (ITAR/EAR/Wassenaar) requires separate licensure analysis. AI-system services involving third-party data, biometric processing, or covered persons require DPIA / PIA and may engage state BIPA-equivalents.  |  FRAMEWORK BASIS: NIST CSF 2.0 (Feb 2024) functions are Govern · Identify · Protect · Detect · Respond · Recover. MITRE ATT&CK Enterprise v15+, ATT&CK ICS, ATT&CK Mobile, D3FEND v0.16+, ATLAS v4+, CAPEC v3.9+.  |  Prepared by BIG IT Networks · Federal & Defense Cyber Practice · Pre-Sales Intelligence Unit · May 2026 · Capability Map v1.0