Government Services · SDVOSB· VOSB

CISO-level GRC and AI governance for the public sector

Founded in 2003, VAST Management Corp., an SDVOSB (Service-Disabled Veteran-Owned Small Business) and VOSB (Veteran-Owned Small Business), delivers Governance, Risk, and Compliance consulting, AI governance, and IT program management to federal, state, local, tribal, and territorial agencies and corporations. 

NIST AI RMF

ISO/IEC 42001

FISMA · FedRAMP

OMB M-25-21 / 22

Company Snapshot

President & CEO
Dr. Noel G. Alexander
Established
2003
CAGE Code
20SA4
Unique Entity ID
ZKH3ZV6L4JK4
FEIN
20-0312439
Certifications
SDVOSB · VOSB
Credentials
C|CISO · CISSP · PMP
CAGE 20SA4 UEI ZKH3ZV6L4JK4 SDVOSB / VOSB Certified Est. 2003
noelga@vastmanagementcorp.com  ·  516-449-7411
Core Competencies

End-to-end GRC depth across the federal enterprise

Nine practice areas spanning cybersecurity governance, AI oversight, compliance and authorization, resilience, and program delivery, led by a doctoral-level CISO.

AI Governance, Strategy & Security

  • NIST AI RMF & ISO/IEC 42001 implementation
  • OMB M-25-21 / M-25-22 compliance & AI use-case inventory
  • AI policy, acceptable use & ethics frameworks
  • AI vendor & model risk assessments

AI Governance Training & Workforce

  • Ten-course self-paced Federal AI Governance series
  • Every course operationalizes current EO, NIST, FISMA & FedRAMP authorities
  • Companion study guides & role-based paths

Cybersecurity Governance & Strategy

  • Fractional / Virtual CISO (vCISO) advisory
  • Cybersecurity strategy & roadmap development
  • Policy & standards development
  • Executive & board-level cyber risk reporting

Compliance, Risk & Assessment

  • Enterprise cyber risk management programs
  • NIST RMF implementation & ATO support
  • C-SCRM & third-party risk (NIST SP 800-161)
  • NIST SP 800-53 & CSF control assessments

FedRAMP Advisory

  • FedRAMP & StateRAMP package development
  • System Security Plan (SSP) & boundary documentation
  • 3PAO coordination & assessment support
  • Cloud security architecture & SaaS risk reviews

Security Program Development

  • FISMA-aligned information security program build-out
  • Zero Trust architecture strategy (OMB M-22-09)
  • ICAM & PIV/CAC-aligned identity governance

Incident Response & Resilience

  • IR plan development & testing
  • Tabletop exercises & crisis simulations
  • Business continuity & disaster recovery planning
  • Breach notification & CISA / CIRCIA coordination

Workforce & Knowledge Transfer

  • NICE Framework-aligned role-based training
  • Annual security awareness program development
  • Executive & senior leader cyber briefings
  • Internal security team coaching

IT Project & Program Management

  • PMP-aligned IT project & program management
  • Agile, SAFe & Waterfall delivery
  • Earned Value Management & schedule risk analysis
Signature Interest

The AIGRF: a reproducible score, not a consultant opinion

VAST’s AI Governance and Risk Framework is a deterministic assessment that produces an auditable AI Risk Index (ARI) on a 0 to 100 scale. Every control maps to binding federal authority, giving an authorizing official evidence they can defend.

  • 84 controls across 14 governance domains
  • Mapped to EO 14179, the OMB AI memos, NIST AI RMF, and the 800-series
  • Five CMMI-aligned maturity tiers, from Initial to Optimized
  • Repeatable, evidence-based, and defensible under audit
0 100
AI Risk Index (ARI)
84 Controls
14 Domains
5 Tiers
Core Competencies

End-to-end GRC depth across the federal enterprise

Nine practice areas spanning cybersecurity governance, AI oversight, compliance and authorization, resilience, and program delivery, led by a doctoral-level CISO.

Core Competencies

CodeWeTrust c2m

Nine practice areas spanning cybersecurity governance, AI oversight, compliance and authorization, resilience, and program delivery, led by a doctoral-level CISO.

  • Blind-audit and on-premise deployment protect source-code IP
  • AI-generated code vetting for the modern SDLC
  • SBOM output in both SPDX and CycloneDX formats
  • Supports compliance decisions throughout the software lifecycle
Why VAST

Doctoral-level CISO leadership

Agencies engage a single accountable practitioner-scholar rather than a rotating bench, backed by more than two decades of GRC delivery across federal, commercial, and global enterprises.

  • Fractional vCISO model: full CISO depth at a fraction of the cost
  • Advisory leadership on NIST AI RMF, ISO/IEC 42001, and the OMB AI memos
  • End-to-end coverage from strategy through authorization and training
  • Certified SDVOSB and VOSB set-aside eligibility
Credentials & Authorities

Certified leadership, aligned to federal mandates

C|CISO

Certified Chief Information Security Officer

CISSP

Certified Information Systems Security Professional

PMP

Project Management Professional

CPC

Certified Professional Coach

NIST AI RMF

NIST SP 800-53

OMB M-25-21 / M-25-22

FISMA

FedRAMP

StateRAMP

EO 14179

EO 14028

CIRCIA

ISO/IEC 42001

Contracting Profile

NAICS codes

Aligned to the services agencies procure most often across GRC, engineering, consulting, and workforce training.

541512 Computer Systems Design Services

541611 Administrative Management & General Management Consulting

541330 Engineering Services

541618 Other Management Consulting Services

541690 Other Scientific & Technical Consulting Services

541519 Other Computer Related Services

611430 Professional & Management Development Training

611420 Computer Training

Signature Instrument

The AIGRF: a reproducible score, not a consultant opinion

Request a capability briefing, a teaming discussion, or a walkthrough of the AIGRF instrument for your agency.


Dr. Noel G. Alexander · President & CEO  | 
noelga@vastmanagementcorp.com  |  516-449-7411