Government Services · SDVOSB· VOSB
CISO-level GRC and AI governance for the public sector
Founded in 2003, VAST Management Corp., an SDVOSB (Service-Disabled Veteran-Owned Small Business) and VOSB (Veteran-Owned Small Business), delivers Governance, Risk, and Compliance consulting, AI governance, and IT program management to federal, state, local, tribal, and territorial agencies and corporations.
NIST AI RMF
ISO/IEC 42001
FISMA · FedRAMP
OMB M-25-21 / 22
Company Snapshot
- President & CEO
- Dr. Noel G. Alexander
- Established
- 2003
- CAGE Code
- 20SA4
- Unique Entity ID
- ZKH3ZV6L4JK4
- FEIN
- 20-0312439
- Certifications
- SDVOSB · VOSB
- Credentials
- C|CISO · CISSP · PMP
Core Competencies
End-to-end GRC depth across the federal enterprise
Nine practice areas spanning cybersecurity governance, AI oversight, compliance and authorization, resilience, and program delivery, led by a doctoral-level CISO.
AI Governance, Strategy & Security
- NIST AI RMF & ISO/IEC 42001 implementation
- OMB M-25-21 / M-25-22 compliance & AI use-case inventory
- AI policy, acceptable use & ethics frameworks
- AI vendor & model risk assessments
AI Governance Training & Workforce
- Ten-course self-paced Federal AI Governance series
- Every course operationalizes current EO, NIST, FISMA & FedRAMP authorities
- Companion study guides & role-based paths
Cybersecurity Governance & Strategy
- Fractional / Virtual CISO (vCISO) advisory
- Cybersecurity strategy & roadmap development
- Policy & standards development
- Executive & board-level cyber risk reporting
Compliance, Risk & Assessment
- Enterprise cyber risk management programs
- NIST RMF implementation & ATO support
- C-SCRM & third-party risk (NIST SP 800-161)
- NIST SP 800-53 & CSF control assessments
FedRAMP Advisory
- FedRAMP & StateRAMP package development
- System Security Plan (SSP) & boundary documentation
- 3PAO coordination & assessment support
- Cloud security architecture & SaaS risk reviews
Security Program Development
- FISMA-aligned information security program build-out
- Zero Trust architecture strategy (OMB M-22-09)
- ICAM & PIV/CAC-aligned identity governance
Incident Response & Resilience
- IR plan development & testing
- Tabletop exercises & crisis simulations
- Business continuity & disaster recovery planning
- Breach notification & CISA / CIRCIA coordination
Workforce & Knowledge Transfer
- NICE Framework-aligned role-based training
- Annual security awareness program development
- Executive & senior leader cyber briefings
- Internal security team coaching
IT Project & Program Management
- PMP-aligned IT project & program management
- Agile, SAFe & Waterfall delivery
- Earned Value Management & schedule risk analysis
Signature Interest
The AIGRF: a reproducible score, not a consultant opinion
VAST’s AI Governance and Risk Framework is a deterministic assessment that produces an auditable AI Risk Index (ARI) on a 0 to 100 scale. Every control maps to binding federal authority, giving an authorizing official evidence they can defend.
- 84 controls across 14 governance domains
- Mapped to EO 14179, the OMB AI memos, NIST AI RMF, and the 800-series
- Five CMMI-aligned maturity tiers, from Initial to Optimized
- Repeatable, evidence-based, and defensible under audit
Core Competencies
End-to-end GRC depth across the federal enterprise
Nine practice areas spanning cybersecurity governance, AI oversight, compliance and authorization, resilience, and program delivery, led by a doctoral-level CISO.
Core Competencies
CodeWeTrust c2m
Nine practice areas spanning cybersecurity governance, AI oversight, compliance and authorization, resilience, and program delivery, led by a doctoral-level CISO.
- Blind-audit and on-premise deployment protect source-code IP
- AI-generated code vetting for the modern SDLC
- SBOM output in both SPDX and CycloneDX formats
- Supports compliance decisions throughout the software lifecycle
Why VAST
Doctoral-level CISO leadership
Agencies engage a single accountable practitioner-scholar rather than a rotating bench, backed by more than two decades of GRC delivery across federal, commercial, and global enterprises.
- Fractional vCISO model: full CISO depth at a fraction of the cost
- Advisory leadership on NIST AI RMF, ISO/IEC 42001, and the OMB AI memos
- End-to-end coverage from strategy through authorization and training
- Certified SDVOSB and VOSB set-aside eligibility
Credentials & Authorities
Certified leadership, aligned to federal mandates
C|CISO
Certified Chief Information Security Officer
CISSP
Certified Information Systems Security Professional
PMP
Project Management Professional
CPC
Certified Professional Coach
NIST AI RMF
NIST SP 800-53
OMB M-25-21 / M-25-22
FISMA
FedRAMP
StateRAMP
EO 14179
EO 14028
CIRCIA
ISO/IEC 42001
Contracting Profile
NAICS codes
Aligned to the services agencies procure most often across GRC, engineering, consulting, and workforce training.
541512 Computer Systems Design Services
541611 Administrative Management & General Management Consulting
541330 Engineering Services
541618 Other Management Consulting Services
541690 Other Scientific & Technical Consulting Services
541519 Other Computer Related Services
611430 Professional & Management Development Training
611420 Computer Training
Signature Instrument
The AIGRF: a reproducible score, not a consultant opinion
Request a capability briefing, a teaming discussion, or a walkthrough of the AIGRF instrument for your agency.