Our Services
Learn More
We're a service-disabled, veteran-owned, HUBZone certified, small business, headquartered in Huntsville, Alabama, that provides cybersecurity and information assurance services and support.

Our Services

H2L strives to deliver the best security posturing in a package that is amiable and knowledgeable.

Penetration Testing

Evaluating the effectiveness of system security through external and/or internal authorized simulated cyberattacks.

Security Controls Assessment

Assessing and improving security requirements applicable for your organization/project.

Software Development

Designing and developing software packages while adhering to security best practices and software assurance requirements.

nist 800-171

Generating reports detailing compliance versus non-compliance for each NIST SP 800-53 Control Correlation Identifier (CCI).


Leading the Pre-Cybersecurity Maturity Model Certification process in preparation for a CMMC Audit.

DFARS 256.204-7012

Using the NIST 800-171, we conduct gap analysis and create plans of actions striving for compliance of all 110 security requirements.

Risk Management Framework

Guiding through categorization, migrating from DIACAP to RMF, implementing and preparing for an ATO.

Architecture & Engineering

Ensuring compliance with DoD standards at any stage of the building project.

  • Red Team Services
  • External Penetration Tests​
  • Internal Penetration Tests​
  • Web Application Tests​
  • Social Engineering Campaign​
  • Phishing Campaign​
    • Executive Report​
    • Technical Report
      • Mitigation Strategies​
      • Technical Recommendations
  • On-Site Pre-Inspections
  • Automated and Manual STIG Checklists​
  • Recommendations for Mitigation or Remediation​
  • SCAP, ACAS/Nessus Scans​
  • Personnel Interviews​
  • Physical Security Walk-Throughs​
  • eMASS Subject Matter Expertise​
  • Documentation Review​
  • Review of Self-Assessment of Controls​
  • Risk Assessment Workbook (RAW)
  • Identify Security Requirements
  • Implement Best Practices
  • Product and Application Development
  • Implementation of SDLC Models to Manage Engineering Projects​
  • Troubleshoot, Debug, and Implement Software Code​
  • Meet Software Assurance Requirements
  • Compliance GAP Analysis​
  • Policies, Procedures, Processes and Plan Documentation Development​
  • CUI Data Classification & Management​
  • Cyber Incident Response Plan Development
  • Subcontractor Compliance Management
  • NIST 800-171 Implementation
  • Vulnerability Assessment
  • Security Consulting
  • RMF Categorization Guidance​
  • Migration from DIACAP to RMF​
  • RMF Implementation Plan​
  • Risk Assessment​
  • Package Creation​
    • Artifact Development​
    • System Security Plan​
    • STIG Implementation​
    • IAVA updates
  • eMASS Navigation
  • POA&M Management
  • Service during Design, Construction, and Commissioning​
  • Implementation of UFC 4-010-06​
  • Unified Facilities Guide Specifications (UFGS) Tailoring for Facility-Related Control Systems (FRCS)​
  • Security Controls Selection and CCI Lists​
  • Policies and Plans (e.g. SSP, POA&M, SAP)​
  • Equipment Hardening​
  • Scans and Checklists​
  • Performance and Functional Testing