The USX Cyber Delivery Framework

Define the Boundary. Engineer the Program. Prove It Continuously.

Every failed audit and every avoidable breach traces back to the same root cause: uncertainty about what needed protected in the first place. Our delivery framework is a cybersecurity engineering methodology that removes that uncertainty — before a single piece of technology is deployed — then builds, governs, and operates the program it defines.

USX CYBER — DELIVERY FRAMEWORK
01 Discovery What exists
02 Scope Determination What's in / out
03 Boundary Analysis Where the line sits
04 Architecture Design before tools
05 Technical Implementation Build to the design
06 Governance Own every control
07 Continuous Monitoring 24/7 operations
08 Continuous Compliance Always audit-ready
8 Engineering Phases
1 Accountable Delivery Team

You can't defend a boundary you haven't defined. Engineering comes first. Technology follows.

Start With Discovery →
// Why This Methodology

Security failures are rarely technology failures. They're scoping failures.

The cybersecurity market sells tools. But a tool deployed against an undefined boundary protects the wrong things, misses the right ones, and inflates cost in every direction — licensing, audit scope, and operational overhead. Organizations don't fail CMMC assessments because they lacked software. They fail because nobody did the engineering: nobody mapped where CUI actually flows, nobody rationalized the boundary, nobody designed the architecture the controls were supposed to live in.

USX Cyber is an engineering organization. We treat a cybersecurity program the way a civil engineer treats a bridge: survey the ground, define the load, design the structure, then build it — in that order. Reducing uncertainty is the deliverable. Everything else, including the technology, follows from it.

That discipline pays for itself. A properly scoped enclave can cut an assessment boundary dramatically. A deliberate architecture eliminates redundant tooling. A governed program survives staff turnover and auditor scrutiny. This is why clients trust us before they ever see the platform.

?

What actually needs protected? Not every system carries regulated data or mission risk. We find the ones that do.

?

What is in scope — and what can be taken out? Every system removed from scope is cost, audit burden, and attack surface removed with it.

?

Where is the regulatory boundary? CUI enclaves, CMMC assessment scope, HIPAA environments — the line must be drawn on evidence, not assumption.

?

Where should controls be implemented? Control placement is an architecture decision. Made early, it's cheap. Made late, it's a re-build.

?

What architecture comes before what technology? Tools serve the design — never the other way around.

// The Delivery Framework

Eight Phases. One Engineering Discipline.

Every USX Cyber engagement follows the same delivery framework — whether the objective is CMMC Level 2 certification, a NIST 800-53 aligned program, operational technology security, or a ground-up cybersecurity program for a growing contractor. Phases build on each other; none are skipped.

1
Understand

Discovery

We map the organization as it actually operates — contracts and regulatory obligations, missions, data flows, systems, identities, facilities, and third-party connections. Discovery is evidence-gathering, not a sales survey: its output is a defensible picture of what exists, what matters, and what the program must account for.

Deliverable: Environment & obligation map, data flow inventory
2
Define

Scope Determination

From the discovery evidence, we determine what is in scope for security and compliance obligations — systems, people, processes, and facilities — and, just as deliberately, what is out. Scope is where programs are won or lost: unnecessary scope multiplies cost and audit exposure; missed scope produces findings and breaches.

Deliverable: Scoping memorandum with in/out rationale for every asset class
3
Define

Boundary Analysis

We draw the regulatory and authorization boundary — where CUI or regulated data lives, where it crosses systems, and where controls must be enforced. Where the boundary is larger than it needs to be, we engineer it smaller: enclave designs, segmentation strategies, and data flow changes that shrink the assessed environment without disrupting the business.

Deliverable: Boundary diagram, enclave / segmentation recommendations
4
Design

Architecture

With the boundary defined, our security engineers design the architecture: network segmentation, identity and access design, data protection, logging and telemetry, and the placement of every required control — mapped to NIST 800-171, NIST 800-53, or the frameworks that govern you. This is where the right answers get cheap. Technology selection happens here, at the end of design — never at the beginning.

Deliverable: Security architecture & control placement design
5
Build

Technical Implementation

Our engineers build what the architecture specifies — hardening systems, implementing segmentation, deploying controls, and standing up GUARDIENT®, the platform that becomes the operational layer of the program: XDR detection, SIEM telemetry, SOAR response, and GRC evidence capture, all aligned to the control set designed in Phase 4.

Deliverable: Implemented control environment, platform live
6
Govern

Governance

A program without ownership decays. We establish the governance layer — System Security Plans, POA&Ms, policies and procedures, risk assessments, and named control ownership — so every control has an owner, every exception has a plan, and the program remains defensible through personnel changes and assessor scrutiny.

Deliverable: SSP, POA&M, policy set, risk register, control ownership map
7
Operate

Continuous Monitoring

The program goes live under 24/7 operations. Our U.S.-based OverWatch SOC monitors the environment around the clock — detection, investigation, and response executed by analysts who know your boundary because our engineers drew it. Monitoring is mapped to the control set, so operations and obligations never drift apart.

Deliverable: 24/7 SOC coverage, incident response, threat management
8
Prove

Continuous Compliance

Compliance becomes an operational state, not an annual event. Because the program runs on GUARDIENT®, every security operation produces evidence mapped to CMMC, NIST 800-171, SOC 2, and the rest of your frameworks. Control drift surfaces the day it happens. When the assessor arrives, the audit binder already exists — because the program built it while it ran.

Deliverable: Live compliance posture, continuously assembled audit evidence
// What You Get

Certainty, Delivered in Writing.

Each phase produces engineering artifacts your leadership, your primes, and your assessors can act on. By the end of the framework, the questions that stall most security programs have documented answers.

🗺️

A Defensible Scope

Every system's in-or-out status is documented with rationale — the difference between negotiating with an assessor and being surprised by one.

📐

An Engineered Boundary

A regulatory boundary drawn on data flow evidence, engineered as small as the mission allows — reducing cost, audit burden, and attack surface together.

🏗️

Architecture Before Tooling

A control placement design that tells you exactly what technology is required, what isn't, and why — before a dollar of licensing is spent.

📋

A Governed Program

SSPs, POA&Ms, policies, and named control owners — the governance layer that keeps the program standing when people and systems change.

🛰️

Operations That Match the Design

A 24/7 U.S.-based SOC monitoring the exact boundary and control set the engineering phases defined — no gap between plan and practice.

Evidence Without the Scramble

Continuous compliance means assessment prep stops being a once-a-year emergency. The evidence exists because the program generated it while operating.

// Where the Platform Fits

GUARDIENT® is how the program runs. The methodology is why it works.

We built GUARDIENT® because operating an engineered program with disconnected tools reintroduces the very uncertainty the framework removes. The platform unifies XDR, SIEM, SOAR, and GRC on one data layer, so the controls our engineers design in Phase 4 are the same controls the platform enforces, monitors, and evidences in Phases 5 through 8.

But the platform is Phase 5 — not Phase 1. We will never lead with software, because software can't tell you where your boundary is. Engineers can.

Designed Controls, Enforced Continuously

The architecture's control placement maps one-to-one into GUARDIENT® — enforcement, monitoring, and evidence share the same definition of every control.

Operations Feed Compliance Automatically

Every detection, response, and configuration change the platform executes is captured as framework-mapped evidence — continuous compliance as a byproduct of operations.

One Accountable Team

The engineers who scoped your boundary, the analysts watching it, and the platform enforcing it belong to the same organization. No vendor seams. No finger-pointing.

GUARDIENT® — the operational platform behind the USX Cyber Delivery Framework

Start with the
questions — not
the quote.

A scoping consultation with a USX Cyber engineer costs you an hour and answers the questions a proposal never will: what's actually in scope, where your boundary should sit, and what a right-sized program looks like. No platform pitch until the engineering says you need one.

Dynamic Defense — USX Cyber
Get Started

Request a Scoping Consultation

Tell us who you are and we'll schedule a working session with our engineering team — your contracts, your environment, your boundary.

Explore Our Services