News & Events

BD Pro Inc. – Technical Report – EU GDPR and related compliance by Trend Micro (User Protection Solution / Smart Protection Suites) products: Control Manager 6 SP3, OfficeScan XG, Cloud App Security, IMSVA 9.1, SMEX 12 SP1, Hosted Email Security and Portal Protect 2.1.
6 April 2017

BD Pro has prepared the following compliance analysis report for Trend Micro.

  • EU General Data Protection Regulation – Trend Micro Product Portfolios (User Protection Solution / Smart Protection Suites)

The target audience of the introductory section of this paper are senior level executives of the global Enterprises performing in the roles of GDPR Controllers and Processors, which will be required to comply with the GDPR.

The detailed compliancy table is intended to be used by security architects, risk management staff and Data Protection Officers in the conduct of required Data Protection Impact Assessments … and the related selection of security measures (and security products) to help mitigate risks to personal data and to achieve and maintain GDPR compliancy.


BD Pro Inc.  provided NIST with comments for consideration in Revision 5 of Special Publication 800-53.
30 March 2016

These BD Pro comments were prepared in response to the Revision 5 Pre-Draft Call for Comments.


BD Pro Inc. – Updated Whitepaper – Mapping of ITSG-33 (2014) to SP 800-53 Revision 4 Security Controls
20 February 2016

IT security practitioners often use the set of CSE ITSG-33 standards to define and satisfy standard groupings (i.e. “security control profiles”) of security controls. The ITSG-33 security controls are related to, but not always identical to the controls listed in the NIST SP 800-53 publication. There are situations where security practitioners can benefit from knowledge of the similarities and differences of each standard. BD Pro has updated its April 2013 whitepaper to facilitate this work.

This update addresses changes introduced in the most current versions of both standards and includes a consolidation of guidance details from three separate and large ITSG-33 annexes.

The BD Pro Mapping Table is also intended to facilitate logical and focused consideration of candidate SP 800-53 controls, when tailoring ITSG-33 security control profiles to mitigate security risks. A related objective is to leverage the work of other organizations and sectors that have developed security guidance documents based on the SP-800-53 security controls catalogue and security control baselines. For each security control, the relevant SP 800-53 security control baselines and selected example third-party business domain specific security control baselines (aka overlays) are also included in the Mapping Table.

  • CNSSI 1253, Security Categorization and Control Selection for National Security Systems, 27 Mar 2014;
  • Federal Risk and Authorization Management Program (FedRAMP) Security Controls Baseline, Jun 2014;
  • NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, 3 Sep 2015; and
  • NIST SP 800-82, Revision 2, Guide to Industrial Control Systems (ICS) Security, May 2015.

BD Pro Inc.  – Whitepaper –  NIST Framework for Improving Critical Infrastructure Cybersecurity and related compliance by Trend Micro Product Portfolios
24 June 2015

BD Pro has prepared the following security standards compliance analysis report for Trend Micro. With the permission of Trend Micro, this report is available for downloading:


BD Pro Inc. – Whitepapers – Security standards (SP 800-53 r4, OSFI Self-Assessment Guidance, ISO 27002:2013 and CSE ITSG-33) and related compliance by Trend Micro Products (Deep Discovery Inspector, Deep Security and SecurCloud)
 9 February 2015

BD Pro Inc. has prepared the following security standards compliance analysis reports for Trend Micro. With the permission of Trend Micro, these reports are now available for downloading:

These four documents provide details of how the current versions of Deep Discovery Inspector, Deep Security and SecureCloud products can help organizations satisfy the requirements of these security standards.  These product-specific compliancy details are needed by managers, security systems engineers, and risk analysts in order that they may select and/or architect cost-effective secure solutions that will protect their enterprise systems and sensitive information assets in the modern hostile threat environment.


BD Pro Inc.  provided NIST with comments on draft of SP 800-171 “Protecting Controlled Unclassified Information in Non-federal Information Systems and Organizations”
16 January 2015


BD Pro Inc.  recommends SANS whitepaper by Steve Irwin:  “Creating a Threat Profile for Your Organization” 
8 September 2014

BD Pro has reviewed this whitepaper. The paper provides information and guidance for expanding existing risk management models to better illustrate Advanced Persistent Threats (APTs). This SANS paper provides a framework on how security practitioners can effectively gather threat related information in order that detailed threat profiles that include APTs can be developed for enterprises.


BD Pro Inc.  Awarded ProServices Supply Arrangement by the Government of Canada
3 February 2014

Ottawa – BD Pro Inc. was pre-qualified under the ProServices Supply Arrangement to provide professional services to departments and agencies of the Government of Canada, in the following  streams:

  • Stream 1 – Application Services;
  • Stream 3 – IM/IT Services;
  • Streams 5 & 10 – Project Management Services;
  • Stream 6 – Cyber Protection Services;
  • Stream 8 – Human Resources Services;  and
  • Stream 9 – Business Consulting / Change Management.

BD Pro Inc. Re-Certified under Controlled Goods Program by the Government of Canada
24 January 2014

Ottawa – BD Pro Inc. was re-certified under the Controlled Goods Program to provide professional services where access to Controlled Goods is required in accordance with the Defense Production Act and Controlled Goods Regulations.

The Controlled Goods Program (CGP) is an industrial security program managed by the Controlled Goods Directorate of the Department of Public Works and Government Services Canada (PWGSC). This program helps strengthen Canada’s defense trade controls through registration, prevention, deterrence and detection, and prevents the proliferation of weapons of mass destruction and of conventional weapons. This is done by regulating and controlling the examination, possession, and transfer in Canada of controlled goods and/or controlled technology.

BD Pro’s CGP certification will continue to facilitate our providing of security critical professional services to the Department of National Defense and other departments.


BD Pro Inc.  Re-Certified under US / Canada Joint Certification Program
16 January 2014

Battle Creek, Michigan – BD Pro Inc. has been re-certified under the the US / Canada Joint Certification Program (JCP). The JCP establishes eligibilty of US and Canadian companies to receive technical data governed, in the US, by  DoD Directive 5230.25 and in Canada, by the Technical Data Control Regulations (TDCR).

Our JCP certification number is: 0051352
Our CAGE code is: L8136


BD Pro Inc. – Analysis Report – Mapping of ITSG-33 to SP 800-53 Revision 4 Security Controls
1 April 2013

BD Pro Inc. has prepared an analysis report “Mapping of ITSG-33 Security Controls to SP 800-53 Revision 4 Security Controls“.  This report is intended to assist security risk analysts, who are using the ITSG-33  Annex 3 security controls catalogue (based on the SP 800-53 Revision 3 catalogue), to also include consideration of relevant security controls which have been introduced in the updated SP 800-53 Revision 4 security controls catalogue.   In particular, the mapping table will allow security risk analysts to more easily identify additional candidate controls from the SP 800-53 Revision 4 catalogue to be considered when:

  • conducting Threat and Risk Assessments (TRAs) to mitigate risks to critical systems and assets; and
  • tailoring ITSG-33 Annex 4 “security control profiles” to help satisfy enterprise, system-specific, business, operational, technical and threat related requirements.

The mapping table may also be useful to security risk analysts when leveraging work of other organizations and sectors that are using security standards, guidance documents and tools based on the NIST SP-800-53 security controls catalogue and “security control baselines“.


BD Pro Inc. – Analysis Report – Major Enhancements to NIST SP 800-53 Revision 4
17 October 2012

BD Pro Inc., in the report “Major Enhancements to NIST SP 800-53 Revision 4”, summarizes major changes incorporated into the NIST SP 800-53 Revision 4 security controls catalogue.  The number of security controls in SP 800-53 has increased by about 22 percent.  The earlier Revision 3 catalogue had been leveraged in various third party security guidance documents such as:

  • SANS 20 Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines;
  • CSEC Security Controls Catalogue, ITSG-33 Annex 3;
  • Cloud Security Alliance, Cloud Controls Matrix;
  • US Federal Risk and Authorization Management Program (FedRAMP) Security Controls Baseline; and
  • US Security Categorization and Control Selection for National Security Systems, CNSSI 1253.

Security risk analysts using such security guidance should also consider using relevant control improvements introduced in Revision 4.  This BD Pro report is intended to assist in such security risk analysis.


BD Pro Inc. – Whitepapers – Security Standards Compliance (SP 800-53 r4, PCI DSS and ITSG-33) to Trend Micro Products (Deep Security and SecurCloud)
24 August 2012

BD Pro Inc. has prepared the following security standards compliance analysis reports for Trend Micro. With the permission of Trend Micro, these papers are now available for downloading:

These three documents provide details of how the Deep Security and SecureCloud products can help organizations satisfy the requirements of these security standards in virtual server and cloud computing environments.  Such challenging environments are being implemented throughout government and private sector organizations and by their service providers. Challenges include addressing security concerns specific to the virtual environment such as: inter VM traffic, resource contention, blurring of system and network security boundaries, mixed trust levels, security zoning, separation of duties, ….

In particular, organizations need to specifically protect their sensitive information assets in the virtualized multi-tenant cloud environment where the physical storage locations are unknown to them and distributed across the cloud.  One objective of this document is to provide focused guidance to systems architects and security risk analysts on how the Trend Micro Deep Security and SecureCloud solutions can effectively help deal with these ongoing challenges by leveraging security standards.


BD Pro Inc. – Whitepaper – Securing Large Scale Virtual Server Environments in US Government Enterprises
29 November 2011

BD Pro Inc. prepares whitepaper for Trend Micro. In order to realize the benefits of virtualization such as: improved ROI, increased flexibility, improved responsiveness, and efficient resource utilization; traditional security paradigms such as defense-in-depth and security zoning need to evolve to embrace a virtual world where the data center including servers, data and network appliances are all virtual and abstracted from the underlying physical buildings, hardware and cabling. A related whitepaper, with the permission of Trend Micro, is now available for downloading:

The whitepaper builds on the February 2011  “Government Enterprise, Large Scale Virtual Server Environment, Risk Assessment” and provides additional risk management guidelines for the expanded environment applicable to large scale US Government virtualized multi-zone server environments.

This whitepaper summarizes the analysis and results of a system level risk assessment, conducted on the VMware vSphere 4.1 ESXi environment; and shows how the introduction of the Trend Micro Deep Security 7.5 Virtualized Appliances, into the system, can assist typical US Government enterprises, their System Integrators and/or their Cloud Service Providers in countering the security threats identified.


BD Pro Inc. – Discussion Paper – Harmonized Threat and Risk Assessment Methodology – Limitations
13 September 2011

Bill Dziadyk (President of BD Pro Inc), in the paper “Harmonized TRA (HTRA) Methodology – Limitations”, analyzes limitations of the HTRA Methodology. The primary objectives are to generate discussions regarding such limitations and to propose approaches for improved effectiveness and standardization of the risk analysis and TRA deliverables in support of Certification and Accreditation (C&A) and enterprise risk management. In addition, the enterprise system architectures, technologies, cyber security tools and the cyber threat environments have changed considerably since the 2007 introduction of the HTRA Methodology. A related objective is to identify some key areas to be considered in future improvements to the HTRA Methodology (and perhaps other risk management standards and guides) to more effectively address these changes.


BD Pro Inc. Re-Certified under Controlled Goods Program by the Government of Canada
11 June 2011

Ottawa – BD Pro Inc. was re-certified under the Controlled Goods Program to provide professional services where access to Controlled Goods is required in accordance with the Defense Production Act and Controlled Goods Regulations.

The Controlled Goods Program (CGP) is an industrial security program managed by the Controlled Goods Directorate of the Department of Public Works and Government Services Canada (PWGSC). This program helps strengthen Canada’s defense trade controls through registration, prevention, deterrence and detection, and prevents the proliferation of weapons of mass destruction and of conventional weapons. This is done by regulating and controlling the examination, possession, and transfer in Canada of controlled goods and/or controlled technology.

BD Pro’s CGP certification will continue to facilitate our providing of security critical professional services to the Department of National Defense and other departments.


BD Pro Inc. — Technical Report – Government Enterprise Large Scale Virtual Server Environments – Risk Assessment
17 February 2011

BD Pro Inc. prepares technical report for Trend Micro.  Virtualized servers and desktops face many of the same security challenges as their physical counterparts and additionally have to contend with a number of security concerns specific to the virtual environment such as: inter VM traffic, resource contention, blurring of system and network security boundaries, mixed trust levels, security zoning, and separation of duties.  The following risk assessment report, with the permission of Trend Micro, is now available for downloading:

This report includes the analysis and results of a system level risk assessment, conducted on the VMware vSphere 4.1 ESXi environment; and shows how the introduction of the Deep Security 7.5 Virtualized Appliance, into the system, can assist typical government enterprises in countering the security threats identified. The security controls include those provided by or enabled by Trend Micro components for implementing multi trust zoned virtual server enterprise architectures. The report and findings provide a baseline set of recommended security controls (or safeguards), which can be considered as input to an enterprise’s security risk management efforts supporting implementation of virtual server environments.


BD Pro Inc. Certified under US / Canada Joint Certification Program
14 November 2008

Ottawa – BD Pro Inc. has been certified under the the US / Canada Joint Certification Program (JCP). The JCP establishes eligibilty of US and Canadian companies to receive technical data governed, in the US, by  DoD Directive 5230.25 and in Canada, by the Technical Data Control Regulations (TDCR).

Our JCP certification number is: 0051352
Our CAGE code is: L8136


BD Pro Inc. Certified under Controlled Goods Program by the Government of Canada
11 June 2008

Ottawa – BD Pro Inc. was certified under the Controlled Goods Program to provide professional services where access to Controlled Goods is required in accordance with the Defense Production Act and Controlled Goods Regulations.

The Controlled Goods Program is an industrial security program managed by Department of Public Works and Government Services Canada (PWGSC). This program helps strengthen Canada’s defence trade controls through registration, prevention, deterrence and detection, and prevents the proliferation of weapons of mass destruction and of conventional weapons. This is done by regulating and controlling the examination, possession, and transfer in Canada of controlled goods and/or controlled technology.

The awarding of CGD certification to BD Pro will facilitate our providing of security critical professional services to the Department of National Defence and other departments.


BD Pro Inc. Registered under “PS Online” by the Government of Canada
28 September 2007

Ottawa — BD Pro Inc. was granted registration by the Department of Public Works and Government Services Canada (PWGSC) under the Professional Services Online (PS Online) program. PS Online is an electronic supply arrangement and procurement tool that assists federal departments in the procurement of professional services.

The awarding of the PS Online supply arrangement to BD Pro, provides our customers in the Federal Government with a simple mechanism for purchasing integrated risk management services including Information Technology Risk Management, IT Security Consulting, Project Management and Requirements Analysis Services.