CDA/CDA.Security

Security Theater Institute CDArmy Wiki Markets+4

Loading...

Company

About CDA
How We Work
Contact
Careers

Properties

CDA.Security
CDA.Institute
CDArmy
CDA.Theater
CDA.Wiki
CDA.Markets
CDA.Shield
CDA.Score

Legal

Privacy Policy
Terms of Service
Responsible Disclosure
Status

Connect

LinkedIn
Blog
CDA.Live
War College

CDADefense runs deep.

© 2026 CDA, LLC. All rights reserved.

C-RECON

Reconnaissance

Assessment, discovery, and threat landscape mapping.

C-RECON is the first phase of every CDA engagement. This is where your Foundational Risk Model lives. We discover assets, map attack surfaces, assess vulnerabilities, review policies, and analyze your threat landscape. Every finding is documented, scored, and prioritized into a mission plan.

Start Your FRM View All Phases

Deliverables

Foundational Risk Model (FRM) report
Asset inventory and data flow maps
Vulnerability assessment results
Policy and compliance gap analysis
Threat landscape briefing
Prioritized mission plan with timeline

Timeline

2-4 weeks

Typical duration for C-RECON phase. Actual timeline depends on organization size and scope.

19

missions in C-RECON across all six PDM domains.

C-RECON Missions

19 missions in this phase

M-DPS-R01C-RECON

2 weeksStandard

Data Asset Inventory

Complete discovery and classification of all data assets across the organization.

M-DPS-R02C-RECON

2 weeksStandard

Data Flow Mapping

Map all data flows including ingress, egress, internal transfers, and third-party sharing.

M-DPS-R03C-RECON

Data Classification Assessment

Evaluate current data classification schemes and identify gaps in labeling and handling.

M-VSD-R01C-RECON

2 weeksStandard

Attack Surface Discovery

External and internal attack surface enumeration including shadow IT discovery.

M-VSD-R02C-RECON

2 weeksStandard

Vulnerability Assessment

Comprehensive vulnerability scanning across all network segments and applications.

M-VSD-R03C-RECON

Configuration Baseline Audit

Audit system configurations against CIS benchmarks and industry standards.

M-SPH-R01C-RECON

2 weeksStandard

Security Posture Baseline

Establish baseline security posture score across all six PDM domains.

M-SPH-R02C-RECON

Endpoint Inventory

Complete inventory of all endpoints including BYOD and IoT devices.

M-SPH-R03C-RECON

Email Security Assessment

Evaluate email security controls including SPF, DKIM, DMARC, and gateway configuration.

M-SPH-R04C-RECON

Security Awareness Baseline

Measure current security awareness levels through simulated phishing and assessments.

M-IAT-R01C-RECON

2 weeksStandard

Identity Inventory

Complete inventory of all identity sources, service accounts, and privileged access.

M-IAT-R02C-RECON

2 weeksStandard

Access Control Review

Review role assignments, permissions, and least-privilege compliance across all systems.

M-IAT-R03C-RECON

Authentication Assessment

Evaluate authentication methods, MFA coverage, and password policies.

M-TID-R01C-RECON

2 weeksStandard

Threat Landscape Analysis

Industry-specific threat intelligence briefing covering relevant threat actors and TTPs.

M-TID-R02C-RECON

Dark Web Exposure Scan

Search dark web markets and forums for leaked credentials, data, and mentions.

M-TID-R03C-RECON

Threat Model Development

Develop threat models for critical assets using STRIDE or MITRE ATT&CK frameworks.

M-RGA-R01C-RECON

3 weeksStandard

Risk Assessment

Enterprise risk assessment identifying, analyzing, and prioritizing information security risks.

M-RGA-R02C-RECON

2 weeksStandard

Compliance Gap Analysis

Map current controls to applicable compliance frameworks and identify gaps.

M-RGA-R03C-RECON

Policy Review

Review existing security policies for completeness, currency, and alignment with standards.

Ready to begin C-RECON?

Every CDA engagement starts with RECON. Schedule your Foundational Risk Model to begin.

Schedule Your FRM View Pricing