LOG IN

Why Choose CARVER+?

 

CARVER+ gives you everything you need to assess and manage the threats, vulnerabilities, and risk levels of your organization's assets.  Not only can you conduct assessments on your phone or tablet, but with CARVER+, you can also write reports in record time, as well as monitor all your assets at anytime - form anywhere!

Efficiency and Consistency

CARVER+ allows your security team to more efficiently perform assessments, while ensure that there is consistency between assessors, regardless of experience level.

Quantitative Measurement

CARVER+ utilizes quantitative measurement, which assists with asset prioritization and probability of attack.  It also assists with budgeting and financial metrics.

Organizational Management

CARVER+ will provide your organization with a comprehensive management system, which ensures nothing falls through the cracks.  Not only can you track your assets, but you can also track team communication, work orders, and alerts.

Let's get started

What is the CARVER Methodology?

As a security professional, why should I care?

Underlying Magic...

At the heart of CARVER+'s proprietary vulnerability assessment algorithm lies the CARVER Methodology.  CARVER is a commonsense methodology that uses both qualitative and quantitative metrics to produce a measurable “likelihood of attack” against an organization’s assets and facilities.   It plays an essential role in the protection of critical infrastructure by determining how an adversary can successfully exploit a system or an asset’s vulnerabilities.  It is the foundation for CARVER+’s collection and monitoring capabilities.

CARVER+ was designed by a team of vulnerability assessment professionals who came from an intelligence community (IC) background… including the “Godfather of CARVER”, Leo Labaj, one of the original co-founders of CARVER back in the late 1960’s/early 1970’s while a member of the CIA’s Special Activities Division (SAD).  The technical coding was done by programmers who previously worked with NASA, as well as the US Military’s Space and Mission Command.  The developers are a textbook blend of real-world operators and big-brained software engineers.

 

Our people literally wrote the book(s) on CARVER!

What does CARVER stand for?

CARVER allows complex data to be synthesized into usable information by integrating the analysis and examination of assets, threats, vulnerabilities, and countermeasures surrounding a specific facility.  Its applications are numerous, from physical security and counterintelligence, to cyber security.  CARVER is an acronym which stands for:

Criticality - Identify critical systems, single points of failure or choke points

Accessibility - Determine ease of access to critical systems, operations or assets

Recoverability - The time and effort taken to recover from an adverse event

Vulnerability - Security system effectiveness vs. adversary capability

Effect - Scope and magnitude of adverse consequences that would result from malicious actions and responses to them

Recognizability - Evaluate likelihood that potential adversaries would recognize the asset as a critical or valuable target

 

CARVER+ Utilizes the 16 Critical Infrastructures from DHS + CARVER!

Every CARVER+ assessment begins by determining which critical the security professional will be evaluating.  Once the assessment begins, the user will score each asset within that infrastructure utilizing the six CARVER criteria.  Read more about the CARVER Methodology from this article written by our team in the Harvard Business Review.

Read About the CARVER Methodology

Frequently Asked Questions

Contact Us

Ready to get started with CARVER+?  Even if you just have further questions, we're standing by to assist.