Challenges & Needs

• Antiquated Information Security policies and procedures: Information security policies and procedures existed, yet they were old and had not been updated in years, and were not written to the specific NIST SP 800-53 requirements, thus, essentially rendered meaningless when it came to authoring the client’s SSP.
• Unclear Roadmap and Where to Even Begin: While the client did perform a readiness assessment against the NIST SP 800-53 controls, they had still not remediated all critical policy, technical, and security gaps within their control environment.

Our Solution

• Defined project scope, including roles and responsibilities for all internal personnel at the client.
• Identified gaps and deficiencies within the client’s control environment, offering expert recommendations on remediation and next-steps.
• Identified all missing NIST SP 800-53 specific security policies, procedures, programs, and plans.

Challenges Solved

• Developed all required information security policy documentation necessary for authoring an SSP that showcased adequate control coverage against the NIST SP 800-53 framework.
• Established and put into operation all required NIST SP 800-53 programs - specifically - an incident response plan, contingency planning program, risk assessment program, insider threat program, and more.
• Authored a formalized, 139 page System Security Plan (SSP).
• Implementation of a true compliance framework in accordance with NIST SP 800-53 reporting.

Value Created

• Put in place a corporate culture that now understands, respects, and truly values the concept of information security.
• Developed and implemented a highly respected regulatory compliance framework with formalized and well-documented internal controls.
• Successfully met the rigorous compliance requirements of NIST SP 800-53.