Our assessment tool allows for documentation of the current IT environment, independent of a compliance framework. Through our collaborative profile process, stakeholders from across the enterprise can document the current IT operations and control environment. This information is then mapped to control objectives, combined with detailed information and guidance from the governing body to create a dashboard for making quick and efficient decisions to document your current compliance level. This speeds up the assessment process while providing a comprehensive understanding of each control and your results.
As security compliance auditors we understand how to make the process understandable, and expedient while allowing for a comprehensive and accurate result. We know what works and what doesn’t…..
As offensive security experts, we can explain your results – and vulnerabilities – from the perspective of an Advanced Persistent Threat (APT) attacker to prioritize your remediation plans to tie real world risk to compliance goals.
The process is daunting, the controls ambiguous and non-intuitive, and the need to get it right is crucial to your business. We guide you through the assessment process explaining the controls and answering questions each step of the way.
Gather information — we will work with you using our assessment tool and walk you through the full process of documenting your system and surrounding environment, and applying the information to a control framework.
Receive deliverables — includes customized compliance dashboard, and partially completed POAM and SSP.
Engage Us Further — receive tailored support to complete all required deliverables and any other needs.
Submit Results — you are responsible for submitting completed deliverables to the DoD.
Challenge – The assessment questions and control descriptions are technical and can be difficult to interpret Benefit – We use our process and tool to guide you through an intuitive set of questions that map back to the controls
Challenge – Answering the questions is ambiguous at best and at worst a lack of understanding may result in an inaccurate assessment Benefit – Using our experience as technical control auditors and cyber security experts, we explain the context and rationale behind each control question – and why it’s relevant to you
Challenge – The required System Security Plan (SSP) and Plan of Actions and Milestones (POAM) deliverables must results-based, thorough, accurate, and actionable. Benefit – Our assessment tool will automatically generate the SSP and POAM. We then leverage our experience in offensive security, and security engineering, to architect solutions which provide defense against real world risk, while also closing compliance gaps
Challenge – Your assessment score is only as accurate as your answers reflect your security infrastructure Benefit – Our knowledge and experience set will help you accurately assess your compliance and provide you the best foundation for your SSP and POAM deliverables. We then develop a custom remediation strategy to increase your score with limited spend