CSF/FISMA Compliance and Risk Management

EDUCATION - FERPA

GOVERNMENT - CSF/FISMA

HEALTHCARE - HIPAA

RETAIL - PCI-DSS

UTILITY - NERC/CIP

MANUFACTURING - ISO-27K

SERVICES - ISO-27K

FINANCIAL - GLBA

NIST 800-53

NIST Special Publication 800-53, also referred to as the “Cyber Security Framework” provides a catalog of privacy and security controls for federal information systems and organizations. The bulk of our FISMA solution involves a complete and thorough NIST 800-53 controls assessment. This is not only required for FISMA compliance but also is demonstrated as a “best in class” practice regardless of industry.

The Seven Essential Elements
of an Effective CSF/FISMA
Compliance Program:

1. Develop and maintain an inventory of

major systems and interconnections

2. Categorize information and

information systems according to

level of risk

3. Select security controls for systems

4. Complete a comprehensive risk

assessment

5. Develop a system security plan

6. Achieve security certification and

accreditation

7. Develop continuous monitoring

activities

Top 5 Reasons to Undertake Risk Analysis and Risk Management:

1. Avoid security incidents
and /or breaches.

     2. Ensure that high priority risks are
         aggressively managed and that all
         risks are cost-effectively managed

throughout the project.

3. Become a “best in class” practice.

     4. Provide management at all levels with
         the information required to make
         informed decisions on issues critical to
         project success.

5. Tremendous educational and
learning experience.

CSF/FISMA Compliance and Risk Management

Who is required to comply with the CSF/FISMA?
All federal, state, and local government agencies, contractors and organizations
that exchange data directly with government systems must be FISMA compliant.

What are the penalties for failing to comply with the CSF/FISMA requirements?
Federal CIOs face the risk of being called to Capitol Hill to testify if their agencies
receive poor scores on FISMA compliance. Also, since FISMA was enacted, lawmakers have threatened to cut agency budgets if they did not improve their FISMA scores.
Since Congress publishes agencies’ FISMA results each year, reputation damage has
been one of the main penalties of noncompliance as well.

Sentry Cybersecurity Solution for CSF/FISMA Compliance and Risk Management
Sentry Cybersecurity provides expert guidance and effective software technology called SPARTAN
to address the entirety of FISMA compliance and risk management. Our solution consistently addresses the seven elements of an effective compliance program. Also included is our NIST 800-53 privacy and security controls assessment. Lastly, our risk assessment process includes an accurate and thorough assessment of the potential
risks and vulnerabilities to the confidentiality, integrity, and availability of federal data
and information.

Features and Benefits of SPARTAN Risk Management SaaS

• Spartan provides an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the electronic information, whether it be client or company data.

• Definitions and default text aid in understanding of each topic and provide proper vernacular for attestation.

• Spartan solutions risk access, develop mitigation plans, and write reports.

• Spartan provides operational compliance through a mature, repeatable, complete, accurate and sustainable process and can become your on-going compliance assessment and monitoring tool.

• Spartan SaaS is an Enterprise Class platform providing Information Technology, Governance Risk and Compliance (IT GRC). Modules include HIPAA, FISMA, PCI-DSS, FERPA, NERC-CIP, Business Continuity Planning.

• Modules can be used individually or in combination when unique compliance requirements share common security controls and help us efficiently keep up with hundreds of tasks associated with each regulatory requirement.

• Spartan provides an auditable, password protected, logged documentation tool that meets requirements of internal and external audit standards.

Sentry Cybersecurity Solutions provides
a methodology and software that is proactive, adaptable, and consistent with industry best standards.

The risk analysis and risk management process includes an accurate and

thorough assessment of the potential
risks and vulnerabilities to the confidentiality, integrity, and availability
of government information.

An Ongoing Effort that
Requires Process Maturity

Peace of Mind

There is a Right Way and

Many Wrong Ways

Checklist and Spreadsheets

Will Not Pass Audit