|
pf | Pulliam assists our federal government clients in meeting their compliance and requirements by addressing the security controls in place to include confidentiality, integrity and availability of information resources. Our staff are intimately familiar with government regulatory requirements which include, but are not limited to: OMB Circular A-130, Privacy Act of 1974; NIST SP 800-18, rev 1; NIST SP 800-26; NIST SP-800-37; NIST SP 800-53; NIST SP 800-53A; Federal Information Security Management Act (FISMA) of 2002; Presidential Decision Directive (PDD) 63 and 67; FIPS Publications (102, 199, etc.), Executive Orders 13231 and 13328. pf | Pulliam provides the following services to our government clients:
- Certification & Accreditation (C&A) Support: pf | Pulliam assists clients in conducting C&A of their general support systems and applications. Our staff follow NIST, FIPS, FISMA, and agency-specific C&A process guidelines. As part of conducting a C&A our staff will conduct on-site data collection activities, scan services and applications looking for known vulnerabilities, conduct security assessment activities and development following deliverables: C&A Plan; System Security Plan (SSP); Risk Assessment; Security Assessment Test Plan; Security Assessment Test Report; IT Contingency Plan; Privacy Impact Assessment (PIA); Transmittal Letter; and Accreditation Decision Letter. In addition, pf | Pulliam staff can assist our federal clients in updating internal C&A process to meet the new NIST SP 800-37 requirements.
- Computer Information Security Officer (CISO), Information System Security Officer (ISSO), Information System Security Manager (ISSM) Program and Policy Development – pf | Pulliam staff will provide assistance in the development, update and/or maintenance of information security program and policies, standards, and procedures. We work closely with the CISO, ISSO, ISSM, and any other pertinent staff to ensure that the documentation developed meets the organizational needs. pf | Pulliam can also assist our clients in developing hardening and configuration guidelines. Finally, pf | Pulliam staff will work closely with the CISO/ISSO/ISSM in developing a 1-5 year strategic program plan to ensure that the federal organization has a plan in place to address known regulatory requirements as well as understanding what new requirements are being developed by entities such as NIST, OMB, etc.
- Chief Privacy Officer (CPO) Support – pf | Pulliam staff address laws and regulations such as the Privacy Act of 1974, USA Patriot Act, Children’s Online Privacy Protection Act (COPPA), Health Insurance Portability and Accountability Act (HIPAA), OMB Circular A-130, Appendix I, Gramm-Leach-Bliley (GLB) Act, etc. have specific requirements in regards to protecting the privacy of individuals. In addition, per OMB Memo 03-22, OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002” all Federal public Websites must comply with existing laws and directives that address the need to protect the privacy of individuals when they interact with the government. Key requirements include: conducting Privacy Impact Assessments (PIA); posting accurate and relevant policies on website; posting Privacy Act statements on the Website that tells visitors that organization’s legal authority for collecting personal data and how that data will be used; translating privacy policies into a standardized machine-readable format; appointing an individual responsible for privacy policies; and, reporting annually to OMB on compliance with Section 207 of the E-Government Act of 2002.
- FISMA and FISCAM Program Support – pf | Pulliam can provide assistance in conducting and updating the annual program review and developing the report that must be submitted to OMB. As part of this service, our staff work closely with CISO, ISSM, ISSO, and OIG to ensure appropriate data has been captured in regards to how the federal agency has done in being in compliance with regulatory requirements. The reports will include the quarterly and annual report.
- Network and/or Application Vulnerability Assessment / Penetration Testing – pf | Pulliam staff will conduct a network and/or application vulnerability assessment or penetration test that meets the requirements as specified under OMB Circular A-130, NIST SP 800-37, NIST SP 800-27, NIST SP 800-53, etc.
- Security Awareness & Training Support – pf | Pulliam staff will provide assistance in developing and delivering security awareness & training support to a federal agency. The training material, that pf | Pulliam staff can develop includes end user (general user), management, ISSO / ISSM / CISO, and technical support staff.
- Incident Response Team Support – pf | Pulliam staff have the experience in developing policies and procedures as well as assist in developing and staffing an agency-wide incident response team. As part of this process, our staff assists clients in first establishing a strong working relationship with internal investigative teams, other incident response teams, outside investigative agencies, and other incident response teams. pf | Pulliam staff can develop incident tracking databases as well as detailed incident response forms that will be completed as part of every incident reported to the incident response team.
- Security Architecture Assessment and Implementation Support – pf | Pulliam staff assist our clients in determining what security architecture requirements are in place and needed and then will assist in evaluating, selecting, and implementing information security controls and devices (i.e., appropriate placement of firewalls, network and host-based intrusion detection systems, etc.). In addition, our staff can provide security software / hardware integration or support services to our customers. Our staff are vendor neutral and therefore will provide recommendations to our clients for security architecture devices and/or tools that meet our client unique needs and are cost effective in addressing those needs.
|