|
pf Pulliam Information Assurance Program Management Support assists public sector clients in meeting their regulatory and compliance requirements by reducing the risk, increasing the security architecture and aligning information security with agency business objectives. Public sector clients have a significant amount of regulatory and compliance requirements that specify the development and deployment of management, operational and technical controls to ensure the confidentiality, integrity, and availability of information and information systems. pf Pulliam staff are intimately familiar with government regulatory requirements which include, but are not limited to: OMB Circular A-130, Privacy Act of 1974; NIST SP 800-18, rev 1; NIST SP 800-26; NIST SP-800-37; NIST SP 800-53; NIST SP 800-53A; Federal Information Security Management Act (FISMA) of 2002; Presidential Decision Directive (PDD) 63 and 67; FIPS Publications (102, 199, etc.), Executive Orders 13231 and 13328.
pf Pulliam believes that technology is only one component of a comprehensive information assurance program. pf Pulliam staff, acting as a trusted advisor to CIO, Senior Agency Information Security Officer (SAISO), and Information System Security Manager (ISSM) will provide strategic planning, operational planning, and resource planning support. pf Pulliam will assist our clients in planning and allocating their security spending across technology, processes, and people to maximize the return for their information assurance investment. Our Information Assurance Program Management Support services include:
-
Information Assurance Strategic Plan – Providing the strategic plan for information assurance expenditures and service offerings to ensure that information assurance practices are aligned to the organizations mission and is positioned to address current and emerging regulation requirements and value to the organization.
-
Information Assurance Compliance Management – Supporting the implementation process to ensure compliance with FISMA, OMB A-130, Privacy Act, NIST, PDD, FIPS, and for financial systems Sarbanes-Oxley (SOX) and SAS 70 audit requirements. pf Pulliam staff can assist in the creation of the FISMA annual and quarterly report to OMB.
-
Certification & Accreditation Process – Developing a consistent and repeatable C&A process that meets FISMA, OMB, NIST, FIPS and agency requirements which will promote better understanding of agency risks resulting from the operation of information systems.
-
IT Planning and Implementation – Developing public sector enterprise infrastructure architecture that is compliant with information assurance regulations. Supporting the implementation of E-government, Clinger-Cohen, OMB A-II CPIC process as well as the development of OMB Exhibit 300s and 53s.
-
IA Policy Analysis – Conducting an IA policy analysis by creation of a matrix that shows public laws, regulations, standards, and directives that state what security controls must be in place to protect information and information systems. pf Pulliam will assist our public sector clients by reviewing all pertinent laws, regulations, standards, and directives and develop a core set of requirements. In addition, pf Pulliam staff can review existing IA policies and standards and make recommendations for revisions or additions to existing policies and creation of new policies and standards.
-
Business Continuity Management – Developing a cost-effective recovery strategy for information systems. ICRO staff will review and/or develop guidelines for agency recovery that meet industry best practices provided by DRI International and FEMA as well as regulatory requirement provided by NIST, SOX, FFIEC, etc. Costs of an outage due to a disaster can range from thousands of dollars to over a million dollars an hour depending on the revenue los and type of disaster. Understanding the business process and developing a cost-effective and manageable business continuity process can greatly reduce these costs.
|