Information security (IS) Governance (Policy, Legal & Compliance)
Our Consultants, Engineers, and Security Professionals have a detailed understanding of the Federal Information Security Management Act of 2002, the basic foundation for Information Security governance, and the OMB Circular A-130, Management of Federal Information Resources, Appendix III, the regulatory guidance on the implementation of security controls. The Federal Information Security Management Act of 2002 (FISMA) provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets and requires an assessment of compliance with requirements and related information security policies, procedures, standards, and guidelines. Like the FISMA Act, our Security Professional recognizes the highly networked nature of the current Federal computing environment and seeks to provide effective government-wide management and oversight of the related information security risks.
The OMB Circular A-130, Management of Federal Information Resources, Appendix III, requires Federal Agencies to implement and maintain an automated information systems security program, including the preparation of policies, standards, and procedures. An effective computer security program is an important managerial responsibility.
In addition, our thorough knowledge of Federal and Department of Defense Information Security Governance policies, regulations, Acts and compliance include but not limited to the following security regulatory listed below. Our Consultants will establish a framework for information security governance monitoring (considering cost/benefits analyses of controls and ROI), analyze all the external laws, regulations, standards, and best practices applicable to the organization, and align information security governance framework with organizational goals and governance.
We utilize the following security standards, procedures, directives, policies, regulations, and legal issues in our security solutions and services.
Federal Information Security Management Act [FISMA]
Office of Management and Budget [OMB] Circular A-130 Management of Federal Information Resource
OMB Circular A-130, Appendix III: Security Of Federal Automated Information Resources
Homeland Security Presidential Directive-12 [HSPD-12], Common Identification Standard for Federal Employees and Contractors
OMB Circular A-11 Preparation, Submission, and execution of the Budget
Health Insurance Portability and Accountability Act [HIPAA]
Homeland Security Presidential Directive-7 [HSPD-7], Critical Infrastructure Identification, Prioritization, and the Protection
Gramm-Leach-Bliley Act
Clinger-Cohen Act
Sarbanes-Oxley (SOX)
Department of Defense [DoD] 8500 series
National Institute of Standards and Technology [NIST]
NIST Special Publication [SP]
Federal Information Processing Standards [FIPS]
International Organization for Standardization (ISO) 27000 series
DOD 8570 – Information Assurance (IA) Training, Certification, and Workforce Management
Privacy Act
Personally Identifiable Information (PII)
International Organization for Standardization (ISO) 20000
Control Objectives for Information and Related Technology (COBIT)
Director of Central Intelligence Directive (DCID) 6/3
DoD 8570.01-M - Information Assurance Workforce Improvement Program
Federal Risk and Authorization Management Program (FedRAMP)
Security Information and Event Management (SIEM) Solutions
Intelligence Community Directive (ICD) 503
The OMB Circular A-130, Management of Federal Information Resources, Appendix III, requires Federal Agencies to implement and maintain an automated information systems security program, including the preparation of policies, standards, and procedures. An effective computer security program is an important managerial responsibility.
In addition, our thorough knowledge of Federal and Department of Defense Information Security Governance policies, regulations, Acts and compliance include but not limited to the following security regulatory listed below. Our Consultants will establish a framework for information security governance monitoring (considering cost/benefits analyses of controls and ROI), analyze all the external laws, regulations, standards, and best practices applicable to the organization, and align information security governance framework with organizational goals and governance.
We utilize the following security standards, procedures, directives, policies, regulations, and legal issues in our security solutions and services.
Federal Information Security Management Act [FISMA]
Office of Management and Budget [OMB] Circular A-130 Management of Federal Information Resource
OMB Circular A-130, Appendix III: Security Of Federal Automated Information Resources
Homeland Security Presidential Directive-12 [HSPD-12], Common Identification Standard for Federal Employees and Contractors
OMB Circular A-11 Preparation, Submission, and execution of the Budget
Health Insurance Portability and Accountability Act [HIPAA]
Homeland Security Presidential Directive-7 [HSPD-7], Critical Infrastructure Identification, Prioritization, and the Protection
Gramm-Leach-Bliley Act
Clinger-Cohen Act
Sarbanes-Oxley (SOX)
Department of Defense [DoD] 8500 series
National Institute of Standards and Technology [NIST]
NIST Special Publication [SP]
Federal Information Processing Standards [FIPS]
International Organization for Standardization (ISO) 27000 series
DOD 8570 – Information Assurance (IA) Training, Certification, and Workforce Management
Privacy Act
Personally Identifiable Information (PII)
International Organization for Standardization (ISO) 20000
Control Objectives for Information and Related Technology (COBIT)
Director of Central Intelligence Directive (DCID) 6/3
DoD 8570.01-M - Information Assurance Workforce Improvement Program
Federal Risk and Authorization Management Program (FedRAMP)
Security Information and Event Management (SIEM) Solutions
Intelligence Community Directive (ICD) 503