Cyber Staff Augmentation
Whether you need Information Security Analysts, Forensic Investigators, Software Assurance Professionals, Penetration Testers, or even a CISSO, ReliaONE employees hold active security clearances, with leading industry certifications such as CISSP, CISA, CEH, GISP, CPTE, and GPEN, and are available to secure your assets and networks. These cleared, experienced and certified staff members possess a wide range of personal and professional backgrounds across federal agencies, military organizations and commercial industries.
Cyber Risk Assessment & Compliance Testing
The ability to perform risk assessment is crucial for organizations hoping to defend their systems. There are simply too many threats, too many potential vulnerabilities that could exist, and simply not enough resources to create an impregnable security infrastructure. Therefore, every organization, whether they do so in an organized manner or not, will make priority decisions on how best to defend their valuable data assets. Whether you’re a government organization that has to secure your network in accordance with NIST 800-53, a federal contractor that has to secure your network in accordance with NIST 800-171, or a commercial firm that simply wants to protect your company and your customers, we can help.
Risk Management Framework
On March 12, 2014, the DoD CIO approved DoDI 8510.01 transition from DIACAP to Risk Management Framework for Department of Defense (DoD) Information Technology. The change was prompted in part because, Defense Department CIO Teri Takai said, “we were concerned we’re driving up our costs by virtue of having companies have to fit our standards as well as to other national standards.” The Risk Management Framework for DoD IT transition timeline calls for an end to new accreditations under the legacy DIACAP process within six months, and for the full transition of all existing DIACAP-based accreditations within three-and-a-half years from the policy’s effective date, March 12, 2014. Part of the objective is to consolidate DoD C&A practices, focusing on maximizing reciprocity and reducing duplicative efforts. If your organization needs help making sure you’re on track, we can help.
Safeguarding of UCTI (NIST 800-171 Compliance)
If you are new to NIST 800-171, it is intended to help "non-federal entities" (e.g., contractors) to comply with new security requirements using the systems and practices that contractors already have in place, rather than trying to use government-specific approaches. It also provides a standardized set of requirements for all Controlled Unclassified Information (CUI) security needs, tailored to non-federal systems, allowing non-federal entities to comply and consistently implement safeguards for the protection of CUI. If your company needs help becoming NSIT 800-171 compliant, we use a template driven approach to quickly and economically help you become compliant.
System Security Plan Support
The completion of system security plans is a requirement of the Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources, Appendix III, Security of Federal Automated Information Resources, and Title III of the E-Government Act, entitled the Federal Information Security Management Act (FISMA), The purpose of the system security plan is to provide an overview of the security requirements of the system and describe the controls in place or planned for meeting those requirements. The system security plan also delineates responsibilities and expected behavior of all individuals who access the system. The system security plan should be viewed as documentation of the structured process of planning adequate, cost-effective security protection for a system. It should reflect input from various managers with responsibilities concerning the system, including information owners, the system owner, and the senior agency information security officer (SAISO). Additional information may be included in the basic plan and the structure and format organized according to agency needs, so long as the major sections described in this document are adequately covered and readily identifiable. If your organization needs help using NIST 800-18, Guide for Developing Security Plans for Federal Information Systems, to put your System Security Plan in place, we can help.