Contractors that do business with the federal government generally must follow the security guidelines outlined in Special Publication (SP) 800-171, which is published by the National Institute of Standards and Technology (NIST). SP 800-171 also assists businesses with regulatory compliance for information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The following areas of expertise show why CSCi is the best fit for your IT compliance project:
- Training
- Technology
- Network security
- Education
Overview
CSCi uses its own Assess, Remediate and Maintain (ARM) approach to help its clients meet their NIST SP 800-171 requirements. The assessment phase of the ARM program includes a complete assessment of the client’s current security practices. CSCi then applies the recommendations developed during the assessment phases to the remediation phase of the ARM program. The maintenance phase involves the use of various services to ensure the client remains in compliance with SP 800-171.
Training
CSCi’s team has extensive training in meeting compliance requirements. For example, we can determine a client’s ability to respond to security incidents, which includes activities such as tracking, documenting and reporting these incidents. Team members are also trained to trace system activity to individual users, who can then be held accountable for their actions. Furthermore, CSCi can train users in identifying security vulnerabilities and mitigating their risk.
Technology
CSCi uses enterprise-level technology to support its client’s compliance requirements. These requirements include establishing configuration baselines and enforcing configuration settings for the client’s IT infrastructure. CSCi’s best-of-breed technology also protects systems from malicious attack and reports vulnerabilities. Additional capabilities of CSCi’s technology include the ability to monitor the system from a single workstation.
Network Security
CSCi is the only company that adds compliance to its clients’ network security profiles. Our ARM program continually monitors security controls with network and firewall software to ensure those controls remain effective. ARM also promotes effective information security, which is part of SP 800-171’s requirements for communications protection. Network security includes additional areas of responsibility such as system architecture, network engineering and software development techniques.
Education
CSCi educates its clients on compliance issues and develops steps to remediate those issues. The remediation phase of the ARM program capability includes protecting the system through the identification and correction of vulnerabilities, including the assessment of security controls. The development of procedures to correct and implement identified vulnerabilities is also an essential component of the remediation phase.
CSCi’s additional responsibilities in the mediation phase includes configuration management activities such as taking inventory of the client’s IT infrastructure, including documentation, firmware, hardware and software. The ARM program also assigns CSCi sole responsibility for ensuring the client’s system meets maintenance and integrity requirements.
Summary
CSCi provides a range of IT services for small to medium sized businesses in the San Diego area, including NIST and HIPAA compliance. We also partner with major IT vendors such as HP, Cisco, Fortinet and Microsoft. Contact us today to find out how we can help you with your compliance requirements.
