Services

Uncover risks as part of the Assessment and Authorization (A&A) steps of the Risk Management Framework (RMF).

Receive independent verification of remediation of mitigation activities performed by system personnel following an assessment of systems.

Ensure the appropriate operational security posture is maintained for the information system or program with an assigned agency official.

Comprehensively integrate cybersecurity into system development lifecycles and comply with RMF standards as maintained by NIST.

Available to systems hosted in ESC Federal Tier 3+ data centers, this service includes the assignment of dedicated ISSO support personnel of appropriate skill level to match the needs/complexity of system(s).

Ensure NIST SP 800-53 security controls are appropriately assigned for systems and receive system security documentation based on RMF and NIST 800-37.

Receive guidance and support to develop and update configuration management plans.

Receive support to help develop and update contingency plans and conducting table-top testing.

Receive annual assessments of subset security controls; reviews of system-level reports, audit logs, and vulnerability scan reports; review/updates system security documentation; and annual contingency planning table-top testing.