Additionally, new standards like the Risk Management Framework (RMF) require new processes, technology and approaches to meet the NIST SP 800-37 requirements. ClearFocus staff conducted a review of applicable law, regulations, policy, and agency requirements to determine gaps in the existing cybersecurity program.
PROCESS
We began with Assessment and Authorization (A&A) processes, automating significant portions of the Risk Management Framework (RMF) which reduced the time to complete A&A activities by 50%. We developed Standard Operating Procedures (SOPs) to support the RMF, and deployed security tools and queries, reports and dashboards to support the NIST 800-137 Continuous Monitoring requirement. Additionally, we implemented a common control strategy which reduced the time to accredit individual systems by leveraging inherited controls common to the operating environment. ClearFocus also reviewed the existing security architecture, rationalizing the existing tools and security sensors to ensure maximum coverage, while reducing duplicative solutions.
RESULT
As a result, ClearFocus recommended the retirement of some existing security solutions, while recommending new “best in class” solutions to function as a cohesive security architecture. ClearFocus recommended, deployed, and maintained all the client’s security tools including firewalls, intrusion detection systems, Security Information and Event Management software (SIEM), security orchestration tools, malware detection, vulnerability management, and cyber threat detection. By taking a holistic approach to the client’s security architecture, discovery of incidents and anomalous activity increased by 40% and critical vulnerabilities were reduced by 65%.
We are innovators. Our consultants have the right mix of talent, creativity, process and technology to ensure every initiative we undertake has successful outcomes and meets mission objectives.
