Government Security Compliance Services

  • CFO Act agencies spent over $10.3 Billion on Information Security in FY13.
  • In FY13, US-CERT received 60,753 incident reports that impacted the Federal Government, an increase of 26% from FY12.
  • The Cyber Cross Agency Priority (CAP) goal is comprised of the following strategies:
    • continuous monitoring, HSPD-12 implementation for logical access, TIC security capabilities and
    • TIC traffic consolidation. Overall, CAP strategies have shown improvement from 77% in FY12 to 81% in FY13.

FY13 FISMA Report

images (7)The protection of data is the highest priority for any organization, especially ones that process sensitive data such as Personally Identifiable Information (PII). The requirements for protecting this data within Government systems is complicated and constantly changing. AgileRank helps clients navigate this maze through a combination of deep understanding of the Certification & Accreditation (C&A) lifecycle within the Risk Management Framework (RMF) and a strong understanding of the technical controls that must be in place to meet the requirements and adequately protect your data. AgileRank is a trusted adviser to help clients achieve regulatory compliance while ensuring that vendors hosting and managing sensitive data are meeting the controls, processes, and applicable security requirements.

IA Advisory Services

DoD Compliance – Guidance through DIACAP DoDI 8510.01 lifecycle and DoDI 8500.2 controls for MAC III, II, & I mission categorizations including STIGs, Checklists, & SRRs.  DoD Enterprise Cloud Services Broker (ECSB) Security model and the CNSSI 1253 controls for Impact Levels L1-L6.

Healthcare Regulatory Requirements – Compliance with the Security & Privacy rules as it relates to Electronic Protected Health Information (ePHI) under the HIPAA/HITECH Act.

Cloud Security – Understanding the Federal Risk & Authorization Management Program (FedRAMP) and the responsibilities of Agencies, Cloud Service Providers, and 3PAOs for systems at the Low & Moderate control baselines for Infrastructure, Platform, and Software as a service levels hosted with Cloud Service Providers

Risk Management Framework – Implementing an effective information security program using a risk-based approach in-line with applicable laws, directives, standards, or regulations.  Guidance through the NIST SP 800-37 C&A lifecycle and NIST SP 800-53 rev. 3 and 4 for FIPS 199 Low, Moderate, & High impact categorization systems.