Cybersecurity refers to a set of techniques used to protect the integrity of networks, programs, and data from attack, damage, or unauthorized access. At Johnson Development we operate under the following framework:
1. Accreditation Boundary Definition
a. Communicate with all stakeholders and project teams to discuss all components of the information systems to be authorized for operation on the LAN by an authorizing official and define possible excluded systems, to which the information is connected.
b. Develop a memorandum of agreement for acceptance of Accreditation Boundary.
c. Develop an Interconnection Agreement for all systems and subsystems and determine interoperability with other systems outside of the Accreditation Boundary.
2. Baseline Security & Privacy Controls Analysis
a. Create initial baseline security documentation for the Certification effort.
b. Assess security and privacy controls in order to build an effective C&A process.
c. Revisit NIST 800-26 Self-Assessment Checklist.
d. Review all server and workstation platforms, perform baseline hardware assessment, and create a Threat Vulnerability Matrix.
3. FIPS 199 Security Categorization Report
a. Identify the steps required for systems and subsystems to become compliant with NIST RMF standards.
b. Produce the Security Categorization and Boundary Baseline Report required for selecting controls used in the Risk Assessment.
i. Perform technical evaluation to verify configuration baseline standards and vulnerabilities:
a. Provision Operating System Environment
b. Penetration Testing
c. Test Report Creation
d. Device Hardening and Recommendations
e. Create a project plan to implement controls
ii. Provide remediation support for common vulnerabilities and exposures
a. Engineering support and technical recommendation
b. Post remediation penetration testing
c. Test report creation
Johnson Developmentwill provide the knowledge and management, oversight, and professional services required to complete the task of ensuring the above systems comply with NIST RMF standards. Each system and subsystem will also be provided a project initiation and gap analysis.
Contact us today to find out more.
