With the constant evolution of new technologies, organizations of all sizes are impacted daily with new threats to their business resources. As a result, �C-level� professionals � Chief Financial Officers (CFO), Chief Information Officers (CIO), Chief Technology Officers (CTO) � are focused on complying with various laws, directives, policies, and procedures. Therefore, organizations must implement the appropriate control mechanisms to ensure the confidentially, integrity, and availability of their business resources.

IBS provides support services to public and private sector organizations to ensure compliance with all applicable laws, directives, policies, standards, and guidelines.

  • IT Security Policy and Procedure Development / Review – IBS reviews and examines the existing IT security goals, policies, procedures, and standards; and assist organizations with developing and updating the necessary policies and procedures to address the management, operational, and technical security controls.

  • Security Certification and Accreditation (C&A) Support – For General Support Systems and Major Applications, IBS performs C&A activities in accordance with the methodologies suited to the specific needs of the organization. Some of the C&A methodologies include:

    • Department of Defense Information Technology Certification and Accreditation Process (DITSCAP)

    • National Information Assurance Certification and Accreditation Process (NIACAP)

    • National Institute of Standards and Technology (NIST) Special Publication 800-37, Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems

  • Develop System Security Plans – IBS assists organizations with developing System Security Plans for General Support Systems and Major Applications, in accordance with the Office of Management and Budget (OMB) Circular A-130, Appendix III, Security of Federal Automated Information Resources and NIST Special Publication 800-18, Guide for Developing Security Plans for Information Technology Systems guidance to describe the management, operational, and technical security controls planned and in place.

  • Perform Risk Assessments – Our assessments are conducted in accordance with the Federal Information Security Management Act (FISMA) of 2002; OMB Circular A-130; NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems; NIST Special Publication 800-26, Security Self-Assessment Guide for Information Technology Systems, NIST Special Publication 800-53, Recommended Security Controls for Federal Information Systems; and Federal Information Processing Standards (FIPS) 199, Standards for Classification of Federal Information and Information Systems to identify the potential vulnerabilities, likelihood of occurrence, and magnitude of impact to our client’s mission, function, reputation, and image.

  • Develop Disaster Recovery Plans and Contingency Plans – In accordance with NIST Special Publication 800-34, Contingency Planning Guide for Information Technology Systems, IBS assists organizations with developing Disaster Recovery Plans and Contingency Plans for responding to and recovering from minor and catastrophic business and system interruptions.

  • Develop and Execute Security Test and Evaluation (ST&E) Plans – In support of an accreditation decision, IBS supports business system owners and authorizing officials by developing, executing, and documenting the results of our technical and non-technical security control testing to assess whether the security controls are implemented correctly, operating effectively, and producing the desired outcomes.

  • Develop Certification Statements – Based on the Risk Assessment and ST&E results, IBS documents the system security status, current vulnerabilities, and provide the recommendations (corrective actions) necessary to reduce or mitigate system risks.

  • Compose Accreditation Decision Letters– IBS assists system authorizing officials by preparing the Accreditation Decision Letter (i.e., full, interim, or denial) based on the results of the certification activities and supporting documents.

  • Develop and Maintain Plan of Action and Milestones (POA&M) – For the system under review, IBS documents, tracks, and monitors the IT security weaknesses resulting from internal and external IT system-related reviews, ST&Es, audits, penetration tests, vulnerability assessments, etc.
PRIVACY | SITEMAP TM & © 2004 Interim Business Solutions, LLC, All rights reserved.