Information Security Case Study
In order to mitigate risks resulting from an increase in cyber threats and to comply with Federal legislation, this Federal Agency hired TMI to develop and conduct an enterprise-wide IT security assessment.
TMI developed Security Standards to meet federal legislation and increase Agency baseline information security and privacy posture Agency-wide, while reducing the reporting burdens required complying with Federal mandates. TMI has been providing essential security and privacy services to Agency to enable them to maintain compliance with Federal mandates, provide mission-critical services and maintain the public’s trust and confidence in the quality of services and business operations.
Vulnerability Management (VM): This comprehensive program integrates network vulnerability scanning, configuration compliance scanning, penetration testing, web-based application vulnerability scanning, and wireless vulnerability scanning activities to identify technical deficiencies throughout the department and to provide heightened situational awareness across the department. TMI conducts monthly network vulnerability scans for several small Agencies and provides vulnerability scan support for several others.
Certification & Accreditation (C&A) Support: TMI directly supported the implementation of a comprehensive C&A process to ensure compliance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems. TMI conducted C&A activities for more than ten systems Agency wide.
FISMA Support: TMI is responsible for developing and preparing the Department’s information security reports as required by FISMA annual reporting requirements and the quarterly FISMA and President’s Management Agenda (PMA) updates. TMI provides the Agency with the ability to identify IT security weaknesses or vulnerabilities and assist departments in mitigating these weaknesses. TMI provides a real-time oversight and monitoring capability to ensure that the Agency functions as a world-class organization in line with legislative and regulatory requirements. In addition, TMI facilitated the deployment of automated tools to facilitate and track all data collection.
Information Security and Privacy Awareness Training: TMI develops information security and privacy awareness, training, and education programs for the Agency. In addition, TMI Solutions, Inc assists the Agency by introducing standards and tools to ensure they meet FISMA and Office of Personnel Management (OPM) compliance in the area of information security and privacy awareness.
The Benefit to Government
As a result of this activity, vulnerabilities identified across the Agency have proactively been addressed, substantially increasing the overall security posture of the enterprise. This solution has paid immediate dividends by allowing several departments to quickly identify and remediate published vulnerabilities. Taken together, these activities provide the Agency a comprehensive view of their technical security posture across the enterprise.