NIST/DFARS Compliance Package An all-in-one bundle designed to help you reach compliance.
If you are a government contractor with a contract issued or amended after 2013 and Controlled Unclassified Information (CUI) resides or transmits through your network, you are required to be NIST compliant by December 2017. This package is designed to determine the gaps in your compliance status, provide a detailed Plan of Actions and Milestones (POAM), and get some quick wins to help immediately boost your compliance status.
Our package includes:
NIST Gap Analysis – Our gap analysis is an interview-driven process which comprehensively explores your current security policies, procedures, and techniques. We’ll find the gaps in your NIST/DFARS compliance, and provide a roadmap for meeting your compliance objectives.
Some of the topics our interviews will cover include:
- Physical security
- Security assessments
- Systems and communications protections
- Access controls
- Audit and accountability
Policy Development – Comprehensive security policies written by security professionals. Our policies are designed to meet your compliance needs while optimizing your business requirements. Some of the policies we can help with include:
- Access Control Policy
- Acceptable Use
- Disaster Recovery Plan
- Password Policy
- Incident Response Plan
Security Awareness Training – Our training avoids the pitfalls of normal, generic security awareness training that puts employees to sleep. We do this by incorporating details from our experience and previous assessments that demonstrate the ramifications of employee actions to both their privacy and the organization as a whole. Our security awareness training will educate your employees to:
- Identify common indicators of an attack
- Understand ways to protect themselves
- Recognize the bypass of security controls
- Report potential incidents
Vulnerability Scanning – Vulnerability scanning is a regular, automated process that identifies the potential points of compromise on a network. A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. Our engineers will conduct this scan for you and use our expertise to remove false positives and produce a risk-prioritized report.
External Penetration Test – An external penetration test emulates an attacker trying to break into your network from the outside. The goal of the engineer performing this assessment is to breach the perimeter and prove they have internal network access. This test includes:
- Open source reconnaissance against the organization
- Full port scan covering all TCP ports and the top 1,000 UDP ports of the targets in scope
- Full vulnerability scan of the targets
- Manual and automated exploit attempts
- Password attacks
Why Triaxiom Security
We partner with you to give you the information you need to defend against today’s threats.