The Importance Of Risk Management Strategy

1026 Words5 Pages
This style also strongly influences our proposed approach for the platform support with IA/A&A activities. Whether we are supporting the submission of a Risk Management Framework (RMF) package, assisting in the creation of policy, building A&A documentation, analyzing vulnerability findings, or supporting tracking activities such as workforce IA training or Federal Information Security Management Act (FISMA), our focus is on the best practice methods to enhance the overall organizational security culture and posture. This translates differently per each individual goal; however, a key tenant is clear communication of expectations and making technical communications appropriate for the target audience. Simply put, it is our team’s belief…show more content…
Our team is well versed in both DIACAP and RMF, and the interaction with Committee on National Security Systems Instruction (CNSSI) 1253 to support FISMA compliance within the DoD. A final key component to our approach leverages our heritage in software development. Across our project teams, we have created scripts and custom applications that automate the testing gaps left by IA tools, such as ACAS, in demonstrating compliance against applicable STIG’s, DODI 8500.2 or National Institute of Standards and Technologies (NIST) SP-800-53 policy. The results are included with the test results as an artifact for the accreditation authorities and agents, providing for regression testing and historical progress purposes. Additionally, we have a custom-built tool for testing result aggregation, digestion, and presentation. The custom tool creates an interactive POA&M and finding aggregation presentation, which greatly enhances the ability of analysts in examining data, applying false positive information and exceptions across large data sets, and provides custom reporting for all stakeholders. This tool is typically customized for the specific customers as part of the effort; however, the team is fully capable of using customer-preferred products as required. 3.2.1.1 Digital Storytelling - MD5 exists as a unique kind of public-private
Open Document