Services
Cybersecurity and Security Assessments are the focal point of CISEVE's offerings.
We can evaluate you, test you, and certify you.
Schedule Your CMMC Assessment
For businesses seeking CMMC certification, choosing the right Certified Third-Party Assessment Organization (C3PAO) is critical. CMMC assessments are a commitment to security and enable a business to continue supporting the defense sector.
CISEVE can help your business with:
- CMMC Assessments
- Mock Assessments
- Assessment Assurance Program Management
Other Services We Offer
NIST SP800-171 SPRS Compliance
As a part of the DoD Interim Rule in November 2020, DFARS 7019 and 7020 were added, requiring the DIB supply chain to assess their organizations following the NIST 800-171 guide and to post a score to the Supplier Performance Risk System (SPRS).
NIST 800-171 contains 110 controls, which are also the basis for the Cybersecurity Maturity Model Certification (CMMC). One of the first steps of this process is to identify the Who, What, When, Where, Why, and How of your system.
Questions we'll seek to answer:
-
Who has access to my data?
-
What type of data do I have?
-
When do I need this to be implemented?
-
Where is my data? Where does it go?
-
Why do I need this data?
-
How am I protecting it?
FISMA Compliance Services
As a part of the E-government Act of 2002, the Federal Information Security Management Act (FISMA) of 2002 is a United States federal law that made it a requirement for federal agencies to develop and implement an information security program.
FISMA is designed to reduce federal agencies' risk while providing security, functionality, and accountability. FISMA sets security guidelines that must be implemented by each federal agency. These guidelines extend to contractor systems and state agencies that store, transmit, or use federal data.
FISMA received an update and became the Federal Information Security Modernization Act (FISMA) of 2014. One of the important features of the new FISMA was the focus on Continuous Monitoring and real-time awareness of security risk levels. To provide standards and guidance, NIST was selected to provide the necessary and required guidelines for securing systems and thus securing the data. The National Institute of Standards and Technology (NIST) developed standards and guidelines required by FISMA and the Office of Management and Budget (OMB). These documents, known as “publications,” include FIPS 199, FIPS 200, and the NIST 800 series.
At a high level, FISMA provides agencies with guidance on:
-
Data Categorization (FIPS 199)
-
Control selection (FIPS 200)
-
System Security Plan development (SP800-37r2)
-
Risk Assessment (SP800-30)
-
Security control implementation guidance (SP800-53r4)
-
Security Control Assessment (SP800-53Ar4)
Additionally:
-
Privacy Threshold Analysis (PTA) (Agency specific)
-
Privacy Impact Assessment (PIA) (Agency specific)
Once security controls are implemented, the organization receives an Authority to Operate (ATO). FISMA then requires that each system enter the Continuous Monitoring phase, which includes annual assessments.
Related Services:
-
New system document creation
-
New system assessment
-
Update existing documentation
-
Annual Continuous Monitoring assessments
-
Contingency Plans
-
Incident Response Plans
-
Independent Contingency Plan testing
-
Vulnerability scanning
-
Penetration testing
State & Local Compliance Services
State and Local jurisdictions are at the same risk as commercial and federal organizations, yet they have fewer resources to protect themselves. Risk mitigation is done through prioritization and requires a starting point. CISEVE can provide a current status assessment and make recommendations on how to proceed, additionally, we can assist you by augmenting your resources to complete the work.
State:
States have resources that can be centralized for more efficient protection. These protections may soon get regulations similar to the Federal level that they must comply with. A good starting point is to evaluate the system against NIST SP800-171.
Local:
Local jurisdictions have limited funding and require an efficient use of resources to protect their citizens. There are programs and services to help. Let CISEVE help you explore them.
ICS Assessments
Industrial control system (ICS) is the general term that includes several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and Programmable Logic Controllers (PLC) that operate utilities, manufacturing, transportation, and environmental systems.
ISO Services
CISEVE has extensive experience in providing International Organization for Standardization (ISO) consulting services for all ISO standards. We have developed a method that alleviates the misconceptions of other service providers. We can deliver an ISO management system based on your requirements from scratch that is tailored to each organization’s needs, thus allowing for internal sustainability and long-term growth.
Certification Preparation - CISEVE’s consultants will build an ISO management system by gathering your current successful business practices and melding them with ISO requirements. We can provide the required audit training, documentation, and templates, along with being able to further educate your organization on best practices.
Document Review – Some organizations are almost ready for standards certification regarding documentation and the level of implementation. CISEVE’s Subject Matter Experts (SMEs) will review your current documents against the ISO standard to ensure compliance and verify that there are no gaps before your actual audit.