The National Institute of Standards and Technology has been working on recommended practices for information security since the adoption of the first computers in the workplace and Government. There is no system of controls, recommendations, and guidance more thorough or flexible in existence today.
Most organizations that must comply with NIST or FISMA guidelines know that these are not projects left to “do it yourself”. Yet with minimal instruction, the NIST frameworks allow organizations to grow leaps and bounds in information security readiness, and always in the correct fit for that organization’s needs.
The ESX Information and Cyber Security Group is composed of NIST and FISMA experts who know not only the challenges of the guidance but also how to make it work for the organization, not the other way around.
Be it NIST, FISMA, FIPS, RMF, or any other NIST Special Publication derivative, ESX will guide your organization in fitting your organization needs with a control set for maximum security return on investment.
- An ESX ICSG expert pairs with your organization to determine the correct level of security or compliance required
- The expert and key stakeholders in the organization work together to perform a risk assessment or an audit, depending on what suits the organizational requirements
- The assessor collects artifacts and evidence to supplement the report
- Security implementation experts compile the list of the organization’s requirements and results to create a remediation or Corrective Action Plan
- The report documents are delivered along with a letter of attestation as to the state of the organization’s security program and guidance for improving the organization’s security posture
If you are serious about information security, the NIST standards are the correct way to proceed!