C5i | Commanding Intelligent Security

Securing Your Organization



Program Development and Management

IT security is more than just a vulnerability scan or a penetration test - it's a state of mind. It's a conscientious effort to constantly improve your IT security policies, practices, and procedures. It's an on-going mission to keep one step ahead of the bad guys and continually fortify your defenses. It's an over-arching philosophy to protect your agency's, and the public's, data.

Most IT consultants can perform a technical assessment, but that doesn't help you after they've left. What do you do after reading in their assessment report about the dozens of vulnerabilities in your system or network? Where do you start, which problems do you fix first, and how do you know you've fixed them?

C5i consultants can help you develop a comprehensive IT security program from the ground up, or simply help improve certain areas of your existing program. We can help manage and improve your IT security program or plan and coordinate your annual IT security assessments. Specifically, we can:

  • Develop an agency-wide security program that is efficient and measurable and that complies with all federal laws and standards
  • Help you understand current and evolving federal IT security laws and regulations, such as FISMA, OMB A-130, the Privacy Act, Presidential Directive HSPD-12, NIST, and FIPS, as well as current trends and threats facing government systems and data.
  • Act as project manager to plan, track, and report FISMA, C&A, or POA&M progress
  • Coordinate IT security activities with other organizations and agencies
  • Assist in budget and resource planning for future assessment projects
  • Help fill out the annual FISMA questionnaire and create the annual report to OMB and Congress on your agency's compliance with FISMA requirements.
  • Create and maintain the FISMA-required inventory of major systems
  • Develop costs and schedules for IT security improvement projects
  • Track vulnerabilities that are fixed
  • Help you verify whether you meet federal data protection regulations
  • Help you hire the right IT security personnel

Whether you're a small organization or a large agency - C5i will be with you every step of the way to make sure you're always protected.

FISMA Reporting and Management

The Federal Information Systems Management Act (FISMA) and OMB A-130 require that are federal government IT systems be evaluated every year to ensure that their security controls are effective and operating as intended. Whether you're a small or large agency, keeping track of the security assessment status of all of your major systems can be a management challenge. Specifically, we can:

  • Act as project manager and plan, track, and report FISMA assessment progress
  • Coordinate FISMA assessment activities with other organizations and agencies (such as maintaining SLAs and interconnection agreements)
  • Develop and maintain a Plan of Action and Milestones (POA&Ms) spreadsheet to track the status of all open vulnerabilities so they can be reported on a quarterly basis as required by OMB
  • Assist in budget and resource planning for FISMA activities, whether it's maintaining POA&Ms or managing on-going assessments throughout the year
    C5i consultants can ensure that your IT systems meet all federal laws and directives, as well as NIST standards, so you can be assured that they are totally secure.

Certification and Accreditation (C&A) Management

FISMA and OMB A-130 require that all federal government systems be evaluated in detail (certified) and approved to operate (accredited) every three years or when major changes have occurred. C5i security experts can help plan and coordinate your C&A effort or help construct a comprehensive C&A program for your agency to ensure that your systems are effectively secured and your programs meet federal standards. Specifically, we can:

  • Act as project manager and plan, track, and report C&A progress
  • Coordinate C&A activities with other organizations and agencies
  • Develop and maintain POA&Ms
  • Assist in budget and resource planning for C&A activities

C5i consultants can ensure that your IT systems meet all federal laws and NIST standards so you can be confident that they are totally secure.