Many of today’s regulations and compliance standards in the United States are based on the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). This includes FISMA, RMF for DoD IT, FedRAMP and more recently the NIST Cybersecurity Framework. Core to the RMF is the selection and implementation of security controls detailed in NIST Special Publication 800-53. Control sets are typically determined based on an information system’s security categorization – either low, moderate or high. The categorization corresponds to an applicable security control baseline of the same name (low, moderate or high). Each baseline builds on the previous baseline to provide greater security and assurance in the protection of a system and its information.
Our NIST RMF Readiness service evaluates your product line to determine if it’s meeting the requirements of each security control baseline. We do this by looking at the security features and inner workings of your product(s) to see how they stack up against specific technical security control recommendations related to access control, audit and accountability, identification and authentication, media protection, system and communications protection and system and information integrity. Other security controls may also apply depending on your products and targeted industries.
Our NIST RMF readiness service includes:
- NIST RMF Readiness Gap Analysis: This service is for vendors that want to increase market share in the United States but aren’t familiar with the RMF. Our RMF gap analysis walks you through the RMF process and examines your product suite to see how it compares to the low, moderate and high security control baselines. We also look into your product roadmaps to ensure you’re on track with relevant regulations and standards for your target industries, identify any risks and/or challenges, and highlight action items that will help you maximize sales and market share.