Policy & Procedures

The first control in every NIST family domain is a requirement to have written information security policies and procedures. As such investing time into developing and maturing policy and procedures is the foundation of any IT Security Program.

Free Consultation

We have over 5 years of hands on experience in policy and procedure interpretation and development. We will develop and update your policies and procedures to align with OMB, DHS, NIST, Committee on National Security Systems (CNSS), Intelligence Community Directive (ICD), Congressional and other cybersecurity mandates, and directives.

Collaboration

Everybody has easy plug and play templates. The major lift is tailoring these templates based upon existing legislation, organization mission, and industry’s best practices in information security. This requires coordination with all appropriate representatives that has a hand in that particular domain. Questionnaires, virtual meetings and follow ups are necessary.

Living Documents

Developing/updating policy and procedures is not a one time event. While this approach may get an organization by, it usually fails after the first major audit. Assigning ownership to each policy to help ensure annual updates is crucial to support the organizations due diligence to third parties.

CyberSuite Policy and Procedure Service

Once we establish a baseline policy and procedure set, we can set a reoccurring monthly, quarterly or annual pulse check to ensure your organization is on the right track.

  • We will review authorization memo’s, interconnection agreements, risk based decisions, briefings to managements, and draft legislative documents and provide timely feedback to stakeholders as necessary.
  • CyberSuite will use Special Publication 800-53A and 800-53 Rev5 as a baseline when reviewing the effectiveness and compliance of your IT policy and procedure set.
  • We will ensure that policies and procedures, for the given set of FISMA security controls, speak to the requirements and the determine-if-statements set within NIST guidelines in a cohesive manner that also coincides with your organizations overall mission.

While your organization may not be required to comply with FISMA, the NIST family of publications can provide excellent guidance on developing and managing an information security program.

Adhering to NIST SP 800-53 crosswalks to ISO 27001, SOC 2, CMMC, and other frameworks.