Electrosoft supports Federal agencies in the design and implementation of information systems that are fully compliant with applicable security and privacy regulations. In particular, we assist compliance with Office of Management and Budget (OMB) policy, Department of Homeland Security (DHS) directives, National Institute of Standards and Technology (NIST) standards and guidelines, Government Accountability Office (GAO) audit guidance, agency policies and procedures, and industry best practices. We perform independent evaluations of the effectiveness of the agency's overall information security (IS) programs and practices to help identify (a) current weaknesses and vulnerabilities and (b) opportunities to improve these programs by streamlining activities and making them more effective.
NIST Special Publication (SP) 800-53, rev 4, Security and Privacy Controls for Federal Information Systems and Organizations, defines security control effectiveness as the extent to which security controls are implemented correctly, operating as intended, producing the desired outcomes with respect to the security requirements for the system in its operational environment, and enforcing/mediating established security policies. The publication specifies 18 families of security controls. Seventeen pertain to security mechanisms that must be implemented or inherited by information systems. The eighteenth family, Program Management, helps facilitate compliance with applicable Federal laws, executive orders, directives, policies, regulations and standards at the organizational level.
Our security experts and analysts identify and mitigate the risks an organization faces from IT security threats. Using the latest methodologies and technologies, we help customers understand and interpret Federal mandates – and the related guidance material – to support the implementation of compliant and secure systems.