top of page

IMPRIMIS CYBERSECURITY CONSULTING

 

Imprimis provides a broad spectrum of consulting services as shown in Figure 1. 

 

 

 

 

These services include strategic planning, governance, technology advisory for both IT technology and the implications of operational technology - from machine tools to cloud-based enterprise resource management systems. Imprimis has personnel with cybersecurity certifications (CISSP, etc.) and personnel with years of operational and planning experience in private and public corporations and government institutions.

  1. Strategic Planning: Understanding the organization’s mission and objectives, Imprimis consultants can identify the enablers and needs and plan a progressive approach for their achievement.  This will necessarily include the information technology used to support the strategic elements and the information security management program and system to ensure success.

  2. Risk Analysis: An important element of planning and developing an information security management system is identifying the threats which the organization faces and assessing the impact and likelihood of the threats occurring and inflicting damage.  This is followed by the design of the defenses through the development of a Business Continuity Plan, Disaster Recovery Plan, and an Incident Response Plan.

  3. Policy and Governance: One of the most important parts of an information security program is the policy and procedural components.  Defining the proper use of technology and training the personnel using the technology is absolutely critical to a successful program.  The overwhelming majority of threats focus on the human element of an organization and, as a result, most successful attacks involve compromising the credentials of personnel that have access and privileges on the system.  Procedural defense is essential.  Procedures are also very important to productivity.

  4. Information Security Program & Management System: Imprimis will identify the security controls and practices needed to achieve a high level of security and maintain that level indefinitely.  The operational objective is an Information Security Management System or ISMS.  The ISMS will be a key function within the organization.

  5. Technology Advisory: Technology is a key capability of any modern organization and will become a more critical element in the future.  Therefore, the selection of technology has major implications on both the strategic objectives and the security of the organization and its systems.  Operational technology needs to be secured within the organization and it brings a number of organic vulnerabilities that need to be removed or neutralized.  Also, security technology varies in effectiveness and  interoperability.  Analyzing these factors during the selection process with Imprimis expertise can avoid expensive and costly mistakes and can lead to the optimization of investment dollars.

  6. Market Growth Analysis: Those who recognize that secure IT operations are strategically critical for the future and act on their convictions will also realize increased opportunity in the marketplace.  Governments and industry have recognized the need for, and are imposing, cybersecurity standards on all who provide products and services to them.  Imprimis can help identify increased opportunity and help maximize the beneficial impact of investment decisions.

 

Consulting Services can be purchased by the hour via the online store (Click Here to Purchase).  For blocks of hours or hours associated with a specific service project, please contact Imprimis at 719-785-0320 for a customized quotation.

Consulting

Consulting and Advisory Services

  • Strategic Planning

  • Risk Analysis

  • Policy & Governance Development

  • Information Security Program & Management System

  • Technology Advisory

  • Market Growth Analysis

FIGURE 1 – Imprimis Consulting Services

CYBERSECURITY ASSESSMENTS

 

I2 CMMC ASSESSMENTS


Imprimis offers Cybersecurity Maturity Model Certification (CMMC) Assessments which can be performed either remotely or onsite.  We offer both an Initial Assessment and a Final Compliance Assessment (pre-audit).

 

CMMC INITIAL ASSESSMENT:


The Initial Assessment of the organization and network will be performed to determine the extent of compliance with the CMMC requirements at the desired level and will include gathering all requirements of the operating environment including known risks; a review of any existing policies and procedures, network diagrams and standards; and examination of the technical configuration of the current on-premise systems and cloud-based elements.  The deliverables are as follows:

  • The i2ACT 800 software tool and associated assessment database

  • An assessment report detailing compliance status with both the CMMC and DFARS requirements

  • A remediation report detailing all noncompliant requirements and the general tasks that must be completed to become compliant.

  • A Requirement/Practice/Process remediation action list

  • If Imprimis is supporting the customer with documentation and remediation activities, the assessment will be continuously updated so that it is complete upon full compliance.

  • 2014, Imprimis has been developing and deploying a complete set of interactive Tools, Templates and Integrated Compliance Packages centered around leading Cybersecurity regulations and standards.

FINAL COMPLIANCE ASSESSMENT:


The Final Assessment would be performed at the conclusion of remediation and upon reaching full compliance and will be included in the company’s Book of Evidence.  This assessment might also be performed prior to a scheduled certification audit as a final check on compliance status if some time has passed between reaching compliance and the audit.
The deliverables are as follows:

  • An updated assessment database in the i2ACT 800 software tool

  • A final, updated assessment report detailing compliance status at the desired level of the CMMC and with DFARS requirements

  • A final assessment report in a format suitable for inclusion in the company’s Book of Evidence to be used during a certification audit.

  • If Imprimis is supporting the customer with documentation and remediation activities, the assessment will be continuously updated so that it is complete upon full compliance and this final assessment would not be needed.

  • have performed NIST 800-171 and NIST 800-53 DSS AAPM assessments for clients worldwide utilizing our i2ACT 800 Assessment and Compliance Software Tools (included in the assessment prices).  

 
i2ACT NIST 800-171 CYBERSECURITY ASSESSMENTS

 

Using the i2ACT 800 tool, and working jointly with our customer, the NIST 800-171 assessment will be performed; and a database will be developed which will include the identification of all compliant, partially compliant and non-compliant requirements, remediation actions and tasks.  All information discovered during the assessment to include documents, screenshots, and other artifacts, assessment reports and remediation reports will be included as well. Imprimis can perform the assessment either remotely or onsite depending upon the needs of the customer.

 

The i2ACT-800 tool also includes recommendations for system adjustments and configuration changes identified during the assessment will be provided if a critical vulnerability is identified during the assessment.

 
DELIVERABLES:

  • i2ACT-800s Assessment Tool.

  • A NIST 800-171 database within the i2ACT-800s tool.

  • Assessment report detailing customer’s level of compliance with the DFARS requirements.

  • Remediation plan detailing all noncompliant requirements and the general tasks that must be completed to become compliant with the NIST 800-171 requirements.

  • A presentation to customer’s executive leadership team explaining their current state of compliance and the recommended road ahead.

 
i2ACT NIST 800-53 DSS AAPM CYBERSECURITY ASSESSMENTS

Imprimis utilizes the i2ACT-800 PRO tool for the NIST 800-53 DSS AAPM assessments and each of the 270+ controls will be assessed for compliance and the compliance status and remediation action(s) required to achieve compliance will be documented for each control.  The conclusion regarding each control must be documented and supported with appropriate evidence and artifacts to ‘prove’ compliance with each control.  These assessments will be performed onsite at the customer’s facilities.

 

Recommended remediations would include developing and approving governing policies and procedures, providing training, and configuring the classified system to settings required by the applicable baseline or overlay, completing all requirements called for in the government Security Technical Implementation Guides (STIG), performing vulnerability analysis and remediation with the use of an approved Security Content Automation protocol or SCAP program.

 

DELIVERABLES:

  • I2ACT-800 PRO Assessment Tool.

  • A DSS established NIST 800-53 database within the i2ACT-800 PRO tool.

  • Assessment report detailing customer’s level of compliance with the DFARS requirements and specific DSS requirements.

  • Remediation plan detailing all noncompliant requirements and the general tasks that must be completed to become compliant specific to NIST 800-53 and the DSS AAPM requirements.

  • A presentation to customer’s executive leadership team explaining their current state of compliance and the recommended road ahead.

i2ACT-800 Assessments
Compliance Verifications
bottom of page