IMPRIMIS SUSTAINMENT SERVICES
Once an organization achieves full compliance with NIST 800-171 or any other standard or regulation, they need to commit to ongoing efforts to remain in compliance – or sustain compliance. Imprimis provides a full suite of supporting services. These are divided into two groups – Continuous Sustainment Services and On-Demand Services.
The continuous activity includes continuous monitoring of the system, frequent vulnerability scans, part-time CISO (Chief Information Security Officer) support and training. Imprimis also provides support when needed or on-demand. These services include incident response, forensic analysis, annual reassessments and advisory services.
Continuous Sustainment Services
Part Time CISO Services
On-Demand Sustainment Services
Supply Chain Management
Imprimis provides continuous monitoring via a cloud-based SIEM (Security Information & Event Management) which collects logs and network information from multiple devices and ahs the ability to correlate activities and identify anomalies. The analysis also includes behavioral analysis utilizing a UEBA (User or Entity Behavioral Analysis) program. Logs and data are collected from key devices within the network and stored in a cloud-based SIEM where the UEBA analysis takes place. Alerts are issued for anomalies and the logs are maintained for at least 12 months. One of the primary benefits of continuous monitoring is tracking logins and failed login attempts. With proper network segmentation activities within the network can be tracked as well.
Another very important capability is to scan the network for vulnerabilities. Vulnerabilities exist within the software used for operating systems and applications. They can also include open ports and exposed network segments. Imprimis installs scanner software within the network to provide the scanning information, the internal scans show open ports, and any un-remediated software vulnerabilities on all devices within the network. The scanning software also performs a discovery scan which is important for asset management - both software and hardware assets. Vulnerability scans of externally facing IP addresses are scanned periodically to ensure no vulnerabilities are exposed outside of the network.
Policies & Procedures Courses
Smart Cyber Citizen™ On-line Courses
KnowBe4 Training Packages
Imprimis provides training as part of the sustainment support. Training is a mandatory compliance requirement and is one of the most important activities a company can provide as part of their cybersecurity program. More than 3 out of 4 successful attacks involve the compromised accounts of someone who is authorized to be on the system.
Imprimis provides training to staff and executives on policies and procedures of the company, and the responsibility of key people who have responsibility for managing risk. These would include such courses as the role and responsibilities of data owners or network owners. In addition, Imprimis provides the Smart Cyber Citizen™ classes to enhance awareness of staff at all levels. Imprimis also provides KnowBe4 training to enhance skills in the cyber domain.
SUSTAINMENT SUPPORT DESCRIPTIONS
Annual Reassessment Services
An assessment will be performed annually to ensure full compliance with NIST 800–171 and the development of a POA&M will be done if necessary.
Supply Chain Support
Supply chain support will include 1) making all subcontractors and suppliers aware of CUI, educating them how to deal with CUI and comply with cybersecurity requirements, 2) working with key members of the supply chain to ensure that they are in compliance or assist them in becoming compliant, 3) monitoring the supply chain to ensure continued compliance.
Crisis Incident Response Services
Respond in accordance with governing policies and procedures, the SSP, and information security best practices to actual incidences that have significantly affected an organization’s ability to operate (e.g., Petya & FedEx) by providing on-site/remote technical advice, forensic analysis, and remediation recommendations/services.
Ongoing Cybersecurity Advisory Services
Provide advisory services during sustainment to support continuous improvement. Support information security testing and exercises as required. Provide support as required to remediate cyber security issues.
Provide recurring training for all employees and additional role-based training for IT and cyber security personnel.
CISO / Risk Management Advisory Services
Provide the services of a very senior subject matter expert to act as the CISO or Interim CISO or advise the Chief Information Security Officer or CISO, the corporate risk management executive, and senior management regarding cyber-based risks and provide senior management with recommendations to remediate deficiencies and strengthen overall cyber security and risk management.