Industries

<Government>

Federal Government

Federal agencies, departments and contractors are faced with an increasing number of regulations, and standards. Accordingly the number of audits and the requirements to secure data as well as mitigate threats continues to grow rapidly.

IT and operational managers within the Federal Government (as well as state and local government) continue to wrestle with the hard problem of tying silos of vulnerability management for IT assets, periodic assessments of risk related to information systems, implementation of security controls commensurate with risk and the deployment and operation of system security plans.

FISMA (Federal Information Security Management Act) – requires agencies to protect the integrity of key information among internal systems, contractors, and organizations whose information systems possess or make use of federal agency information.

Office of Management and Budget (OMB) Circular A-130 requires executive agencies within the federal government to:

  • Plan for security
  • Ensure the appropriate officials are assigned security responsibility
  • Review security controls in their information systems
  • Authorize system processing periodically

The Challenge

The challenge most agencies and departments face is determining how to measure and manage risk consistently and in a sustained manner, given the highly subjective nature of risk, as well as its reach into many disparate areas of the organization. Unfortunately, many agency directors and their oversight committees have limited visibility into IT risk. This puts a large burden on CIOs and CISOs to articulate the challenges they face as different parts of the organization must comply with mandates, regulations and policies. Functional divisions such as IT Risk, Compliance, and Audit; IT security; and IT operations all operate as independent silos.

Some of the challenges are:

  • Spreadsheet and email based processes  for assessment cannot scale effectively to address the volume of information and the size of IT installations in most agencies
  • Most agencies do not have a sustained and repeatable process to manage risk and compliance
  • Combining self-assessment with security automation tools is not supported by most processes
  • Continuous monitoring requires asset information to be stored and tracked over time
  • Requirements to comply with a growing list of multiple regulations require frequently repeated surveys and costly manual assessments

Agiliance IT-GRC delivers comprehensive IT Risk and Compliance Management

Agiliance IT-GRC 3.0 Enterprise Manager and Enterprise Suite editions enable federal agencies to provide a common security and risk operational picture to all executive level constituents in an organization. This all encompassing view helps to minimize agency program risk, assess the security and compliance of IT Technology, and demonstrate continuous compliance based on real-time survey and automated control detail.


FIPS project

FIPS 199 System Categorization Project: Agiliance supports simultaneous asset discovery and categorization assessments. Analysts can select multiple regulations that are needed under FISMA guidelines and the underlying controls and sub-controls are included in for testing via eSurvey. Results can be combined with data from security automation systems.


With Agiliance IT-GRC departments and agencies can:

  • Implement a standards-based IT governance, risk and compliance process
  • Deliver a roles-based dashboard with full drill-down capability to provide agency executives with knowledge to act on risk that matters
  • Assess technology infrastructure and reconcile survey information with automated security information
  • Deliver policy management with guidance on control objectives, controls and sub-controls
  • Demonstrate continuous regulatory compliance – our unique common control framework reduces the number of controls to check and delivers “test-once-certify-many” capability
  • Prioritize IT investment based on risk value and compliance criticality
  • Respond to risk immediately – Accept, Transfer, Mitigate, Remediate in real-time
  • Reduce risk by reducing compliance and security incidents
  • Extend liability to vendors and partners as appropriate.
Live Demo Sign Up