Ivis PRO Product Tour – IVIS Technologies

Ivis CONTROLS Product Tour

Control View

Plan of Action & Milestones

System Security Plan

Ivis CONTROLS - Product Tour

Dashboard

The Ivis CONTROLS Dashboard gives you a quick overview of all core elements you have installed in your instance. Right now we have only cybersecurity and we can quickly see that we have 24 completed, 15 controls with a POAM, 17 not applicable controls, and 54 incomplete controls. We can also see the POAM summaries; 3 are complete, 5 are not applicable and 23 are under review.

Cybersecurity Plan

Here you can see the fourteen different NIST 800-171 control families as well as the individual statuses of those controls. The green checkmark represents completed controls. The orange magnify glass shows if the control has a POAM associated. The blue no symbol means not applicable and the red exclamation point is for an incomplete control, or a control with a completed/not applicable POAM that needs further attention.

Control Family View

This is the individual control family view. Here you can see the 3.5 – Identification and Authentication family and listed below is a description of that section. In this view, you will be able to see the statuses of all the individual controls as well as the scheduled and completed dates.

Ivis PRO - Available Core Elements

Americans with Disabilities Act	Data Breach Laws	Harrassment	Payment Card Industry Security Standard (PCI DSS)
Anti-Boycott	Discrimination	Health Insurance Portability and Accountability Act	Personal Conflicts of Interest (Government Support Services)
Anti-Corruption	Economic Espionage Act	Human Trafficking	Personal Identity Verification I-9 Compliance
Antitrust	FAR Mandatory Disclosure	Import/Export	Revolving Door
Business Ethics Awareness Program	Family and Medical Leave Act	Insider Trading	Sarbanes-Oxley Acts of 2002
Conflict Minerals	Federal Awardee Performance and Integrity Information System (FAPIIS)	NIPSOM - Handling Classified Information	Truthful Cost or Pricing Data
Conflicts of Interest	GDPR	Organizational Conflicts of Interest Vetting	Wages and the Fair Labor Standards Act
Cybersecurity

Pricing starts at $. For more information – https://ivis.com/pricing/

Ivis CONTROLS - Available Templates

Business Ethics Awareness Program

Cybersecurity

GDPR

Health Insurance Portability and Accountability Act

Payment Card Industry Security Standard (PCI DSS)

Pricing starts at $. For more information – https://ivis.com/pricing/

Ivis PRO - Product Tour

Dashboard

Designed to give users a detailed view of the info they need, at-a-glance. Some of the top features include:
Compliance Risk Details – Program managers can quickly view the current risk ratings, risk assessment scores and training.
Training Summary – Gives your staff the ability to assess the progress of high, medium and low risk training.
Mitigation Status – Allows for the overview of mitigation task status and verification of performance by task and risk level.

Core Elements

The plan maps out your compliance strategy, process, and goals. The feature gives all users, from the executive suite to front line staff, the core element details: the who, what and how.
Who – Identifies the compliance manager, department accountable, legal team and individuals at risk as associated with the current element.
What – Provides critical details like description, element year and a snapshot of risk assessment.
How – Lists applicable statutes, policies and procedures, communication methods and task status for the current plan in addition to electronic signatures for plan participants.

Risk Assessment and Mitigation

Ivis PRO identifies and exposes areas where your company is vulnerable to risk and fraud
– Incorporates the Fraud Triangle to help you evaluate your organization’s risk and select scores for rationalization, opportunity, pressure and consequence.
– Our assessment process features the ability to enter justification information for each score.
– Easily view risk assessment and mitigation scores on the Ivis Risk Cube.

Reporting

Supports the critical function of reporting, showing proof via an audit trail that risks, fraud, and tasks are being addressed.
– Provides compliance reporting for the entire plan and plan segments.
– Summaries that give you an overview of your organization’s compliance and risk plans.

Pricing starts at $. For more information – https://ivis.com/pricing/

Tier 1 - NIST Cybersecurity Plan Review

The NIST Cybersecurity Plan Review service takes the trial and error out of the NIST compliance process, reducing expenses, and clarifying path forward for a company. This program is designed for either those organizations that have already built a complete NIST cybersecurity plan and are leveraging the Ivis compliance platform or those who need recommendations on how to complete their plan to put into the Ivis compliance platform. It consists of two primary components.

NIST Cybersecurity Plan Review

A well designed NIST Cybersecurity Compliance Plan increases clarity by providing the most effective direction to bring a company from its current state to achieving and maintaining compliance. Silent Sector’s Plan Review provides an independent opinion to validate your current plan and may offer guidance to improve the plan where necessary.

Plan Recommendations

Some companies will have a plan in place, but may need adjustments in order to be considered viable. Professional recommendations are written alongside the existing plan in the Ivis compliance platform allow for focused effort and the best of resources through the duration of the compliance process.

Project Scope

In an effort to ensure that a company is able to meet and maintains compliance requirements, Silent Sector will perform the following activities related to NIST SP 800-171A.
NIST Cybersecurity Plan Review

Review of existing plan in the Ivis compliance platform
Recommendations based on a professional review, in the Ivis compliance platform

Project Deliverables

Silent Sector will provide the following deliverables:

NIST SP 800-171A Cybersecurity Plan Review
- Plan review
- Written recommendations if needed to have a complete and viable plan
- Confirmation of review completion

Schedule

The following is the estimated timeline for SOW completion. This timeline is subject to change based on unanticipated findings, platform issues, or communication delays. Silent Sector holds the right to start the project in the order it was received.

Initial Plan Review	Week 1
Recommendations and Verification of Review	Week 2

Pricing

All costs listed below are based on the cope and assumptions included in this Statement of Work

NIST Cybersecurity Plan Review

$550

Tier 3 - NIST Cyber Alignment

The NIST Cyber Alignment program takes the trial and error out of the NIST compliance process, reducing expenses, increasing clarity, and paving a clear path forward. This program consists of three primary components.

Gap Analysis – Current Posture to NIST SP 800-171A

Companies will have a clear picture of what is already in place and where they fall short of meeting NIST requirements. This allows for focused effort and the best of resources through the duration of the compliance process.

NIST Alignment Plan Development

Every company differs and therefore requires its own unique strategy to meet and maintain NIST cybersecurity requirements. The NIST Alignment Plan increases clarity by providing the most effective direction to bring a company from its current state to achieving and maintaining compliance. It leverages the Ivis compliance platform for ease of tracking and evidence retention.

Cyber Risk Assessment

A clear understanding of risks and potential attack vectors is the foundation of cybersecurity. Silent Sector provides a clear but detailed analysis of vulnerabilities and the current state of risk.

Silent Sector will provide an independent perspective of cybersecurity vulnerabilities and risks related to network infrastructure and any critical web applications. This allows for the development of a strong security posture, while making the best use of resources.

Conducting the Risk Assessment will:

Identify vulnerabilities in critical network and web application components
Create a vulnerability and risk baseline for any publicly accessible infrastructure
Provide reference and guidance documentation for use by IT Team leadership
Provide 3rd party assessment documentation for presentation to prospects and clients

Project Scope

In an effort to ensure that companies maintain a secure and digital environment, Silent Sector will perform the following cyber risk and NIST SP 800-171A compliance related activities.

Gap Analysis – Current Posture to NIST SP 800-171A

Client interviews, 4-8 hours based on availability and readiness
A detailed comparison of interview responses with NIST cybersecurity requirements
Documented NIST Cyber Security Gap Analysis

NIST Alignment Plan Development

Review of Gap Analysis with applicable staff
Pre-planning interviews, 4-8 hours based on availability and readiness
Plan development and delivery
Plan review and discussion with applicable staff

Cyber Risk Assessment of Network Infrastructure (maximum of 60 hours)

External vulnerability scans, up to 254 IP addresses
Web application scans, up to 2 web applications
Risk ranking
Vulnerability documentation
Remediation recommendations
IT infrastructure security recommendations
Executive and technical level reporting

Project Deliverables

Silent Sector will provide the following deliverables:

Gap Analysis – Current Posture to NIST SP 800-171A
- Documented NIST Cyber Security Gap Analysis
NIST Alignment Plan Development
- One hour review of Gap Analysis with applicable staff
- Documented NIST Alignment Plan to guide CompanyA in meeting cyber security compliance
- Two hour plan review and discussion with applicable staff
Cybersecurity Assessment Report
- Executive Summary
- Current threat level definitions & overview
- Identified vulnerabilities by type
- Remediation & findings recommendations
- Comprehensive list of findings
- Review of findings with development leadership upon request
- Raw scan outputs

Schedule

The following is the estimated timeline for SOW completion. This timeline is subject to change based on unanticipated findings, platform issues, or communication delays.

Interviews & Information Collection	Week 1
Analysis and Gap Assessment Development	Week 2
Pre-planning Interviews & NIST Alignment Plan Development	Weeks 3 – 5
Report Delivery, Review, and Discussions	Week 6

Pricing

Please contact Ivis at [email protected]

Tier 2 - NIST Gap Analysis & Plan Development

NIST Gap Analysis & Cybersecurity Plan Development services take the trial and error out of the NIST compliance process, reducing expenses, increasing clarity, and paving a clear path forward. This program is designed for organizations that require a cybersecurity plan to meet NIST requirements and will be utilizing the Ivis compliance platform. This program consists of two primary components.

Gap Analysis – Current Posture to NIST SP 800-171A

Companies will have a detailed understanding of where they fall short of meeting NIST SP 800-171A requirements. Silent Sector will review the existing compliance plan to provide a 3rd party perspective on the status of the plan and assist with identifying shortcomings. This allows for focused effort and the best of resources through the duration of the compliance process.

NIST Cybersecurity Compliance Plan Development

Every company differs and therefore requires its own unique strategy to meet and maintain NIST cybersecurity requirements. The NIST Cybersecurity Compliance Plan will provide a clear path from its current state to achieving and maintaining compliance. This plan will incorporate the use of the Ivis compliance platform.

Project Scope

In an effort to ensure that a company is able to meet and maintains compliance requirements, Silent Sector will perform the following activities related to NIST SP 800-171A.

Gap Analysis – Current Posture to NIST SP 800-171A

Client interviews, 4-8 hours based on availability and readiness
A detailed comparison of interview responses with NIST cybersecurity requirements
Documented NIST SP 800-171A Cybersecurity Gap Analysis

NIST Cybersecurity Plan Development

Review of Gap Analysis with applicable staff
Pre-planning interviews, 4-8 hours based on availability and readiness
Plan development and delivery
Plan review and discussion with applicable staff

Project Deliverables

Silent Sector will provide the following deliverables with a maximum time allocation of 40 hours.

Gap Analysis – Current Posture to NIST SP 800-171A
- Documented NIST Cybersecurity Gap Analysis
- One hour review of Gap Analysis with applicable staff
NIST Cybersecurity Plan Development
- Documented NIST Cybersecurity Alignment Plan to guide cybersecurity compliance requirements
- Cybersecurity plan discussion with applicable staff (up to 2 hours)

Schedule

The following is the estimated timeline for SOW completion. This timeline is subject to change based on unanticipated findings, platform issues, or communication delays.

Interviews & Information Collection	Week 1
Analysis and Gap Assessment Development	Week 2
Pre-Planning Interviews & NIST Alignment Plan Development	Weeks 3 – 4
Report Delivery, Review, and Discussions	Weeks 4 – 5

Pricing

Please contact Ivis at [email protected]

Ivis is the Lean Compliance Solution for Your Organization.

The Dashboard

Core Elements

Risk Assessment and Mitigation

DFARS Cybersecurity
NIST SP 800-171

Reporting

Available Core Element Templates

Control View

Plan of Action & Milestones

System Security Plan

Dashboard

Cybersecurity Plan

Control Family View

Dashboard

Core Elements

Risk Assessment and Mitigation

Reporting

Project Scope

Project Deliverables

Schedule

Pricing

Project Scope

Project Deliverables

Schedule

Pricing

Project Scope

Project Deliverables

Schedule

Pricing

Ivis is the Lean Compliance Solution for Your Organization.

The Dashboard

Core Elements

Risk Assessment and Mitigation

DFARS Cybersecurity NIST SP 800-171

Reporting

Available Core Element Templates

DFARS Cybersecurity
NIST SP 800-171