• PRODUCTS
  • ABOUT IVIS
  • PARTNERS
  • CONTACT US
VIEW ONLINE DEMO
CONTACT US

FOLLOW US

Facebook
Twitter
LinkedIn

QUICK LINKS

PRODUCT TOUR
ABOUT IVIS
CONTACT

Copyright ©2002-2022 Ivis Technologies. All rights reserved.  Privacy Policy

Ivis CONTROLS Product Tour

Control View

 

 

Plan of Action & Milestones

 

System Security Plan

 

Ivis CONTROLS - Product Tour

Dashboard

The Ivis CONTROLS Dashboard gives you a quick overview of all core elements you have installed in your instance. Right now we have only cybersecurity and we can quickly see that we have 24 completed, 15 controls with a POAM, 17 not applicable controls, and 54 incomplete controls. We can also see the POAM summaries; 3 are complete, 5 are not applicable and 23 are under review.

Cybersecurity Plan

Here you can see the fourteen different NIST 800-171 control families as well as the individual statuses of those controls. The green checkmark represents completed controls. The orange magnify glass shows if the control has a POAM associated. The blue no symbol means not applicable and the red exclamation point is for an incomplete control, or a control with a completed/not applicable POAM that needs further attention.

Control Family View

This is the individual control family view. Here you can see the 3.5 – Identification and Authentication family and listed below is a description of that section. In this view, you will be able to see the statuses of all the individual controls as well as the scheduled and completed dates.

Ivis PRO - Available Core Elements
Americans with Disabilities ActData Breach LawsHarrassmentPayment Card Industry
Security Standard (PCI DSS)
Anti-BoycottDiscriminationHealth Insurance Portability
and Accountability Act
Personal Conflicts of Interest
(Government Support Services)
Anti-CorruptionEconomic Espionage ActHuman TraffickingPersonal Identity Verification
I-9 Compliance
AntitrustFAR Mandatory DisclosureImport/ExportRevolving Door
Business Ethics Awareness ProgramFamily and Medical Leave ActInsider TradingSarbanes-Oxley Acts of 2002
Conflict MineralsFederal Awardee Performance and
Integrity Information System (FAPIIS)
NIPSOM - Handling
Classified Information
Truthful Cost or
Pricing Data
Conflicts of InterestGDPROrganizational Conflicts
of Interest Vetting
Wages and the Fair Labor Standards Act
Cybersecurity

Pricing starts at $. For more information – https://ivis.com/pricing/

Ivis CONTROLS - Available Templates

Business Ethics Awareness Program
Cybersecurity
GDPR
Health Insurance Portability and Accountability Act
Payment Card Industry Security Standard (PCI DSS)

Pricing starts at $. For more information – https://ivis.com/pricing/

Ivis PRO - Product Tour

Dashboard

Designed to give users a detailed view of the info they need, at-a-glance. Some of the top features include:
Compliance Risk Details – Program managers can quickly view the current risk ratings, risk assessment scores and training.
Training Summary – Gives your staff the ability to assess the progress of high, medium and low risk training.
Mitigation Status – Allows for the overview of mitigation task status and verification of performance by task and risk level.

Ivis PRO Dashboard

Core Elements

The plan maps out your compliance strategy, process, and goals. The feature gives all users, from the executive suite to front line staff, the core element details: the who, what and how.
Who – Identifies the compliance manager, department accountable, legal team and individuals at risk as associated with the current element.
What – Provides critical details like description, element year and a snapshot of risk assessment.
How – Lists applicable statutes, policies and procedures, communication methods and task status for the current plan in addition to electronic signatures for plan participants.

Ivis PRO Core Elements

Risk Assessment and Mitigation

Ivis PRO identifies and exposes areas where your company is vulnerable to risk and fraud
– Incorporates the Fraud Triangle to help you evaluate your organization’s risk and select scores for rationalization, opportunity, pressure and consequence.
– Our assessment process features the ability to enter justification information for each score.
– Easily view risk assessment and mitigation scores on the Ivis Risk Cube.

Ivis PRO Core Elements

Reporting

Supports the critical function of reporting, showing proof via an audit trail that risks, fraud, and tasks are being addressed.
– Provides compliance reporting for the entire plan and plan segments.
– Summaries that give you an overview of your organization’s compliance and risk plans.

Ivis PRO Core Elements

Pricing starts at $. For more information – https://ivis.com/pricing/

Tier 1 - NIST Cybersecurity Plan Review

The NIST Cybersecurity Plan Review service takes the trial and error out of the NIST compliance process, reducing expenses, and clarifying path forward for a company. This program is designed for either those organizations that have already built a complete NIST cybersecurity plan and are leveraging the Ivis compliance platform or those who need recommendations on how to complete their plan to put into the Ivis compliance platform. It consists of two primary components.

NIST Cybersecurity Plan Review

A well designed NIST Cybersecurity Compliance Plan increases clarity by providing the most effective direction to bring a company from its current state to achieving and maintaining compliance. Silent Sector’s Plan Review provides an independent opinion to validate your current plan and may offer guidance to improve the plan where necessary.

Plan Recommendations

Some companies will have a plan in place, but may need adjustments in order to be considered viable. Professional recommendations are written alongside the existing plan in the Ivis compliance platform allow for focused effort and the best of resources through the duration of the compliance process.

Project Scope

In an effort to ensure that a company is able to meet and maintains compliance requirements, Silent Sector will perform the following activities related to NIST SP 800-171A.
NIST Cybersecurity Plan Review

  • Review of existing plan in the Ivis compliance platform
  • Recommendations based on a professional review, in the Ivis compliance platform
Project Deliverables

Silent Sector will provide the following deliverables:

  • NIST SP 800-171A Cybersecurity Plan Review
    • Plan review
    • Written recommendations if needed to have a complete and viable plan
    • Confirmation of review completion
Schedule

The following is the estimated timeline for SOW completion. This timeline is subject to change based on unanticipated findings, platform issues, or communication delays. Silent Sector holds the right to start the project in the order it was received.

Initial Plan Review Week 1
Recommendations and Verification of Review Week 2
Pricing

All costs listed below are based on the cope and assumptions included in this Statement of Work

NIST Cybersecurity Plan Review $550
Tier 3 - NIST Cyber Alignment

The NIST Cyber Alignment program takes the trial and error out of the NIST compliance process, reducing expenses, increasing clarity, and paving a clear path forward. This program consists of three primary components.

Gap Analysis – Current Posture to NIST SP 800-171A

Companies will have a clear picture of what is already in place and where they fall short of meeting NIST requirements. This allows for focused effort and the best of resources through the duration of the compliance process.

NIST Alignment Plan Development

Every company differs and therefore requires its own unique strategy to meet and maintain NIST cybersecurity requirements. The NIST Alignment Plan increases clarity by providing the most effective direction to bring a company from its current state to achieving and maintaining compliance. It leverages the Ivis compliance platform for ease of tracking and evidence retention.

Cyber Risk Assessment

A clear understanding of risks and potential attack vectors is the foundation of cybersecurity. Silent Sector provides a clear but detailed analysis of vulnerabilities and the current state of risk.

Silent Sector will provide an independent perspective of cybersecurity vulnerabilities and risks related to network infrastructure and any critical web applications. This allows for the development of a strong security posture, while making the best use of resources.

Conducting the Risk Assessment will:

  • Identify vulnerabilities in critical network and web application components
  • Create a vulnerability and risk baseline for any publicly accessible infrastructure
  • Provide reference and guidance documentation for use by IT Team leadership
  • Provide 3rd party assessment documentation for presentation to prospects and clients
Project Scope

In an effort to ensure that companies maintain a secure and digital environment, Silent Sector will perform the following cyber risk and NIST SP 800-171A compliance related activities.

Gap Analysis – Current Posture to NIST SP 800-171A

  • Client interviews, 4-8 hours based on availability and readiness
  • A detailed comparison of interview responses with NIST cybersecurity requirements
  • Documented NIST Cyber Security Gap Analysis

NIST Alignment Plan Development

  • Review of Gap Analysis with applicable staff
  • Pre-planning interviews, 4-8 hours based on availability and readiness
  • Plan development and delivery
  • Plan review and discussion with applicable staff

Cyber Risk Assessment of Network Infrastructure (maximum of 60 hours)

  • External vulnerability scans, up to 254 IP addresses
  • Web application scans, up to 2 web applications
  • Risk ranking
  • Vulnerability documentation
  • Remediation recommendations
  • IT infrastructure security recommendations
  • Executive and technical level reporting
Project Deliverables

Silent Sector will provide the following deliverables:

  • Gap Analysis – Current Posture to NIST SP 800-171A
    • Documented NIST Cyber Security Gap Analysis
  • NIST Alignment Plan Development
    • One hour review of Gap Analysis with applicable staff
    • Documented NIST Alignment Plan to guide CompanyA in meeting cyber security compliance
    • Two hour plan review and discussion with applicable staff
  • Cybersecurity Assessment Report
    • Executive Summary
    • Current threat level definitions & overview
    • Identified vulnerabilities by type
    • Remediation & findings recommendations
    • Comprehensive list of findings
    • Review of findings with development leadership upon request
    • Raw scan outputs
Schedule

The following is the estimated timeline for SOW completion. This timeline is subject to change based on unanticipated findings, platform issues, or communication delays.

Interviews & Information Collection Week 1
Analysis and Gap Assessment Development Week 2
Pre-planning Interviews & NIST Alignment Plan Development Weeks 3 – 5
Report Delivery, Review, and Discussions Week 6
Pricing

Please contact Ivis at [email protected]

Tier 2 - NIST Gap Analysis & Plan Development

NIST Gap Analysis & Cybersecurity Plan Development services take the trial and error out of the NIST compliance process, reducing expenses, increasing clarity, and paving a clear path forward. This program is designed for organizations that require a cybersecurity plan to meet NIST requirements and will be utilizing the Ivis compliance platform. This program consists of two primary components.

Gap Analysis – Current Posture to NIST SP 800-171A

Companies will have a detailed understanding of where they fall short of meeting NIST SP 800-171A requirements. Silent Sector will review the existing compliance plan to provide a 3rd party perspective on the status of the plan and assist with identifying shortcomings. This allows for focused effort and the best of resources through the duration of the compliance process.

NIST Cybersecurity Compliance Plan Development

Every company differs and therefore requires its own unique strategy to meet and maintain NIST cybersecurity requirements. The NIST Cybersecurity Compliance Plan will provide a clear path from its current state to achieving and maintaining compliance. This plan will incorporate the use of the Ivis compliance platform.

Project Scope

In an effort to ensure that a company is able to meet and maintains compliance requirements, Silent Sector will perform the following activities related to NIST SP 800-171A.

Gap Analysis – Current Posture to NIST SP 800-171A

  • Client interviews, 4-8 hours based on availability and readiness
  • A detailed comparison of interview responses with NIST cybersecurity requirements
  • Documented NIST SP 800-171A Cybersecurity Gap Analysis

NIST Cybersecurity Plan Development

  • Review of Gap Analysis with applicable staff
  • Pre-planning interviews, 4-8 hours based on availability and readiness
  • Plan development and delivery
  • Plan review and discussion with applicable staff
Project Deliverables

Silent Sector will provide the following deliverables with a maximum time allocation of 40 hours.

  • Gap Analysis – Current Posture to NIST SP 800-171A
    • Documented NIST Cybersecurity Gap Analysis
    • One hour review of Gap Analysis with applicable staff
  • NIST Cybersecurity Plan Development
    • Documented NIST Cybersecurity Alignment Plan to guide cybersecurity compliance requirements
    • Cybersecurity plan discussion with applicable staff (up to 2 hours)
Schedule

The following is the estimated timeline for SOW completion. This timeline is subject to change based on unanticipated findings, platform issues, or communication delays.

 

Interviews & Information Collection Week 1
Analysis and Gap Assessment Development Week 2
Pre-Planning Interviews & NIST Alignment Plan Development Weeks 3 – 4
Report Delivery, Review, and Discussions Weeks 4 – 5
Pricing

Please contact Ivis at [email protected]