The NIST Cyber Alignment program takes the trial and error out of the NIST compliance process, reducing expenses, increasing clarity, and paving a clear path forward. This program consists of three primary components.
Gap Analysis – Current Posture to NIST SP 800-171A
Companies will have a clear picture of what is already in place and where they fall short of meeting NIST requirements. This allows for focused effort and the best of resources through the duration of the compliance process.
NIST Alignment Plan Development
Every company differs and therefore requires its own unique strategy to meet and maintain NIST cybersecurity requirements. The NIST Alignment Plan increases clarity by providing the most effective direction to bring a company from its current state to achieving and maintaining compliance. It leverages the Ivis compliance platform for ease of tracking and evidence retention.
Cyber Risk Assessment
A clear understanding of risks and potential attack vectors is the foundation of cybersecurity. Silent Sector provides a clear but detailed analysis of vulnerabilities and the current state of risk.
Silent Sector will provide an independent perspective of cybersecurity vulnerabilities and risks related to network infrastructure and any critical web applications. This allows for the development of a strong security posture, while making the best use of resources.
Conducting the Risk Assessment will:
- Identify vulnerabilities in critical network and web application components
- Create a vulnerability and risk baseline for any publicly accessible infrastructure
- Provide reference and guidance documentation for use by IT Team leadership
- Provide 3rd party assessment documentation for presentation to prospects and clients
Project Scope
In an effort to ensure that companies maintain a secure and digital environment, Silent Sector will perform the following cyber risk and NIST SP 800-171A compliance related activities.
Gap Analysis – Current Posture to NIST SP 800-171A
- Client interviews, 4-8 hours based on availability and readiness
- A detailed comparison of interview responses with NIST cybersecurity requirements
- Documented NIST Cyber Security Gap Analysis
NIST Alignment Plan Development
- Review of Gap Analysis with applicable staff
- Pre-planning interviews, 4-8 hours based on availability and readiness
- Plan development and delivery
- Plan review and discussion with applicable staff
Cyber Risk Assessment of Network Infrastructure (maximum of 60 hours)
- External vulnerability scans, up to 254 IP addresses
- Web application scans, up to 2 web applications
- Risk ranking
- Vulnerability documentation
- Remediation recommendations
- IT infrastructure security recommendations
- Executive and technical level reporting
Project Deliverables
Silent Sector will provide the following deliverables:
- Gap Analysis – Current Posture to NIST SP 800-171A
- Documented NIST Cyber Security Gap Analysis
- NIST Alignment Plan Development
- One hour review of Gap Analysis with applicable staff
- Documented NIST Alignment Plan to guide CompanyA in meeting cyber security compliance
- Two hour plan review and discussion with applicable staff
- Cybersecurity Assessment Report
- Executive Summary
- Current threat level definitions & overview
- Identified vulnerabilities by type
- Remediation & findings recommendations
- Comprehensive list of findings
- Review of findings with development leadership upon request
- Raw scan outputs
Schedule
The following is the estimated timeline for SOW completion. This timeline is subject to change based on unanticipated findings, platform issues, or communication delays.
| Interviews & Information Collection |
Week 1 |
| Analysis and Gap Assessment Development |
Week 2 |
| Pre-planning Interviews & NIST Alignment Plan Development |
Weeks 3 – 5 |
| Report Delivery, Review, and Discussions |
Week 6 |
Pricing
Please contact Ivis at sales@ivis.com
