Creating a Security Roadmap
What was the problem/objective?
We recently worked with a company building semiconductor chips and needed to ensure International Traffic in Arms Regulations (ITAR) compliance and establish an industry-standard cybersecurity framework.
What was the first part of the process?
The first piece of initiating a cybersecurity program is reviewing a company’s current security status. Our security review verified the controls in place, identified the gaps with regulatory standards initiated security and vulnerability scanning. After compiling a comprehensive evaluation of we moved forward with creating a roadmap.
What was the next step?
The second part was creating System Security Plan (SSP), a government-recognized document that formalizes an information system’s security requirements and controls. The SSP included the core IT requirements gaps highlighted during the security review and risk assessment, and a remediation plan with prioritized vulnerabilities.
How did POA&M help?
We developed a Plan of Action and Milestones (POA&M) document that details all steps needed to bring your system to compliance. Working with key stakeholders we created security policies, procedures, and training programs to remediate all cybersecurity gaps in a structured and trackable format. Monthly updates were provided into POA&M progression with key milestones highlighted.
How did POA&M help?
We developed a Plan of Action and Milestones (POA&M) document that details all steps needed to bring your system to compliance. Working with key stakeholders we created security policies, procedures, and training programs to remediate all cybersecurity gaps in a structured and trackable format. Monthly updates were provided into POA&M progression with key milestones highlighted.
How did you maintain and monitor security?
We worked with the client to formalize vulnerability management and run continuous monitoring and procedural tests. Wel also ensured that security improvements were continuous and consistent.