The Critical Manufacturing Sector embraces the flexibility the Framework offers. The U.S. Department of Homeland Security (DHS), as the Sector-Specific Agency, worked with the Critical Manufacturing Sector Coordinating Council and Government Coordinating Council to develop this Implementation Guidance.
The National Institute of Standards and Technology (NIST) released the voluntary Framework for Improving Critical Infrastructure Cybersecurity in February 2014 to provide a common language that critical infrastructure organizations can use to assess and manage their cybersecurity risk.
CyberForce leverages enterprises architecture models and frameworks to achieve comprehensive documentation of our customer’s active infrastructure. This data is used to populate the FedRAMP SSP templates for comprehensiveness. The complete system is then subject to a thorough and detailed RMF analysis to zero in on critical assets and assets in the critical path. Once this is done we leverage the NIST 800-53 and FedRAMP standards to undertake complete testing of the system.
As part of the baselining exercise, we leverage Client Staff to accomplish as complete a coverage as possible, as opposed to a statistical model, which is reserved for ongoing checks. This approach is taken to close the door on the would-be hackers banking on systems being left untested over time. We leverage proprietary and standard tools such as DHS CSET and CSAT.
We proceed further into CyberForce created micro-object models to document the results at a granular level. This micro-object oriented model allows us to compile state of security along many slices – such as state of security for a particular geography and for a specific set of systems.
Observations are cross walked to relevant standards as well as any internal client system security framework of controls. It is this Architecture to Artifacts comprehensiveness that is representative of CyberForce’s value.