A series of federal regulations and guidelines
require federal agencies to bring the level of security of their policies, IT
systems, applications, databases and personnel training to strong 21st century
standards. These regulations and guidelines include both FISMA as well as the National Institute of Standards and Technology (NIST) for risk
management, security control assessments, continuous monitoring and incident
reporting. These rules are guidelines are designed to improve the confidentiality, integrity, and availability of
federal information assets.
Dogwood has worked in this space from the earliest days of
information security and understands these requirements and the people, processes,
and technologies required to ensure full compliance. Our expert security
engineers help provide the fullest range of services for improving compliance--
for which we've been recognized.
Dogwood's service offerings in this area include:
* Evaluating agency's existing security program and determining gaps with
* Developing quarterly and annual reports
* Performing Enterprise Risk Assessments
* Developing appropriate enterprise security policies and procedures
* Translating requirements for operational systems
* Developing and implementing processes for C&A compliance in accordance
with NIST SP 800-37
* Reporting on continuous monitoring activities for proper POA&M
* Reporting on status of C&A requirements including risk assessments,
POA&M status, security control assessments, and documentation requirements
* Analyzing and recommending enterprise tools for agency compliance and
We get results.
In 2004, Dogwood was responsible for The US
Agency for International Development (USAID) being one of the first agencies to
receive an "A+" in their annual information security audit, which we have helped
them to repeat for the next four years.
Dogwood was recognized by the CISO at HUD for achievied success around
government clients to achieve measurable, specific results. What can we do