Policy Analysis And Cyber Security
Highland's Cyber Security group provides for the review, development, and upgrade enhancement of cyber-security management and operational procedures and controls for an organization's compliance with published policy or guidance documents. The reviews generate the development of compliance procedures and reports or assessments identifying where the organization was strong in compliance and where their approach to, and achievement of compliance with various requirements stood. Our capabilities include the following, among others:
- Analysis and updating of organizational Cyber Security planning and management orders, directives, and guidelines to ensure compliance with the agency-level policy and NIST Special Publication Series where appropriate, FIPS, and various federal statutes.
- Development of specific Cyber Security Program Plans at the Agency and office levels, and for systems requiring them under OMB A-130 and in compliance with both agency standards (e.g., DOE's PCSP/CSPP models), and other standards such as NIST SP 800-18 and 800-34 (Computer Security and Contingency/Continuity of Operations Plans), among others.
- Development of new Certification and Accreditation (C&A) documentation for new systems under development, and updating of C&A documentation for existing systems as threats, and requirements resulting from them, evolve.
- NIST SP 800-53, Privacy Impact Assessment preparation and/or evaluations for client systems.
- Cyber-security intrusion detection and intrusion vulnerability testing.
- Cyber-security helpdesk operation.