Audit and Compliance
Satisfying external measures and maintaining internal conformity are vital to organizational security. Covenant Security helps you excel at both.
Covenant will define and develop the security policies that best fit your organization. The policies will account for current security regulations as well as our own extensive knowledge of industry best practices. In fact, we regularly create documentation that supports our clients' enterprise-wide security solutions, including:
- System Security Plans
- Security Concept of Operations
- Security Requirements Traceability Matrix
- Trusted Facility Manual
- Security Features User's Guide
- Contingency/Disaster Recovery Plans
- Software and Hardware Security Configuration Guides
For government clients, we further tailor the above documents to meet the rigorous requirements of the Certification & Accreditation Process. Moreover, our security consultants have extensive experience in the federal, defense and intelligence communities and with executing the following regulations:
- Department of Defense Intelligence Information System Certification and Accreditation Guide (DODIIS)
- Director of Central Intelligence Directive (DCID 6/3)
- NSA/CSS Information System Certification and Accreditation Process Guide (NISCAP)
- Department of Defense Information Assurance Certification and Accreditation Process (DIACAP)
- National Institute of Standards Special Publication
(NIST SP 800 Series)
- Health Insurance Portability and Accountability Act (HIPPA) Security Rule
- Sarbanes-Oxley Act (SOX)
- ISO/IEC 27001 Information Security Management System Standard
Stay Ahead of the Curve
Security audits can be daunting for even the most seasoned program managers. Covenant works closely with you and your team to break audit tasks into easily manageable steps that will satisfy your security program and posture.
For instance, we help develop test procedures and scripts tailored to your risk needs and your system's capabilities. These demonstrate to Certifying Organizations exactly how your organization will meet the requirements, via technical or policy controls.
We design these test procedures as repeatable, step-by-step evolutions. We write them in plain English so anyone can understand them—a benefit that translates into greater ownership, lower risk and ultimately reduced costs.
The Human Effect
Covenant invests considerable energy testing the non-technical factors of your enterprise. We'll develop procedures based on accepted nationally and internationally recognized Security Standards, such as the National Institute of Standards (NIST) and/or International Organization for Standardization (ISO).
These procedures will evaluate staff members' understanding of your policies. In addition, they enable you to review your agreements, memorandums of understandings and other important contracts to ensure your vendors, clients and internal personnel are accountable for information protection.
Test. Adapt. Repeat.
Covenant provides an electronic copy of our test procedures, so your personnel can continue validating system security and modifying the procedures as often as needed when major system and/or business changes occur.
For government clients, this documentation is required for the Security Testing & Evaluation (ST&E) and Certification Testing & Evaluation (CT&E) processes—both of which can impact agency funding as noted under the Federal Information Security Management Act (FISMA).