Who We serve
FISMA
Landers and Company can facilitate all aspects of your FISMA compliance and reporting. We are apprised of the latest news released from NIST and the Department of Homeland Security (DHS) regarding FISMA reporting metrics and CyberScope feed requirements. We can help your organization gather and analyze essential reporting information and metrics so that compliance does not impact your ability to achieve your mission. In addition to compiling and reporting on all required FISMA metrics, we can assist with evaluating and implementing solutions for automated data feeds to CyberScope. (CVE, CCE, CPE)

Continuous Monitoring
Continuous Monitoring programs are difficult to plan for, and even more difficult to implement. Landers and Company can help you establish the foundations upon which a truly comprehensive continuous monitoring can be built. Our methodology for continuous monitoring extends beyond the standard solutions that monitor technical security controls to include operational and management controls that often have far more wide-reaching impacts.

Risk Management Framework (RMF)
Work with our experts to establish or enhance your existing security program through effective implementation of the NIST RMF as documented in NIST SP 800-37 Revision 1. We focus on customizing your security program to the needs of your organization through meticulous planning efforts for key areas of
efficiency such as:

Common and Hybrid security controls
Authorization boundary definitions
Authorization approaches such as type, site, joint, and leveraged authorizations
Security control selection and tailoring

Support
Requirements Planning for an implementing a Federal Consultation information system is no small task, and unfortunately, compliance with specific Federal regulations and organizational policies is often judged by third-parties. Whether it be your organizations Inspector General (IG) office, or an independent assessor, it is always beneficial to obtain guidance from the perspective of the assessor. As such, we offer unique customized services that will allow your organization to effectively prepare for internal and external audits without the requirement for significant or long term contract terms. Using a service-based time and materials contract vehicle, you pay for only the services you require and only when you require them. Varied risk interpretations may result in "over protection" for information systems that do not require high levels of assurance for confidentiality, integrity, and availability, thereby costing your organization more than the requisite level of risk reduction. What is more concerning, is that without effective prior-planning, organizations often spend more than is necessary and have additional risks identified that may not be appropriate or applicable to the information requiring protection. We like to think of this as a no-cost purchase. We strive to tailor your security program to your needs, thereby reducing added costs and at the same time preparing you for future audits and assessments.

Training
NIST has developed an extensive array of resources for information security professionals and organizations; providing the foundation for information security requirements within the Federal Government. Thorough comprehension and application of this guidance; however, is not always clearly delineated from these resources alone. Thorough knowledge and understanding of regulatory and statutory requirements is a prerequisite for your personnel ranging from system administrators to Chief Information Security Officers (CISO). Using our comprehensive approach you can successfully integrate security planning throughout your system development lifecycle. Thereby ensuring a "defense-in-depth" approach is also taken in your training programs.