Who We serve
At Landers and Company we focus on providing long-term solutions to ensure that your mission is accomplished long after we have completed our work. We specialize in areas pertaining to compliance and cross-organizational integration. One of our primary core competencies relates to Title III of the E-Government Act of 2002, otherwise known as the Federal Information Security Management Act (FISMA) (Public Law 107-347). While many organizations strive to provide services in this area, few provide strategic insights to assist their clients with implementing an information security program that is complimentary with the organizations' mission. More specifically, companies providing FISMA-related services are often focused on the detailed compliance parameters and fail to provide services that capitalize on the flexible nature of the guidance published by the National Institute of Standards and Technology (NIST). Our most recent focus is on the transition from the static and often cumbersome security assessment and authorization process (formerly referred to as Certification and Accreditation – C&A). We work diligently with our clients to plan for and implement robust and comprehensive continuous monitoring programs that facilitate a dynamic and ongoing authorization process. By leveraging a flexible risk-based approach we help our clients make real progress towards efficient and integrated security programs.

Our unique approach to continuous monitoring aligned with guidance documented in NIST Special Publication (SP) 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach and NIST SP 800-137 Information Security Continuous Monitoring for Federal Information Systems and Organizations. We provide expert assistance with identifying and establishing common controls for your organization and additional security control subsets that are aligned with organizational divisions of responsibility.

We assist System and Information Owners with identifying appropriate security controls that are both logical and cost-effective based on the sensitivity of an information system and the organizations risk tolerance. By assisting System Owners with the formal documentation aspect of security control tailoring and other risk-based decisions such as mitigation and acceptance, we help organizations avoid poor security assessment results and achieve authorization to operate (ATO) from their authorizing officials (AO). We can also assist with coordination efforts between system owners and your organizations Cost Prevention and Investment Control (CPIC) function through correlating Plan of Action and Milestones (POA&M) costs with your budget documentation (A-11 Exhibit 53B).