Public Sector Compliance Services
| Meet Government Information Assurance Requirements | |
| The Purpose | Help bring your agency in line with government information assurance (IA) demands. Identify threats. Assess security controls. Develop a plan of action. |
| Value to You | Confidence your information is safe. Documented improvement. Roadmap to long-term compliance and IA effectiveness. |
| How We Work | Identify the role information flow plays in your agency and risks involved. Help you strategize. Develop security solutions. Take you through the certification and accreditation activities. Provide a long-term strategic plan. |
| The Results | Greater confidence in and effectiveness from your information assurance programs. Compliance with federal regulations. Ongoing training and awareness programs to ensure long-term compliance. |
| Why VeriSign | A thorough and demonstrated experience in working with federal, state and local governments. An understanding of the differences - and similarities - between government agencies and businesses. Broad experience in helping agencies comply with the applicable regulations and standards. Existing customers are 70 percent of our business. Our business is security and information assurance, not just consulting. |
| Learn More | To talk with us about security and your business, call 650-426-5310 or submit your inquiry online. |
Certification and Accreditation
We work with you to bring your agency in line with government information assurance (IA) demands. We help you address requirements needed to attain certification that covers applicable government regulations, including the OBM A-130 and DoD Information Technology Security Certification and Accreditation Process (DITSCAP). See our Federal Information Security Management Act (FISMA) white paper for detailed information on creating a top down IA system.
We work closely with your IT department to:
- Identify threats
- Assess security controls
- Perform a complete risk and technical assessment
- Develop a thorough plan of action with specific milestones
FISMA Programs and Support
VeriSign’s FISMA programs emphasize senior management responsibility, not just technical specifications. Technical solutions alone are not sufficient for you to earn good marks on FISMA compliance. Agencies must demonstrate the ways in which information security technology fits into an overall security strategy and budget that is integrated with the agency’s mission and goals. FISMA compliance therefore requires not only new initiatives, but a new perspective, from the head of the agency down to the entry-level security administrator.
We help your agency create a program that:
- Integrates information security policy and technology into an agency-wide framework from the top down
- Creates an overall security strategy and budget that’s in turn integrated with your agency’s mission and goals
Homeland Security Presidential Directive (HSPD)
In August 2004, President Bush issued Homeland Security Directive #12 (HSPD-12), which created a Presidential Directive for a Common Identification Standard. HSPD-12 imposes a number of milestones on Federal departments and agencies, and our consultants are uniquely positioned to enable Federal managers to design programs to meet them. First, each agency must develop an implementation plan. Then, the agency must implement the directive using Federal Information Processing Standards Publication 201, Personal Identity Verification by October 27, 2005.
We help your agency draft the HSPD-12 plan. We analyze your current identity verification processes and procedures for compliance. We then make recommendations on cost-effective implementation techniques, roles needed within your agency, and supporting technology. VeriSign offers its PKI expertise that led to the first federal certification in the Shared Service Provider program.
HSPD-12 is the core component of the strategy to enable the interagency ID validation interoperability required by October 27, 2005. Our consultants are qualified to provide the required certification and accreditation support and documentation.
E-Authentication Services
In line with OMB guidance and the e-authentication requirements of section 203 of the E-Government Act, VeriSign assists your organization in assessing system risks, identifying their proper assurance level and selecting the right technology to implement assurance.
VeriSign offers the following services to assist in the e-authentication needs of your agency:
- A risk assessment of the system.
- An assessment to find the required assurance level for the risk, based on six areas for potential impact: inconvenience, financial loss, harm to agency programs, unauthorized release of sensitive information, personal safety, and criminal or civil violations.
- Assistance in selecting and implementing appropriate technology based on NIST SP800-63 e-authentication technical standards.
- Validation services to test system assurance levels. This is part of VeriSign’s certification and accreditation process.
- A program for periodic assessment of the system to make sure changes in technology or business process haven't changed the authentication requirements.
Agencies need to conduct these assessments for all new and existing online systems.
Business Continuity and Disaster Recovery
Building off of NIST 800-34, we help you develop an overall continuity program that includes business continuity planning (BCP), disaster recovery planning (DRP or DR) and continuity of operations planning (COOP). These plans are designed to prevent or minimize disruptions with key process analysis, solid and tested policies. We tie these plans back to the supporting infrastructure through analysis design and configuration of redundant systems, diverse networks, fault-tolerant facilities, and monitoring. The result: you return to normal quickly.
Ongoing Training
Using NIST Special Publication 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model, and NIST Special Publication 800-50, Building an Information Technology Security Awareness and Training Program. VeriSign works with you to set up an appropriate security awareness, training, and education (SAT&E) that spells out:
- Awareness of agency specific security measures
- Training needs to develop the security skills of your employees
- Identification of employees to be trained and the role specific program for each user group
- How and how often to conduct the program
Trained personnel can help prevent many breaches and respond quickly to the rest, reducing your exposure to harm.
Other Security Consulting Services
Many of the services we provide to the public sector are similar to our commercial sector services. These include:
- Technical Security Assessments
- Security Architecture and Design Solutions
- Identity and Access Management Services
We also have the resources to supply you with special services, such as an interim chief information security officer (CISO) or chief privacy officer (CPO), long-term program support personnel, and cleared staff.
For more information about VeriSign and the public sector, see the Public Sector page.
Confidence That Your Program Is Addressing Regulatory Requirements
It is nearly impossible to navigate all of the laws, regulations, Presidential Directives, and NIST specifications on your own. This is one of VeriSign’s core competencies, and we will help ensure that your strategy maps to the required standards.
Confidence Your Information Is Safe
We identify security gaps and assess policies and practices - not just systems. We highlight consequences to your organization, providing you a roadmap, not just an audit. We supply assessment information specific to DoD Directive 8500.1 as well as FISMA and OMB A-130.
Certification and accreditation of your agency can help provide confidence that your information is safe. More importantly, it reduces the actual threat your agency is under. A successful attack on a government agency could have enormous consequences:
- Widespread identity theft
- Disruption of IRS functioning
- Espionage
A Greater Measure of Protection
Working with VeriSign gives you a greater measure of protection because of our wide experience with security policy and program management, technology infrastructure, organizational governance, and on-going reassessment and training.
Documented Improvement
We create a set of well-defined tasks - designed to meet federal standards - at each phase of the certification and accreditation process:
- Initiation phase
- Security certification phase
- Security accreditation phase
- Continuous monitoring phase
Well-defined sets of tasks lead to both the documents needed for improvement and planning and to the deliverables showing that the improvements have been made.
- We understand your agency.
We identify key laws, regulations, and directives.
We understand the functional and operational competencies of your agency.
- We identify the role information flow plays.
We learn your agency’s responsibilities and we identify the role information flow plays in meeting them.
We interview key people to see what your deliverables are and to make an initial risk assessment.
- We prepare the necessary documents.
Depending on the services we have been engaged for, we assist your agency in providing the following documents:
- Certification and accreditation (C&A) plan
- System security plan (SSP)
- Risk assessment
- Security test and evaluation (ST&E) plan and report
- IT contingency plan
- Configuration management plan
- Certification letter and accreditation letter
- Business continuity, disaster recovery, and continuity of operations plans (BCP, DR, and COOP)
- Application assurance level assessment
- HSPD-12 readiness assessment and implementation plans
- We take you through the necessary assessments, certifications, and implementation.
We determine what the applicable federal, state, and local guidelines are for your agency, make a thorough assessment, and prepare the necessary documentation. We prepare a security accreditation package that documents the certification process: what has changed, what is currently within certification, and what the plans are for ongoing compliance. We deliver the package to the appropriate authorizing official. We then work with that official as needed to make sure that the certification and accreditation process is successful. We provide assessments and strategies for the e-authentication, HSPD-12 and FISMA regulations as well as HIPAA security rule assessments.
- We help you improve through strategic and point solutions.
Where your gaps include policies or deployments of authentication and identity management solutions, we can help. Many of our public sector customers ask us to stay after we finish the assessment to manage and assist with ongoing improvement efforts.
Greater Information Assurance
Because we assess your infrastructure thoroughly, you be confident that you can quickly identify and react to threats - preventing many of them and successfully defending yourself against the rest.
Full Compliance with Federal Regulations
The VeriSign IA process means that your agency has been brought up to par with applicable requirements, as demonstrated by the certifying official’s approval. You can be sure that you’re in conformance with your obligations.
An Ongoing Safety Plan
We set up a regular series of assessments to make sure information assurance remains good. The follow-up assessments are usually short and easy - as long as your agency has made an effort to stay in compliance. They’re nonetheless an effective way to dealing with new threats.
HSPD-12 and Strong Authentication
Strong authentication secures access to your network through single sign-on to many applications. It also secures electronic transactions over the Internet or intranets. Read more about Unified Authentication.
We understand the differences and similarities between working with the Federal Government and working with business. We recognize the enormous importance of maintaining security at the federal level. At the same time, we recognize that the government has to function efficiently, both in the United States and around the world. Read our Public Sector white paper.
The government strongly recommends that a third party do the assessment and recommend an information assurance plan. We have a broad range of experience helping organizations comply with government regulations and industry standards, so our collaboration with you works to your advantage. For an overview, read Compliance and Your Business.
Seventy percent of our business comes from existing customers. We focus on our relationship with our customers. Our goal is to be your trusted security advisor. Read about Our Expertise.
We’re a security company with a consulting practice, not a consulting company with a security practice. Read about The Value of VeriSign.
