Cyber and Information Technology
The increase in regulation and best practices for compliance is complicated. Most medium to small businesses and organizations do not have the resources of time, people, and capital to wade through and solve their cyber security gaps.
Imprimis entered the cyber security market because lie most companies, we were trying to determine which regulations were required, which solutions were and were not necessary and understanding “who” was targeting us as a company. From this we developed a consulting practice within Imprimis to help others answer the tough problems implementing cybersecurity measures.
Imprimis understands the difficulties businesses and organizations face. If the senior leadership understood, often the employees did not. The information technology leadership (i.e. CIO and his staff) often understood, but could not explain the tangible and intangible return on investment to company leadership. Sometimes the leadership understood but did not incorporate the importance of employee's behaviors and the affects on a company's security.
imprimis works with energy and utility companies, small to medium businesses, and companies that focus on government contracts to solve their compliance and regulatory requirements. We have developed several compliance tools that allow senior leadership, the information technology staff, and employees determine which cyber security requirements are necessary and how to accurately protect information (see our Assessment and Compliance Tools (ACT) on our products page for more information).
In addition to our consulting work, Imprimis’ subsidiary AdroiTec provides IT and network solutions for your business.
i2 Assessment and Compliance Tool
i2ACT - Cybersecurity is an ever changing problem that often results in dire consequences in terms of reputation and financial liability if not done properly.
Do you know which regulations apply to your industry and business?
Do your people know what regulations and practices must be followed on a daily basis?
Do you know what to protect, what hardware or software you need, and what security measures you must plan for?
The amount of regulations and guidelines for cybersecurity is fairly robust. We find that most executive and information technology leadership do not have the time nor resources to research, plan, and implement substantial cybersecurity practices and documentation.
Imprimis, Inc. has developed Assessment and Compliance Tools, known as the i2ACT suite. These intelligent tools allow you to easily navigate the regulations pertaining to your industry, document your progress, and ensure your teams preparedness for internal and external audit successes.
Our first tool deals with the security architecture developed by NIST (National Institute of Standards & Technology) contained in the Special Publication 800 series in response to the requirements defined in the FISMA (Federal Information System Management Act). Our tool, the Imprimis Assessment and Compliance Tool (i2ACT-800), includes all security controls contained in NIST SP 800-53 and fully support cyber requirements specified in the Defense Federal Acquisition Regulations Supplements DFARS 204.7303 (prescribing) / 252.204-7012 (Federal Register /Vol. 78, No. 222 /Monday, November 18, 2013 /Rules and Regulations 69281), and the Federal Information Processing Standards (FIPS), and supports the Risk Management Framework (RMF) now being adopted by the Department of Defense as a replacement for the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP). The i2ACT-800 will be able to support all 800-53 based requirements, and more.
The Second product supports the utility infrastructure addressing the standards defined by the North America Electric Reliability Corporation (NERC). The i2ACT-NERC supports compliance with NERC-CIP 5.0 addressing critical infrastructure protection (CIP) requirements. The i2ACT-NERC supports all 14 categories of the NERC Mandatory Standards Subject to Enforcement.
The tools provide great productivity improvements cutting the labor requirements for compliance with automated device loading, focused control examination, automated reporting, and maintaining an accurate record during sustainment. The next audit (i.e. the second and beyond) require a quick update and verification (if maintained properly during sustainment) greatly reducing the effort for subsequent compliance audits. The payback period for the tool will occur early in the first compliance effort and all savings beyond accrue to the user.
The i2ACT-800 was developed by Imprimis out of necessity. Internalizing, understanding, organizing and ultimately complying with the controls used in NIST SP 800 was an overwhelming task – and we are an IT company! Our language changed during this process - the way we frame requirements now reflects the family of controls. Our IT staff and our employees adopted behavior that reflects the need for security in the cyber domain. i2ACT-800 was born out of a need to solve our compliance problems. This is one of the major reasons it is so effective and valuable to all users.
A huge benefit is the productivity afforded by the tool. But other important benefits should not be ignored. Focus: working on the productive tasks will yield the best results. Quality: training, explanations and understanding will result in much better solutions. These steps result in improved security. Click here to learn more.
A Center in Colorado Springs Providing Compliance Support Nationally
- System Definition
- Compliance Assessment
- Vulnerability Assessment
- Remediation Support
- Blue Team Preparation
- Support Through Read Team Audit
FACILITIES & RESOURCES
- VTC/Telephonic/Remote Access
- Training & How-to Videos
- Policy & Plans Templates
- Vulnerability Scanning Tools
- Penetration Testing
- Monitoring Services /Tools
- Support During Incident Response