About Our Client
The federal agency is responsible for the payment of more than$400 billion annually for medical services provided to nearly 90 million program beneficiaries and recipients. They have about 4,900 employees at their central site, with ten regional offices throughout the country.
In the administration of these national programs, they utilize many assets, including buildings, facilities, communications equipment, computer systems, employees, and contractors. A breach of any one of these assets could affect the quality of support provided by the agency to its customers.
WCG was contracted to help create a Certification and Accreditation (C&A) program for a federal agency that is responsible for administering medical-related services to ensure that good information security practices are in place and maintained.
The agency required a system of cost-effective information security controls to protect the information it collects, including privacy and proprietary data, procurement data, internal agency data, and privileged system information. Access to such information is controlled by various federal acts and guidelines, such as FISMA and NIST. The agency has a legal responsibility to maintain the confidentiality and integrity of this information.
To ensure that information security best practices were in place and maintained, WCG helped the agency create an effective Certification and Accreditation (C&A) program, with information security policies and standards that met Office of Management and Budget (OMB) and NIST requirements
To create these policies and programs, WCG:
- Reviewed, updated, and developed information security guidelines. These guidelines are required as part of the agency’s Integrated IT Investment & System Life Cycle Framework and the agency’s C&A program. Examples of guidelines are included, but were not limited to the following: System Security Plan (SSP); Information Security Risk Assessment (ISRA); Contingency Plan (CP).
- Provided technical and administrative support for the creation and management of Corrective Action Plans (CAPs) and participated in their execution. This included technical testing to validate that the implemented solution effectively addressed the identified weakness.
- Identified mechanisms to increase efficiencies in the daily management and maintenance of all aspects of the agency’s C&A program, provided technical and administrative support in the implementation of the plans, and trained staff in their use.
With a solid C&A program in place, the agency’s management team can now effectively make risk-based decisions concerning the security of the applications, systems, and infrastructures within its purview.
Services you may be interested in
WCG’s IT Change Management services help organizations effectively manage and implement change within their environment ...Read More
Information technology was once only considered a tool to help an organization achieve its strategy, but today it is regarded...Read More
WCG understands the importance of timely project delivery that meets the budgetary requirements and objectives of an organization ...Read More
WCG utilizes its experience, state-of-the- art security techniques, processes, tools and best practices to assist...Read More
In today’s complex digital world, where connectivity, confidentiality and availability are essential components of doing...Read More
Subscribe to our newsletter to get the latest insights and research delivered straight towards your inbox.