Federal Agency Case History 2

Wilson Consulting Group (WCG) reviewed, updated, and developed information security guidelines. These guidelines are required as part of the agency’s Integrated IT Investment & System Life Cycle Framework and the agency’s C&A program.


Call Us Today
Federal Agency Case History 2

Wilson Consulting Group (WCG) reviewed, updated, and developed information security guidelines. These guidelines are required as part of the agency’s Integrated IT Investment & System Life Cycle Framework and the agency’s C&A program.


Call Us Today

SCENARIO: Wilson Consulting Group (WCG) was contracted to help create a Certification and Accreditation (C&A) program for a federal agency that is responsible for administering medical-related services to ensure that good information security practices are in place and maintained.

The agency is responsible for the payment of more than$400 billion annually for medical services provided to nearly 90 million program beneficiaries and recipients. They have about 4,900 employees at their central site, with ten regional offices throughout the country. In the administration of these national programs, they utilize many assets, including buildings, facilities, communications equipment, computer systems, employees, and contractors. A breach of any one of these assets could affect the quality of support provided by the agency to its customers.

The agency required a system of cost-effective information security controls to protect the information it collects, including privacy and proprietary data, procurement data, inter‑agency data, and privileged system information. Access to such information is controlled by various federal acts and guidelines, such as FISMA and NIST. The agency has a legal responsibility to maintain the confidentiality and integrity of this information.

WCG's Strategy: To ensure that good information security practices were in place and maintained, WCG helped the agency create an effective C&A program, with information security policies and standards that met Office of Management and Budget (OMB) and NIST requirements.

RESULTS: To create these policies and programs, WCG:

  • Reviewed, updated, and developed information security guidelines. These guidelines arerequired as part of the agency’s Integrated IT Investment & System Life Cycle Framework and the agency’s C&A program. Examples of guidelines are included, but were not limited to the following: System Security Plan (SSP); Information Security Risk Assessment (IS RA); Contingency Plan (CP).

  • Provided technical and administrative support forthe creation and management of Corrective Action Plans (CAPs) and participated in their execution. This included technical testing to validate that the implemented solution effectively addressed the identified weakness.

  • Identified mechanisms to increaseefficiencies in the daily management and maintenance of all aspects of the agency’s C&A program,provided technical and administrative support in the implementation of the plans, and trained staff in their use.

With a solid C&A program in place, the agency’s management team can now effectively make risk-based decisions concerning the security of the applications, systems, and infrastructures within its purview.

Other Track Records Services You May be Interested In:

WCG developed a budget to support the system improvements and implementation.

WCG exceeded all of the ministry’s requirements for improving the security of its IT system.

WCG can help your company meet these security challenges and regulatory hurdles.

WCG provided deliverables on time, on budget, and to the HIPAA specifications, thus enabling the agency to achieve the required HIPAA security compliance posture

WCG effectively assisted government agenciesand businesses in Sub-Saharan Africa to overcome their technological challenges and achieve their goals.

WCG successfully prepared certification, procedures and approvals for the complex multi-tiered records management applications within the agency’s environment.

WCG helped the organization rectify all risks based on the findings of the vulnerability assessment and gap analysis.

WCG Reviewed, updated, and developed information security guidelines.

As GDPR was fast approaching, the company needed to see if their processes were aligned with regulations.

A private research university needed to create its GLBA program.

Cyber-attacks damage an institution’s reputation, disrupt the operation of a business, and cost time and money to remediate the impact of an attack.
Blog : Industry Perspectives