Compliance Services for Federal Agency | Case History

WCG performed a variety of services, including system documentation assessment, security certification and accreditation, and other tests to assess the effectiveness of the DSTM security controls.

WCG Strategies

ATO certification requires that systems be tested to verify compliance with applicable federal management, operational, and technical security guidelines, regulations, and controls. These guidelines included, but were not limited to:

The tests and services WCG performed included:
  • OMB Circulation A – 130, Management of Federal Information Resources
  • Department of Labor (DOL) Computer Security Handbook
  • DOL System Development Lifecycle Manual (SDLCM)
  • DOL Technical Security Standards Manual
  • NIST SP 800-30, Risk Management Guide for IT Systems
  • NIST FIPS 31, Guidelines for ADP Physical Security and Risk Management
  • NIST SP 800-37 (draft), Guidelines for Security Accreditation of IT Systems
  • NIST SP 800-18, Guide for Developing Security Plans for Information Technology Systems
  • Administration Procedures Act
  • Title 29, Code of Federal Regulations, Part 70
  • Information Technology Management Reform Act of 1996
  • Privacy Act of 1974
  • Computer Fraud & Abuse Act of 1986, as amended
  • Freedom of Information Act, as amended
  • E-Government Act of 2002
  • Department of Labor Technical Security Standards Manual (TSSM)
  • Department of Labor FIPS 199/Security Self-Assessment (MS Access)
  • Federal Information Processing Standards (FIPS 199)
  • NIST Special Publication 800-53, “Recommended Security Controls for Federal Information Systems”
  • NIST Special Publication 800-60, “Guide for Mapping Types of Information & Information Systems to Security Controls”

The assessment’s findings and recommendations were outlined in the recent Office of the Inspector General (OIG) reports. These included:

  • DOL and Occupational Safety and Health Administration (OSHA)security policies and procedures, and their enforcement
  • Emergency response and recovery plans
  • Physical security of facilities and equipment housing the information systems
  • Use of the applications security features, including user administration and access control
  • Level of user awareness and technical personnel training in security issues and technology
  • Use and protection of all outside connections, including access via LANS, dial-up, and individual workstations/servers
  • Susceptibility to non-technical attacks
  • Unintended use of the information systems by OSHA personnel

Why WCG?

Our FedRAMP process and use of internal application provide a faster and simplified approach to evaluate controls and identify deficiencies. Depending on your application or service’s complexity, categorization of risk level, and maturity of infrastructure, we can effectively and efficiently get you ready for the authorization up to 60 days, which saves 80% faster time to market.

Our pricing is competitive and straightforward with no hidden agenda, miscellaneous charges, or add-on fees, which provides you with at least 40% cost savings compared to others’ pricing and approach.

Our dedicated team is incredibly talented, knowledgeable, and experienced in conducting FedRAMP assessments and providing consulting in accordance with NIST 800-53 Revision 5. We have unique experiences in working with both the federal government agencies (such as the Department of Homeland Security, Department of Defense, and General Services Administration) and corporate cloud services providers who serve the federal government. These experiences allow us to have the know-how to ensure businesses are successful with their assessments.

Knowledgeable and Experienced Team

Our team has unparalleled experience aiding governments and businesses around the world in defending themselves against cybercrime, reducing risks, complying with regulations, and transforming their IT, security operations & infrastructure.

Practical Guidance

WCG has hands-on IT experts who have extensive knowledge and experience helping businesses.

Reasonable Pricing

We provide simple, straightforward pricing with no hidden agenda, miscellaneous charges, or add-on fees.

Personalized Customer Service

Our personable, dedicated staff to answer any questions you have at any time throughout the process.

Proven Track Records

WCG has an exceptional reputation and track record for numerous services.

Adopting to Your Needs

We develop and customize an approach that suits your immediate requirements and future goals. To achieve this, WCG will provide pragmatic insights and balanced views on how to prioritize any associated actions.

roleImpact
Role and Impact of Women in Technology

Even with the underrepresentation of women in the technology industry, many women have taken ...

covid
COVID-19 Facts: How Business Leaders Should Take Action

At the current time, much is unknown about the COVID-19 pandemic that has swept the globe. However ...

securityrisk
Surviving Security Risks Existent in Third-Party Software

Third-Party Software is comprised of software libraries, modules and other components ...

Services you may be interested in

Subscription Center

Stay in the Know with Our Newsletter