The Challenge

This agency was faced with a common challenge within the public-sector market: a quickly-approaching Federal Information Security Management Act (FISMA) audit combined with an IT support team who was focused on other mission-critical initiatives. The agency required a comprehensive internal and external assessment of its security posture, including vulnerability scans and assessments adhering to the National Institute for Standards and Technology (NIST) Federal Desktop Core Configuration (FDCC) guidelines.

Our Solution

Based on our managed service provider (MSP) experience and IT security backgrounds, our team quickly prepared a checklist of information we would require to perform the scope of work from onsite and offsite (remote) locations. This checklist was intended to organize preparations so that the Agency’s staff could complete it from their offices, or while they traveled. Once provided with the appropriate access, we utilized an industry-leading, agentless vulnerability scanner (Security Content Automation Protocol (SCAP)-approved) to perform the vulnerability scans, and to report on the severity of issues based on several content benchmarks.

Impact

This agency benefited by receiving a timely comprehensive assessment report complying with the requisite regulations, all with minimal burden on their IT support staff. The assessment also allowed the agency to receive asset classification required to assign mission criticality ratings and to match system owners to specific assets.