Federal Information Security Team (FIST)

Federal Information Security Team (FIST)

Our Approach
Excentium provides certified, highly experienced resources to develop and implement the processes and procedures that ensure successful integration of cybersecurity with your organizational business practices.

We follow a three-phase approach in developing every cybersecurity program:

Phase 1: Discovery and Triage
Here we collect information specific to your current operations as they relate to the Lines of Business (LOB) marketed to the federal government. This phase includes the immediate deployment of Excentium resources to address current C&A/A&A challenges.

This phase uncovers the information necessary to create a development plan for an effective cybersecurity program that is tailored for your environment including:

  • Inventory and assess the state of various C&A/A&A packages in process
  • Conduct self-assessments on development systems in preparation for official C&A/A&A assessments
  • Meet with stakeholders to gain understanding of current business processes
  • Conduct deep-dive product technical discussions with system/application subject matter experts (SMEs), developers, and others as necessary to educate Excentium resources on your systems
  • Develop the right cybersecurity program strategy and plan of action

Phase 2: Plan Implementation
Phase 2 includes all activities necessary to develop your cybersecurity programs, including:

  • Process development and integration
  • Provide liaison between your team and government C&A/A&A personnel
  • Develop on-going tactics, techniques, policies and procedures within your organization to perpetuate compliance with government regulations.

Phase 3: Program Execution and Performance

  • Acting as your in-house cybersecurity partner, we focus on accomplishing objectives and identifying areas for improvement based on lessons learned during implementation of our established processes and procedures. These tasks include:
  • Participate in change control discussions to identify potential security/compliance issues
  • Perform internal quality assurance reviews on cybersecurity policies and procedures to ensure on-going compliance
  • Conduct ongoing self-assessments of your development systems to maintain compliance
  • Perform Information Assurance Vulnerability Management (IAVM) support services, report and track compliance
  • Monitor and communicate emerging security requirements to your stakeholders and ensure they are incorporated into your systems development life cycle
  • Support ad hoc cybersecurity tasks as they arise