Risk Management Framework

Government

The standards we apply to improve architectures and business processes:

  • FISMA
  • COBIT
  • ITIL
  • ISO 27000X
  • PCI-DSS

Mercury Technology Consultants will work with their customers to deliver innovative information security solutions. MTC has already set the bar for competitors in the industry to follow. As a leader in the field, MTC works with their clients to deliver innovative information security solutions and provide expertise in cyber security, Information Assurance and Risk Management Framework (RMF) processes. The Assessment and Authorization (A&A) process is now accredited under the RMF for Department of Defense (DoD) IT and Veterans Affairs (VA) RMF within both state and federal government departments and agencies and the Intelligence Community (IC). Our experts will ensure that security solutions are incorporated in every proposed solution for development systems as well as legacy systems.

Risk Management Framework (RMF) is the adopted information security framework that the federal government has implemented to replace the legacy Certification and Accreditation (C&A) such as DIACAP processes.   

 

Why RMF?

RMF is a process that allows organizations to incorporate risk management principles within the life cycle of their systems. Mercury has many years of experience working with Certification and Accreditation and has solid experience working with the Department of Veterans Affairs with their A&A process. The Federal Information Security Modernization Act of 2014 has amended the Federal Information Security Management Act of 2002 (FISMA). This amendment has additional requirements for oversight and minimum controls for securing Federal Information Systems and requires utilization of the National Institute of Standards and Technology (NIST).

With many additional updates pending and the tedious task of organizational development and implementation of policies and procedures and documentation, let Mercury assess and assist your organization with their knowledge and experience using the NIST guidance in transition of cybersecurity programs to a Risk Management Framework (RMF).  We will also focus on achieving and maintaining compliance and strengthen your use of continuous monitoring in maintaining a constant cycle of assessing the impact to information systems from both planned and unplanned changes.  The risk assessments that we conduct will reduce both information security and privacy risks to an acceptable level and ensure that security controls and privacy controls are addressed throughout the life cycle.

Click here to download a copy of our most recent case study

Corporate

COBIT – Control Objectives for Information and Related Technologies (COBIT)

Mercury Technology Consultants has adopted the strategies of industry best practices and will apply auditing control objectives to ensure your company information technology meets adopted business standards and goals. Our COBIT audit allows business management to discover gaps and improve on IT governance and focus on managing the development and implementation of IT systems while monitoring for risks.  The COBIT frameworks are developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute designed to help business executives, IT personnel and management staff to properly manage and govern their IT systems and IT-enabled investments. MTC has helped many in the private sector, healthcare companies, and hospital to utilize this framework in order to streamline their processes and lower their costs. COBIT allows organizations to factor in regulatory compliances and many of the standards that affects their industry while implementing  IT management and controls into the end-to-end IT life cycle.

ITIL – Information Technology Infrastructure Library (ITIL)

In many instances companies can use control objectives for both COBIT and ITIL simultaneously to improve their IT governance.  Corporate business roadmaps, policies and practices dictate the overall business goals to IT goals while integrating a maturity model that will help to reduce costs in addition to establishing and maintaining security and privacy standards. Call our experts to work with your IT team to implement a COBIT – ITIL strategy now.

PCI-DSS

Mercury will deliver the best industry practices and recommend new technologies to improve performance and business processes. We will assist to acquire security validation to meet your Merchants’ PCI compliance levels by using a highly qualified security assessor. We offer the following objectives:

Conduct assessment for compliance and issue a Report on Compliance (ROC) that verifies the business’ PCI DSS compliance plan. Additionally, we will design and maintain a secure network, track and monitor all access to network resources and cardholder data. We also provide in depth testing of networks and develop, implement and maintain Information Security policies and address any compensating controls.