Data integrity and security are cornerstones of information management at Federal agencies. Sensitive compliance reports, citizen records, and financial data are all stored and managed electronically by Federal Agencies, thus being inherently susceptible to cyber-attacks. As security threats have become more highly evolved, Federal agencies must also be able to adapt and implement dynamic methods for dealing with cyber security issues. Recent events have exposed the fact that Federal agencies are susceptible to data privacy risk from both internal and external threats. In order to mitigate the risk of having private information compromised, many organizations have developed cyber security protocols to handle both the electronic and personnel aspects of information management. The White House has identified cyber security as one of the most serious economic and national security challenges faced by the country today, emphasizing the need to identify and eliminate current digital threats and to strengthen the future Federal cyber security environment. Oxford is experienced in assisting Federal Agencies with their Cyber Security requirements, focusing on infrastructure resilience and data protection.
Utilize Oxford’s cyber security practice to assess your current security protocols, conduct a threat assessment, or establish and strengthen your Agency’s cyber standards and policies. The end result will be a safer digital working environment. Oxford concentrates on developing security policies that are inclusive of overall organizational IT needs and culture, keeping a clear focus on the core business functions and key activities that a Federal Agency has been tasked with. Oxford aligns IT Security plans with an Agency’s overall IT Strategy, creating unified digital environments for our clients that are secure from threats, both now and in the future. Oxford ensures that security policies directly support an Agency’s vision and mission, never deviating from the intended strategic path. Our project managers, information architects, and cyber security consultants ensure that the most modern and proven methods are used to create a secure work environment, aligned with NIST, FedRAMP, OMB, GAO, and all Departmental requirements.
What We Do…
Federal Information Security Management Act (FISMA) Compliance and Reporting: Oxford supports Federal clients in FISMA reporting to the Office of Management and Budget (OMB) via Departmental tools and the detailed assessment of information system security program posture based on compliance with Federal performance standards.
Federal Information Processing Standards (FIPS) System Categorization: Oxford supports Federal clients in applying the provisions of Federal Information Processing Standard (FIPS) 199 and 200. Information system security categorizations and minimum security control requirements are established based on a thorough assessment of the confidentiality, integrity, and availability needs of the information systems being planned. Oxford is experienced in planning and supporting major applications, general support systems, and minor Agency applications.
Risk Analysis: Oxford supports Federal clients with risk assessments and security impact analysis for all levels of information systems. Oxford’s approach involves the identification of threats and vulnerability sources, with our cyber security consultants developing enhanced compensating security control recommendations, aligned with mitigating strategies. Outcomes involve overall risk reduction to acceptable levels.
System Security Plan (SSP) Development: Oxford supports Federal clients with the development of Federally mandated information system security documentation, to include comprehensive System Security Plans. Oxford developed SSPs implement the appropriate set of NIST and FedRAMP system security controls, based upon the low, moderate, or high system related security watermark. Oxford’s approach is supported by certified IT security consultants, trained to produce SSP documents tailored to the information systems specific design and functional requirements.
System Test and Evaluation (ST&E): Oxford supports Federal clients with the development and testing of technical security features and functions for information systems. We ensure intended and expected performance prior to system deployment. Our ST&E approach utilizes detailed testing methods designed to determine system security control implementation status. The results identify system security weaknesses and recommended plans of action to improve the system security environment.
Plan of Action and Milestones (POA&M): Oxford supports Federal clients with the planning of corrective actions and maintenance of POA&Ms to strengthen their information system security environment. Oxford’s POA&M support provides a management process for tracking the mitigation of cyber security program and system-level weaknesses. Our approach involves identifying, assessing, prioritizing, and monitoring POA&M corrective action activities.
Security Assessment and Authorization (SA&A): Oxford conducts comprehensive certification and accreditation activities via our cyber security assessment and authorization practice. Oxford cyber consultants are adept with assisting our Federal clients in obtaining positive Authority to Operate (ATO) results via the structured review of application system management, operational, and technical controls. Oxford SA&A review activities result in the generation of evidence and control descriptions that take into account all levels of risk. Our SA&A support includes interfacing with third-party assessors, evaluators, OIG as required, and IT auditors to produce and validate evidence of system security compliance. Oxford utilizes a standardized SA&A process, in accordance with your Agency’s tailored security policies and all Federal standards and regulations (NIST & FedRAMP).
IT Security Strategic Planning: Oxford supports Federal clients with aligning security initiatives with agency IT Strategic Vision, Mission, and Goals. Our approach creates short and long term objectives for strengthening the security infrastructure, decreasing the number of security incidents, and involves the implementation of security plans and protocols into program initiatives.