At Mantis Security Corporation we are focused on information security. We are comprised of small teams that meet the challenges your secure systems face by providing you with the right mix of subject matter experts. Our ability to address issues, and to uncover potential risk is what we do. We assist customers in the Intelligence Community and the Department of Defense with the transition to the NIST Risk Management Framework (RMF). Mantis Security has lead multiple agencies move from previous regulations (DCID 6/3, DIACAP, & NIST pre-RMF) through a paradigm shift into the new “risk aware” methodology. Our experience will prove invaluable in your transition to the NIST RMF.
Mantis Security consultants have been providing transition support for NIST security controls and RMF to Federal government, IC, and DoD clients since the signing of ICD 503 in September 2008 and the publishing of NIST SP 800-37 Rev. 1. As a result, we have considerable experience customizing implementation plans for organizations moving to the new framework and understanding the lexicon change to NIST security controls. We’ve also audited and assessed system security as Certification Agents for Authorization to Operate (ATO) decisions to the Authorization Official. Our understanding of the challenges involved help efficiently and effectively guide your information assurance workforce adjust their practices to align with the NIST RMF.
With our experience inside a variety of agencies we have an understanding that agency-specific directives, instructions, procedures, and even culture are key contributors to the ability to implement information assurance principles and security practices to your systems. Knowing how to bring together the right personnel from executive leadership to application developers and end users is important to ensure that data types, risk tolerance, and mission are all integrated into your security planning as early as possible throughout your system’s lifecycle. We have a variety or experience with many approaches that utilize automated security documentation software and understand the emerging abilities of those products to aid your organization create truly living security plans. These tools, only when properly implemented can provide the system and data owners with an accurate depiction of you security profile for risk analysis and risk management.