You Are Here:

US Home > Global Consulting Services > Global Security Consulting > About Global Security Consulting > Public Sector Compliance Services

Public Sector Compliance Services

The Purpose

Certification and Accreditation 
We work with you to bring your agency in line with government information assurance (IA) demands. We help you address requirements needed to attain certification that covers applicable government regulations, including the OBM A-130 and DoD Information Technology Security Certification and Accreditation Process (DITSCAP).  See our Federal Information Security Management Act (FISMA) white paper for detailed information on creating a top down IA system.

We work closely with your IT department to:

• Identify threats
• Assess security controls
• Perform a complete risk and technical assessment
• Develop a thorough plan of action with specific milestones 

FISMA Programs and Support 
VeriSign’s FISMA programs emphasize senior management responsibility, not just technical specifications. Technical solutions alone are not sufficient for you to earn good marks on FISMA compliance. Agencies must demonstrate the ways in which information security technology fits into an overall security strategy and budget that is integrated with the agency’s mission and goals. FISMA compliance therefore requires not only new initiatives, but a new perspective, from the head of the agency down to the entry-level security administrator.

We help your agency create a program that:

• Integrates information security policy and technology into an agency-wide framework from the top down
• Creates an overall security strategy and budget that’s in turn integrated with your agency’s mission and goals

Homeland Security Presidential Directive (HSPD) 
In August 2004, President Bush issued Homeland Security Directive #12 (HSPD-12), which created a Presidential Directive for a Common Identification Standard.  HSPD-12 imposes a number of milestones on Federal departments and agencies, and our consultants are uniquely positioned to enable Federal managers to design programs to meet them. First, each agency must develop an implementation plan.  Then, the agency must implement the directive using Federal Information Processing Standards Publication 201, Personal Identity Verification by October 27, 2005.

We help your agency draft the HSPD-12 plan. We analyze your current identity verification processes and procedures for compliance. We then make recommendations on cost-effective implementation techniques, roles needed within your agency, and supporting technology. VeriSign offers its PKI expertise that led to the first federal certification in the Shared Service Provider program.

HSPD-12 is the core component of the strategy to enable the interagency ID validation interoperability required by October 27, 2005. Our consultants are qualified to provide the required certification and accreditation support and documentation.

E-Authentication Services 
 
In line with OMB guidance and the e-authentication requirements of section 203 of the E-Government Act, VeriSign assists your organization in assessing system risks, identifying their proper assurance level and selecting the right technology to implement assurance.

VeriSign offers the following services to assist in the e-authentication needs of your agency:

• A risk assessment of the system.
• An assessment to find the required assurance level for the risk, based on six areas for potential impact: inconvenience, financial loss, harm to agency programs, unauthorized release of sensitive information, personal safety, and criminal or civil violations.
• Assistance in selecting and implementing appropriate technology based on NIST SP800-63 e-authentication technical standards.
• Validation services to test system assurance levels. This is part of VeriSign’s certification and accreditation process. 
• A program for periodic assessment of the system to make sure changes in technology or business process haven't changed the authentication requirements.

Agencies need to conduct these assessments for all new and existing online systems.

Business Continuity and Disaster Recovery 
Building off of NIST 800-34, we help you develop an overall continuity program that includes business continuity planning (BCP), disaster recovery planning (DRP or DR) and continuity of operations planning (COOP). These plans are designed to prevent or minimize disruptions with key process analysis, solid and tested policies.  We tie these plans back to the supporting infrastructure through analysis design and configuration of redundant systems, diverse networks, fault-tolerant facilities, and monitoring. The result: you return to normal quickly.

Ongoing Training 
Using NIST Special Publication 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model, and NIST Special Publication 800-50, Building an Information Technology Security Awareness and Training Program. VeriSign works with you to set up an appropriate security awareness, training, and education (SAT&E) that spells out:

• Awareness of agency specific security measures
• Training needs to develop the security skills of your employees
• Identification of employees to be trained and the role specific program for each user group
• How and how often to conduct the program

Trained personnel can help prevent many breaches and respond quickly to the rest, reducing your exposure to harm.

Other Security Consulting Services 
Many of the services we provide to the public sector are similar to our commercial sector services. These include:

• Technical Security Assessments
• Security Architecture and Design Solutions
• Identity and Access Management Services

We also have the resources to supply you with special services, such as an interim chief information security officer (CISO) or chief privacy officer (CPO), long-term program support personnel, and cleared staff.

For more information about VeriSign and the public sector, see the Public Sector page.

Back to top

Value to You 

Confidence That Your Program Is Addressing Regulatory Requirements 
It is nearly impossible to navigate all of the laws, regulations, Presidential Directives, and NIST specifications on your own. This is one of VeriSign’s core competencies, and we will help ensure that your strategy maps to the required standards.

Confidence Your Information Is Safe 
We identify security gaps and assess policies and practices - not just systems. We highlight consequences to your organization, providing you a roadmap, not just an audit. We supply assessment information specific to DoD Directive 8500.1 as well as FISMA and OMB A-130.

Certification and accreditation of your agency can help provide confidence that your information is safe. More importantly, it reduces the actual threat your agency is under. A successful attack on a government agency could have enormous consequences: 

• Widespread identity theft
• Disruption of IRS functioning
• Espionage   

A Greater Measure of Protection 
Working with VeriSign gives you a greater measure of protection because of our wide experience with security policy and program management, technology infrastructure, organizational governance, and on-going reassessment and training.

Documented Improvement 
We create a set of well-defined tasks - designed to meet federal standards - at each phase of the certification and accreditation process:  

• Initiation phase
• Security certification phase
• Security accreditation phase
• Continuous monitoring phase

Well-defined sets of tasks lead to both the documents needed for improvement and planning and to the deliverables showing that the improvements have been made.  

Back to top

How We Work

1. We understand your agency.

We identify key laws, regulations, and directives.

We understand the functional and operational competencies of your agency.

2. We identify the role information flow plays.

We learn your agency’s responsibilities and we identify the role information flow plays in meeting them.

We interview key people to see what your deliverables are and to make an initial risk assessment.

3. We prepare the necessary documents.

Depending on the services we have been engaged for, we assist your agency in providing the following documents:

• Certification and accreditation (C&A) plan
• System security plan (SSP)
• Risk assessment
• Security test and evaluation (ST&E) plan and report
• IT contingency plan
• Configuration management plan
• Certification letter and accreditation letter
• Business continuity, disaster recovery, and continuity of operations plans (BCP, DR, and COOP)
• Application assurance level assessment
• HSPD-12 readiness assessment and implementation plans

4. We take you through the necessary assessments, certifications, and implementation.

We determine what the applicable federal, state, and local guidelines are for your agency, make a thorough assessment, and prepare the necessary documentation. We prepare a security accreditation package that documents the certification process: what has changed, what is currently within certification, and what the plans are for ongoing compliance. We deliver the package to the appropriate authorizing official. We then work with that official as needed to make sure that the certification and accreditation process is successful. We provide assessments and strategies for the e-authentication, HSPD-12 and FISMA regulations as well as HIPAA security rule assessments.

5. We help you improve through strategic and point solutions.

Where your gaps include policies or deployments of authentication and identity management solutions, we can help. Many of our public sector customers ask us to stay after we finish the assessment to manage and assist with ongoing improvement efforts. 

Back to top

The Results

Greater Information Assurance 
Because we assess your infrastructure thoroughly, you be confident that you can quickly identify and react to threats - preventing many of them and successfully defending yourself against the rest.

Full Compliance with Federal Regulations 
The VeriSign IA process means that your agency has been brought up to par with applicable requirements, as demonstrated by the certifying official’s approval. You can be sure that you’re in conformance with your obligations.

An Ongoing Safety Plan 
We set up a regular series of assessments to make sure information assurance remains good. The follow-up assessments are usually short and easy - as long as your agency has made an effort to stay in compliance. They’re nonetheless an effective way to dealing with new threats.

HSPD-12 and Strong Authentication

Strong authentication secures access to your network through single sign-on to many applications. It also secures electronic transactions over the Internet or intranets. Read more about Unified Authentication.

Back to top

Why VeriSign

We understand the differences and similarities between working with the Federal Government and working with business. We recognize the enormous importance of maintaining security at the federal level. At the same time, we recognize that the government has to function efficiently, both in the United States and around the world. Read our Public Sector white paper.

The government strongly recommends that a third party do the assessment and recommend an information assurance plan. We have a broad range of experience helping organizations comply with government regulations and industry standards, so our collaboration with you works to your advantage. For an overview, read Compliance and Your Business.

Seventy percent of our business comes from existing customers. We focus on our relationship with our customers. Our goal is to be your trusted security advisor. Read about Our Expertise.

We’re a security company with a consulting practice, not a consulting company with a security practice. Read about The Value of VeriSign.

Back to top