top of page
Metis defense vision.jpg

POLICY DEVELOPMENT

COMPREHENSIVE POLICY WRITING

Wherever you are on your road to information security, cybersecurity, and data privacy improvement, Metis Defense can assist with our comprehensive, industry leading policy writing services. Because the NIST SP 800-53 framework is the definitive publication for information security for federal agencies (and in turn, federal contractors), our policy development services are aligned with the respective NIST control families. This ensures a perfect, one-to-one match when developing customized policies and procedures for federal agencies and federal contractors.

The policies and procedures included in your cybersecurity policy will be unique to your org — and companies’ needs when it comes to cybersecurity vary widely and a good Policy Development procedure needs to be tailored to address those unique needs. Metis Defense will do just that to help ensure that your employees follow your policies.

Metis defense policy writing.jpg

OUR POLICY WRITING SERVICES:

NIST SP 800-53 (for FISMA and FedRAMP)

NIST Special Publication 800-53 Revision 5 Security and Privacy Controls For Information Systems and Organizations, establishes controls for systems and organizations. The controls can be implemented within any organization or system that processes, stores, or transmits information. The use of these controls is mandatory for federal information systems in accordance with Office of Management and Budget (OMB) Circular A-130 [OMB A-130] and the provisions of the Federal Information Security Modernization Act11 [FISMA], which requires the implementation of minimum controls to protect federal information and information systems.

NIST SP

800-171

NIST Special Publication 800-171 Revision 2 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, provides federal agencies with recommended security requirements for protecting the confidentiality of CUI: (1) when the CUI is resident in a non federal system and organization; (2) when the nonfederal organization is not collecting or maintaining information on behalf of a federal agency or using or operating a system on behalf of an agency; and (3) where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or governmentwide policy for the CUI category listed in the CUI Registry.

CMMC COMPREHENSIVE FRAMEWORK

To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the defense industrial base’s (DIB) sensitive unclassified information from frequent and increasingly complex cyberattacks. With its streamlined requirements, CMMC 2.0:  (a). Simplifies compliance by allowing self-assessment for some requirements. (b). Applies priorities for protecting DoD information. (c). Reinforces cooperation between the DoD and industry in addressing evolving cyber threats.

NIST CYBERSECURITY FRAMEWORK

The NIST  Cybersecurity Framework provides a common language for understanding, managing, and expressing cybersecurity risk to internal and external stakeholders. It can be used to help identify and prioritize actions for reducing cybersecurity risk, and it is a tool for aligning policy, business, and technological approaches to managing that risk.

NIST C-SCRM PROGRAM DEVELOPMENT

The NIST Cybersecurity Supply Chain Risk Management (C-SCRM) program helps organizations to manage the increasing risk of supply chain compromise related to cybersecurity, whether intentional or unintentional. The factors that allow for low-cost, interoperability, rapid innovation, a variety of product features, and other benefits also increase the risk of a compromise to the supply chain, which may result in risks to the end user. Managing cybersecurity risks in supply chains requires ensuring the integrity, security, quality and resilience of the supply chain and its products and services.

digital-cyberspace-with-particles-digital-data-network-connections-high-speed-connection-d

TRUSTED

Trusted Advisors to both Federal Agencies and Federal Contractors

closeup-macro-shot-circuit-cyberspace-board-with-computer-motherboard-component-microchip-

RESPECTED

Well-known and Respected Throughout the Federal Agency Apparatus

digital-cyberspace-with-particles-digital-data-network-connections-high-speed-connection-d

UNIQUE

A Unique Combination of Knowledge, Expertise, and Capable Manpower

Metis defense policy writing 1.jpg

CONTACT METIS DEFENSE TODAY FOR A CONSULTATION

bottom of page