Mainframe Auditor Practice for Security & Compliance Standards (MAP/SCS)The objective of this service offering is to provide InfoSec consulting assistance and expertise to ensure clients are meeting stringent security and compliance standards. For Department of Defense (DoD) customers, InfoSec utilizes the existing DoD Information Assurance Certification and Accreditation Process (DIACAP) standard, now known as the “Risk Management Framework (RMF) for DoD Information Technology – National Institute of Standards and Technology (IT NIST)”. DoD facilities are required to meet this strict set of guidelines before they are able to receive their Authorization To Operate (ATO) and process DoD related information.
For commercial customers, there is not a DIACAP/RMF like standard to compare an organizations security and compliance against. To address this gap, InfoSec has created MAP/SCS. InfoSec consultants who are highly skilled in the MAP/SCS audit guidelines and requirements will perform an assessment of current IBM mainframe security system, with specific emphasis on mainframe security regulations. The assessment is based upon a competent and professional review by a senior InfoSec security consultant of the existing security architecture, operation, organization and security audit findings. Most auditors insist on these types of security standards and compliance requirements.
- Using established Security Technical Guidelines, our consultant will assess and evaluate the company’s security implementation against the MAP/SCS.
- Comprehensively document each technical Guideline and the results of the assessment.
- Provide a prioritized list of the MAP/SCS findings (from critical to minor), including whether the technical Guideline was met or not and if not, what remediation must take place to achieve this standard.
- Present an anticipated expectation of resource requirements to remediate each item.
- Develop an in-depth implementation plan.
- Focusing on Critical items first, as well as “low hanging fruit” of lower priority.
- Provide technical support on implementation.
- Provide re-testing of cleared items.
- Provide documentation (as well as evidentiary materials) to prove items are fixed.
- Provide technical input to your certification assessors (for DoD customers) or your internal/external auditors (for commercial customers) for any contested items.
- Provide necessary documentation to support an annual DIACAP Audit, if required.