A Medium Level Readiness Review can be conducted. In the Medium Level Readiness Review, Helm Point will assign a cybersecurity professional (Reviewer) to examine the controls, processes, and procedures as they relate to securing the corporate enterprise. This is a more detailed examination of how things are being done to ensure the security of the corporate enterprise.
In this assessment, the FutureFeed database will be further updated, to include a deeper dive into the 110 controls, address specific policies and procedures, identify solutions that will address non-compliant controls, and build a project to include estimated costs and schedules. A prioritized list of the projects is prepared based on the data provided. This data can then be used
for budgeting purposes and scheduling various resources and projects to be completed.
Once the Reviewer has completed the interview and examination, an updated System Security Plan (SSP) will be provided. A System Security Plan is a requirement for the NIST 800-171 standard. The SSP will address all of the control areas. In any control area that does not meet the NIST 800-171 standard, a POAM will be created, identifying that there is a control area that needs to be addressed. At any time, you may access the FutureFeed application and review your compliance score, produce an SSP or POAM and review prioritized actions and budgeted projects. As this is a ‘working tool’ you may add, change/update and remove any systems and artifacts that create your NIST compliance environment.