Who We serve
At Landers and Company we focus on providing long-term solutions to ensure that your
mission is accomplished long after we have completed our work. We specialize in areas
pertaining to compliance and cross-organizational integration. One of our primary core
competencies relates to Title III of the E-Government Act of 2002, otherwise known
as the Federal Information Security Management Act (FISMA) (Public Law 107-347).
While many organizations strive to provide services in this area, few provide strategic
insights to assist their clients with implementing an information security program that is
complimentary with the organizations' mission. More specifically, companies providing
FISMA-related services are often focused on the detailed compliance parameters and
fail to provide services that capitalize on the flexible nature of the guidance published
by the National Institute of Standards and Technology (NIST). Our most recent focus
is on the transition from the static and often cumbersome security assessment and
authorization process (formerly referred to as Certification and Accreditation – C&A).
We work diligently with our clients to plan for and implement robust and comprehensive
continuous monitoring programs that facilitate a dynamic and ongoing authorization
process. By leveraging a flexible risk-based approach we help our clients make real
progress towards efficient and integrated security programs.
Our unique approach to continuous monitoring aligned with guidance documented in NIST Special Publication (SP) 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach and NIST SP 800-137 Information Security Continuous Monitoring for Federal Information Systems and Organizations. We provide expert assistance with identifying and establishing common controls for your organization and additional security control subsets that are aligned with organizational divisions of responsibility.
We assist System and Information Owners with identifying appropriate security controls that are both logical and cost-effective based on the sensitivity of an information system and the organizations risk tolerance. By assisting System Owners with the formal documentation aspect of security control tailoring and other risk-based decisions such as mitigation and acceptance, we help organizations avoid poor security assessment results and achieve authorization to operate (ATO) from their authorizing officials (AO). We can also assist with coordination efforts between system owners and your organizations Cost Prevention and Investment Control (CPIC) function through correlating Plan of Action and Milestones (POA&M) costs with your budget documentation (A-11 Exhibit 53B).