Quality Improvement Organization (QIO) FISMA Audit

Client Name

Department of Health and Human Services (HHS)

Centers for Medicare and Medicaid Services (CMS)

Service

Cybersecurity

Client Type

Civilian

Enlightened FISMA audits identify and help mitigate security vulnerabilities for our clients.

Challenge

At the Department of Health and Human Services, Enlightened was tasked with performing a FISMA Audit of QIOs, which were located in 58 separate physical sites responsible for each U.S. state, territory, and the District of Columbia.

Approach

Enlightened performed white-hat (non-intrusive) technical assessments methodologies which included scans for asset discovery, potential threat vector identification scripts, and service enumeration/port compliance tests. The security software tools known as NESSUS and N-Map were also utilized. To educate HHS employees, Enlightened provided trainings encompassing an overview of laws and directives mandating and implementing FISMA, the methodology utilized to pursue FISMA compliance, and the dynamically changing culture of FISMA within field operations.

Results

Due to the successful execution of this project, CMS was able to maintain an effective security posture by keeping up to date on recent vulnerabilities, changes in infrastructure, and identification of any new security weaknesses.

Services Provided

  • Provided Security IT support
  • Performed project management and quality assurance oversight
  • Documented the existing security posture and level of FISMA compliance of each QIO site
  • Identified deficiencies in the security posture and the minimum set of standard security controls
  • Categorized security weaknesses (low, moderate, high)
  • Provided recommendations for security improvement
  • Identified associated costs
  • Conducted trainings

LET ENLIGHTENED HELP YOUR ORGANIZATION SOLVE PROBLEMS AND ACHIEVE ITS OBJECTIVES.