What is ClearArmor® CRP?
CyberSecurity Resource Planning (CRP) is a complete two-step business process that provides specific work procedures and installs the required technology and that will deliver organizational CyberSecurity. Momentum Methodology™ (M2™) provides the process and Intelligent CyberSecurity Platform™ (ICSP™) provides the technology.
ClearArmor’s Momentum Methodology™ (M2™) Process is a business process that begins with a definition of how leadership views the organization, followed by identification of risks and vulnerabilities, and concludes with a designed organization-specific automated cybersecurity program. Business-critical areas are identified during this process, which allows the organization to direct resources and activities for effective cyber governance.
ClearArmor’s Intelligent CyberSecurity Platform™ (ICSP™) and Technology Suite provides real-time visibility and continuous reporting on the automated activities through work-flow and program status through management dashboards. ICSP provides the data before you know you need it – zero delay!
ICSP manages the automated cybersecurity program and deploys:
- Real-time discovery of all network component
- Cloud management
- Virtual Machine Management
- IOT and Mobile device management
- Software and Hardware management
- Real-time hash management
- Secure Software deployment
- Application mapping
- Port flow analysis
- Bot-managed penetration testing (using proven military processes)
- Automated configuration management
- Patch management
- Active Directory management
Through the ICSP the program establishes the baseline for the current architecture and focuses on increasing NIST defined cybersecurity maturity. The baseline is then compared against the target profiles established by leadership during M2, and a detailed roadmap is created to allow the organization to move from its existing state to the target secure state
Due to ever-increasing CyberSecurity threats, the U.S. Government has implemented a critical national CyberSecurity defense initiative through a Presidential Executive Order.
The Framework for Improving Critical Infrastructure Cybersecurity (the “NIST Framework”), has been adopted by the U.S. Government as the process that will be implemented to manage United States Agencies’ CyberSecurity risk.
The NIST Framework was adopted by the U.S. Government and it must be addressed by any organization that deals with Government agencies.
The ClearArmor® CRP is the total technology solution that fully implements the NIST Framework.
ClearArmor® CRP delivers, installs, and manages NIST Framework Based CyberSecurity.
A Definition of NIST Framework Compliance
The NIST Framework defines the best practices for achieving organizational CyberSecurity. As such, compliance with NIST standards and guidelines has become a top priority for many organizations.
NIST Framework guidance provides a specific set of recommended security controls. Security controls are defined process goals. All the controls must be addressed. Each control provides individual guidance on execution, metrics, and continuous reporting.
Implementing ClearArmor® CRP and adding regulation-specific modules will ensure compliance with HIPAA, FISMA, or SOX.
The NIST Framework through the ClearArmor® CRP outlines activities leading to compliance:
- Fully define the data, assets, and systems that will be protected,
- Define the baseline of controls required to protect the defined systems,
- Document a risk assessment of the baseline controls,
- Implement a defined security action plan,
- Implement non-technical processes,
- Implement the associated technical solutions,
- Monitor performance to measure the efficacy of security controls,
- Implement the ClearArmor® CRP reporting process,
- Implement ClearArmor® CRP Governance,
- Determine and document risk,
- Implement continuous compliance, monitoring and reporting.
NIST Framework Compliance Benefits
Compliance through the implementation of ClearArmor® CRP helps to ensure an organization’s infrastructure is secure. NIST also lays the foundational protocol for companies to follow when achieving compliance with specific regulations such as HIPAA, PCI, FERPA, NERC, FISMA or CIS Standards.