Chief Information Security Officer (CISO) Support Services
Over the last 14 years, NXTKey / Magnus has provided CISO Support Services to Department of Justice components including Office of Justice Programs, Office of CIO, Office of CISO, USMS CISO and Bureau of Prisons leadership. NXTKey / Magnus team members have served as a principal cyber security advisors / liaison between DOJ HQ OCIO – Cyber Security Branch and DOJ Components / CISO staff and external auditors on all matters relating to the Annual Financial Statement and FISMA Audits of DOJ Components. Additionally, our teams serve as an internal auditor serving as an independent body performing overall assessment of IT controls for the DOJ systems, and recommend and validate corrective actions for deficiencies.
Some of the deliverables for our executive support to the CISOs include:
- Prepare, record, and track action items for the Authorizing Official (AO) briefings.
- Provide support needed for penetration testing.
- Prepare and disseminate risk slides including updates on behalf of CISO office
- Provide security program management policies, processes, procedures and standards.
- Develop and apply security procedures and checklists.
- Ensure compliance with downward directed enterprise security procedures, checklists, and requirements
- Support the maintenance of the continuity of operations and disaster recovery plan and procedures.
- Participate and assist, in the annual execution of a continuity of operations and disaster recovery exercise.
- Provide Operations Backup Sites support.
- Ensure backup policies, plans and procedures are in alignment with the Federal Information Security Management Act (FISMA).
- Produce and deliver training documentation on new security products and/or applications to Government and Contractor employees.
- Develop, maintain and update Security Education, Training, and Awareness plan.
In addition, NXTKey / Magnus Cyber Security Team provides support services for developing a proactive methodology to assess and strengthen internal IT controls and rapidly and effectively respond to, and resolve findings identified during the FISCAM and FISMA audits of systems and subsystems. Some of the support to complete the requirements are, but not limited to:
- Entrance Brief coordination
- Provided by Customer (PBC) deliverables to Auditors
- Draft written response to any Notification of Finding and Recommendation (NFR)
- Develop and manage corrective action remediation and tracking
- Exit Brief coordination