Home OUR APPROACH Information Security Management

Information Security Management

                   

FoxGuard Solutions is an ISO 27001:2013 registered company.

FoxGuard has been “Built for Security” from its inception, with a priority of protecting the Confidentiality, Integrity, and Availability (CIA) of its customers’ information.  To continue its excellence in security and compliance, FoxGuard employs a security management team dedicated to the prevention and monitoring of security threats as well as managing strict policies around escalation and rapid response.

FoxGuard Solutions’ Information Management Security System (ISMS) currently includes:

  • Certification to ISO 27001:2013 – Information security management systems – Requirements
  • Compliance to applicable controls of NIST SP 800-171 Protecting Unclassified Information in Nonfederal Information Systems and Organizations
  • Utilization of SAE AS5553B guidance – Counterfeit (EEE) Parts Avoidance
  • Participation in GIDEP (the Government Industry Data Exchange Program   
  • Other industry standards and best practices, including applicable National Institute of Standards and Technology (NIST) publications.

Information Security policies and procedures are reviewed and updated on a regular basis, as the scope of FoxGuard’s activities involving Federal and International legislation and customer-specific requirements, increases. 

MANAGEMENT OF CONTROLLED, UNCLASSIFIED INFORMATION (CUI) – NIST SP 800-171 

The National Institute of Standards and Technology (NIST) Special Publication 800-171 focuses on protecting Controlled Unclassified Information (CUI) within nonfederal information systems and organizations, with a focus on the confidentiality arena of the CIA Triad.  Examples of CUI include personal information, financial information, intellectual property, and technical information.  A complete listing of CUI can be found in the National Archives CUI Registry (https://www.archives.gov/cui/registry/category-list).

FoxGuard Solutions is compliant to applicable requirements of the fourteen control families in NIST SP 800-171, including:

  • Access Control
  • Audit & Accountability
  • Awareness & Training
  • Configuration Manangement
  • Identification & Authentication
  • Incident Response
  • Maintenance

  • Media Protection
  • Physical Protection
  • Personnel Security
  • Risk Assessment
  • Security Assessment
  • System & Communications Protection
  • System & Information Integrity

 

 

 

 

 

 

RISK MANAGEMENT FRAMEWORK (RMF) CONTROLS

NIST SP 800-53 – Security and Privacy Controls for Federal Information Systems and Organizations – contains a catalog of controls  for agencies to use to develop security policies and processes for its organization and its information systems.  The document is a key component of NIST’s Risk Management Framework (RMF) and the Federal Information Security Management Act of 2002 (FISMA).  The controls are designed to be tailored to parameters applicable to the organization and each specific system that stores, processes, or transmits Federal information, in order to protect the Confidentiality, Integrity, and Availability (CIA) of the information.

The policies and procedures must reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance.  The policies can be included as part of the general information security policy for organization or, conversely, can be represented by multiple policies reflecting the complex nature of certain organizations. Procedures should address the security program in general, and for particular information systems, if needed.

FoxGuard’s information security policies and procedures adhere to applicable requirements in the following control families found in NIST SP 800-53:

  • Access Control
  • Awareness & Training
  • Audit & Accountability
  • Security Assessment & Authorization
  • Configuration Management
  • Contingency Planning
  • Identification & Authentication
  • Incident Response
  • Maintenance

  • Media Protection
  • Physical & Environmental Protection
  • Planning
  • Personnel Security
  • Risk Assessment
  • System & Services Acquisition
  • System & Communications Protection
  • System & Information Integrity
  • Program Management

 

 

 

 

 

 

 

Additionally, FoxGuard is following the development of RMF 2.0, which integrates privacy management controls, enhances its focus on secure supply chain management, highlights preparation steps for implementing the original six RMF steps, and maps RMF requirements with NIST’s Cybersecurity  Framework (CSF).

FoxGuard provides solutions that are “Built for Security” and built in a secure environment!