Coalfire Government Systems uses a facilitated risk management planning process based on NIST standards whereby existing risk plans are updated or initial plans developed. Policies and procedures are benchmarked to ISO17799 standards. This process guides effective security program implementation, provides a framework for executive management oversight and efficiently allocates IT resources, both financial and personnel. Coalfire Government Systems methodology encompasses best practices that conform to emerging legislation protecting sensitive information, including FISMA, OMB Circular A-123, HIPAA, GLBA, PCI and others. Our projects guide our clients to improved IT security today and to plan for trends and requirements tomorrow. Examples of Standards and best practices applied to our engagements include:

• NIST SP800-30 - Risk Management Guide for Information Technology Systems, which is explicitly referenced in the preamble to HIPAA and GLBA as a preferred approach to risk planning requirements. Coalfire Government Systems methodology incorporates the NIST SP800 series for IT security.
• ISO 17799 - The International Organization of Standards has adopted IT security management standards with metrics to guide effective security program implementation. All regulations recognize ISO 17799 standard as a best practice standard.
• CobiT Maturity Model - Maturity model to assist in benchmarking and decision-making for IT capability improvements.