Arch Systems implements the complete security stack for our clients, from program development and management to staff augmentation. We aid our clients with solving your security and compliance needs that range from FISMA, to ISO, and HIPAA.
- Development and implementation of Continuous Monitoring and Mitigation programs
- Risk Assessment services to cover PCI, HIPAA, FISMA, and other requirements
- Security Management of FISMA systems
- Incident Response
- Security Auditing services
- Penetration Testing services
- Disaster Recovery planning and testing
- Security Architecture development
- Physical Security design
Arch has brought a multitude of advantages saving time, costs, and improving processes on CMS projects. Some of those advantages include:
- Efficient Testing: Test automation is a way to make the testing process extremely efficient. The testing team can be strategically deployed to tackle the tricky, case specific tests.
- Reusability: One of the best aspects of test automation is that the testing software is reusable.
- Consistency: Test automation provides a consistent platform for the testing needs. The tests for which automation is usually deployed are extremely tedious. Automation drastically reduces the margin of error in the testing scenario by going through pre-recorded instructions.
The Medicare Learning Network® (MLN) Learning Management System (LMS) recently received their Authority to Operate (ATO), i.e., April 2018. New system documentation was generated and approved by the Centers for Medicare and Medicaid Services (CMS). This documentation included the following: Information System Risk Analysis (ISRA), Contingency Plan (CP), Continuous Monitoring Plan (CMP), Configuration Management Plan (CM), System Design Document (SDD), and System Security Plan (SSP). To ensure the system met all Acceptable Risk Safeguards (ARS) version 3.1, Arch completed an in depth evaluation of each applicable control, i.e., controls for a Low System, early on in the process. This process demonstrated the need for system customizations to meet ARS 3.1 controls for a Low System. During the requirements gathering for the customizations, risk areas were identified and either noted or design considerations were made. Due to the planning and SCA preparation, the assessment produced no High findings which allowed for the subsequent approval of the ATO.