Visit the bottom of this page for a FREE 30-Day Trial!
Totem's Cybersecurity Planning Tool
Standard and Custom Control Sets
Totem’s Cybersecurity Planning Tool is the most in-depth cybersecurity compliance software. It comes packaged with multiple cyberecurity frameworks. With a flip of a switch the organization can engage an additional privacy control set for NIST 800-171, HIPAA Security Rule, GDPR, as well as ISO 27001. We can create custom control sets tailored to your cybersecurity planning needs.
System Security Plan Management
Totem’s Cybersecurity Planning Tool acts as the repository for the IT System Security Plan (SSP), a container for all strategic policies and implementations. The SSP is customized to be exported from they cybersecurity compliance software into in either Microsoft Excel or Word formats.
Control Assessment Status
Totem’s Cybersecurity Planning Tool not only acts as the System Security Plan, but also as the Security Assessment report. The report can be exported from the cybersecurity compliance software into an Excel spreadsheet.
Risk Management: Corrective Action Plan Creation
Noncompliant controls can be addressed through a Corrective Action Plan (CAP). The CAP interface is directly accessible from the Controls page in your interface.
Risk Management: POA&M Management
Collectively, the CAPs are managed in the tool under the Plan of Actions and Milestones (POA&M) interface. The POA&M can be exported from the cybersecurity compliance software into standard industry Microsoft Excel format.
Features of the Totem's Cybersecurity Planning Tool
Description of Organizational Environment
Engage Privacy Controls (for HIPAA organizations)
Import Existing SSP (spreadsheet)
Export SSP (spreadsheet)
Export Policy Document (Word)
Two Control Sets:
• NIST 800-171
• HIPAA for Small Business
Controls broken down into “Organizational Actions” (what NIST calls “Assessment Objectives”) for more explanation and granular plan/policy control.
Manage/Justify (for N/A) implementation details for each control at the Organizational Action level.
Mark each control as being implemented through:
• Policy
• Technology
• Hybrid (mix of policy and technology)
Policy/Hybrid controls automatically populated into “Policy Document” to be provided to implementers (e.g. outsource IT staff).
Upload/attach Compelling Evidence Artifacts
Supplemental Guidance/discussion of each Control
Global or Field-level Search
Mark Non-compliant Controls to Include in POA&M
Corrective Action Plan (CAP) Development
Title/ID CAP
Description of Weakness
Description of Action Plan
Designate Responsible Party
Set Completion Date
Manage POA&M through GUI
Export POA&M in US DoD Format (spreadsheet)
Mark Each Control as Compliant/Non-compliant
Assessor/Auditor Comments Field
Export SAR (spreadsheet)
Executive Compliance Summary
Upcoming POA&Ms
Highlight of Weak Areas
User Management
Role Management
Invite New User
Disable or Delete Users
Turn Notifications on/off
Manage Multiple Organizations
Engage MFA
Risk Assessment (spreadsheet)
Incident Response Plan (Word doc)
Incident Response Report (Word doc)
Achieve Compliance Starting at $165 / Month.