Totem's Cybersecurity Planning Tool

Standard and Custom Control Sets

Totem’s Cybersecurity Planning Tool is the most in-depth cybersecurity compliance software. It comes packaged with multiple cybersecurity frameworks. With the flip of a switch the organization can engage an additional privacy control set for NIST 800-171, HIPAA Security Rule, GDPR, as well as ISO 27001.  We can create custom control sets tailored to your cybersecurity planning needs.  

System Security Plan Management 

Totem’s Cybersecurity Planning Tool acts as the repository for the IT System Security Plan (SSP), a container for all strategic policies and implementations.  The SSP is customized to be exported from they cybersecurity compliance software into in either Microsoft Excel or Word formats.

Control Assessment Status

Totem’s Cybersecurity Planning Tool not only acts as the System Security Plan, but also as the Security Assessment report.  The report can be exported  from the cybersecurity compliance software into an Excel spreadsheet.

Risk Management: Corrective Action Plan Creation

Noncompliant controls can be addressed through a Corrective Action Plan (CAP).  The CAP interface is directly accessible from the Controls page in your interface.

Cybersecurity Policy Management
Risk Management: POA&M Management

Collectively, the CAPs are managed in the tool under the Plan of Actions and Milestones (POA&M) interface.  The POA&M can be exported from the cybersecurity compliance software into standard industry Microsoft Excel format.

Features of Totem's Cybersecurity Planning Tool

Cybersecurity Policy Management

Description of Organizational Environment

Engage Privacy Controls (for HIPAA organizations)

Import and Export Documents

Two Control Sets:

• NIST 800-171

• HIPAA for Small Business 

Controls broken down into “Organizational Actions” (what NIST calls “Assessment Objectives”) for more explanation and granular plan/policy control.

Manage/Justify (for N/A) implementation details for each control at the Organizational Action level.

Mark each control as being implemented through:

• Policy

• Technology

• Hybrid (mix of policy and technology)

Policy/Hybrid controls automatically populated into “Policy Document” to be provided to implementers (e.g. outsource IT staff).

Upload/attach Compelling Evidence Artifacts

Supplemental Guidance/discussion of each Control

Global or Field-level Search

Mark Non-compliant Controls to Include in POA&M

Corrective Action Plan (CAP) Development

Title/ID CAP

Description of Weakness

Description of Action Plan

Designate Responsible Party

Set Completion Date

Manage POA&M through GUI

Export POA&M in US DoD Format (spreadsheet)

Mark Each Control as Compliant/Non-compliant

Assessor/Auditor Comments Field

Export SAR (spreadsheet)

Executive Compliance Summary

Upcoming POA&Ms

Highlight of Weak Areas

User Management

Role Management

Invite New User

Disable or Delete Users

Turn Notifications on/off

Manage Multiple Organizations

Engage MFA

Risk Assessment (spreadsheet)

Incident Response Plan (Word doc)

Incident Response Report (Word doc)

Achieve Compliance Starting at $165 / Month.