Totem has partnered with GuardSight, Inc. — a well-respected Managed Security Service Provider (MSSP) headquartered in Cedar City, UT — to help deliver cybersecurity compliance to several small business customers.
We describe two example success stories below.
DoD
Manufacturer
NIST 800-171 and CMMC Compliance
Because they handle Controlled Unclassified Information (CUI), a small business Defense Industrial Base (DIB) machining shop needed to achieve compliance with the DFARS 252.204-7012 requirement, and prepare for Cybersecurity Maturity Model Certification (CMMC) at Level 2.
How we teamed with GuardSight
- Totem created a strategic roadmap for the company’s eventual CMMC Level 2 compliance.
- Totem teamed with the company to leverage the Totem™ Cybersecurity Compliance Management tool to generate an SPRS score that the company then submitted to the DoD, as required by DFARS 252.204-7019.
- Totem helped the company develop tactical implementation plans for the 110 cybersecurity safeguards in NIST 800-171. Several of those safeguards are related to continuous monitoring and security operations.
- Totem referred the company to GuardSight for security operations. Within 48 hours, GuardSight had deployed cybersecurity weapons, including anti-virus and intrusion detection sensors to detect and contain threats.
- GuardSight also placed a 24/7 handler on duty to keep an eye on alerts and respond to incidents, if needed.
The Results
- With Totem’s help, the company completed its cybersecurity assessment on time and developed the cybersecurity plans that brought it into compliance with the DFARS mandate to protect CUI.
- GuardSight helped the company spin up a security operations capability and also helped it carry out a desktop exercise to test its cyber incident response planning, another CMMC Level 2 requirement.
Pharmaceutical
Manufacturer
NIST 800-171, SOC 2, and HIPAA Compliance
A small pharmaceutical company wanted to bolster its cybersecurity program to provide a stronger level of assurance to its shareholders, as well as secure the privacy of customer information it collected during drug trials, in accordance with HIPAA/HITECH laws.
How we teamed with GuardSight
- GuardSight had implemented continuous monitoring and security operations for the company for several years, in conjunction with a managed IT service provider who administered portions of the company’s day-to-day IT.
- The company’s board tasked the company CIO and IT staff with implementing a standard cybersecurity safeguard framework, as well as a privacy program. The company asked GuardSight for guidance.
- GuardSight reached out to Totem, who recommended the NIST 800-171 standard for cybersecurity, as well as a custom privacy control set that Totem engineers had developed.
- Totem performed a cybersecurity and privacy gap assessment for the company, in the process helping them create a detailed System Security Plan (SSP) and privacy policy.
- Totem also helped the company develop a Plan of Actions and Milestones (POA&M) to remediate cyber deficiencies.
The Results
- Totem was able to integrate the company’s existing robust day-to-day IT and security operations — powered by GuardSight — into a strategic plan to better protect proprietary and customer data.
- With GuardSight’s ongoing watch over their environment, and Totem’s cybersecurity program plans in place, the company was able to pursue its strategic goals of cybersecurity compliance certification.
