Stories from a Successful Partnership: GuardSight, Inc.

Guardsight_Logo

Totem has partnered with GuardSight, Inc. — a well-respected Managed Security Service Provider (MSSP) headquartered in Cedar City, UT — to help deliver cybersecurity compliance to several small business customers. 

We describe two example success stories below.

DoD
Manufacturer

NIST 800-171 and CMMC Compliance

Because they handle Controlled Unclassified Information (CUI), a small business Defense Industrial Base (DIB) machining shop needed to achieve compliance with the DFARS 252.204-7012 requirement, and prepare for Cybersecurity Maturity Model Certification (CMMC) at Level 2.

How we teamed with GuardSight

  1. Totem created a strategic roadmap for the company’s eventual CMMC Level 2 compliance.
  2. Totem teamed with the company to leverage the Totem™ Cybersecurity Compliance Management tool to generate an SPRS score that the company then submitted to the DoD, as required by DFARS 252.204-7019.
  3. Totem helped the company develop tactical implementation plans for the 110 cybersecurity safeguards in NIST 800-171.  Several of those safeguards are related to continuous monitoring and security operations. 
  4. Totem referred the company to GuardSight for security operations.  Within 48 hours, GuardSight had deployed cybersecurity weapons, including anti-virus and intrusion detection sensors to detect and contain threats.
  5. GuardSight also placed a 24/7 handler on duty to keep an eye on alerts and respond to incidents, if needed.

The Results

  • With Totem’s help, the company completed its cybersecurity assessment on time and developed the cybersecurity plans that brought it into compliance with the DFARS mandate to protect CUI.
  • GuardSight helped the company spin up a security operations capability and also helped it carry out a desktop exercise to test its cyber incident response planning, another CMMC Level 2 requirement. 

Pharmaceutical
Manufacturer

NIST 800-171, SOC 2, and HIPAA Compliance

A small pharmaceutical company wanted to bolster its cybersecurity program to provide a stronger level of assurance to its shareholders, as well as secure the privacy of customer information it collected during drug trials, in accordance with HIPAA/HITECH laws.

How we teamed with GuardSight

  1. GuardSight had implemented continuous monitoring and security operations for the company for several years, in conjunction with a managed IT service provider who administered portions of the company’s day-to-day IT.
  2. The company’s board tasked the company CIO and IT staff with implementing a standard cybersecurity safeguard framework, as well as a privacy program.  The company asked GuardSight for guidance.
  3. GuardSight reached out to Totem, who recommended the NIST 800-171 standard for cybersecurity, as well as a custom privacy control set that Totem engineers had developed.
  4. Totem performed a cybersecurity and privacy gap assessment for the company, in the process helping them create a detailed System Security Plan (SSP) and privacy policy.
  5. Totem also helped the company develop a Plan of Actions and Milestones (POA&M) to remediate cyber deficiencies.

The Results

  • Totem was able to integrate the company’s existing robust day-to-day IT and security operations — powered by GuardSight — into a strategic plan to better protect proprietary and customer data.
  • With GuardSight’s ongoing watch over their environment, and Totem’s cybersecurity program plans in place, the company was able to pursue its strategic goals of cybersecurity compliance certification.