Compliance & Risk Management The TalaTek difference is total control.

With a unique philosophy that “security” is simply a means to “risk management,” TalaTek arms government and private-sector organizations with the insight, experience, custom solutions and strategic planning to effectively and efficiently manage risk.

The TalaTek Compliance Management Solution (CMS) is an all-inclusive, flexible and cost-effective approach to risk-based, enterprise or agency-wide information security. We deliver our methodology using our “Security as a Service” (SAAS) model. TalaTek services transform the current resource-depleting documentation exercise into an effective, total life-cycle management of the Security Authorization process—as defined by NIST 800-37 Revision 1.0—from preparation to maintenance phases, implementing automation wherever possible.

The broader TalaTek approach to managing security enables you to meet continuous monitoring requirements with real-time reporting and up-to-date dashboard visibility.

Key customized activities include remediation action, verification action, and audit tasks. Continuous monitoring of control status provides an ongoing view and reports of ever-changing risk, and ensures continuous adherence to compliance requirements and security measures.

This service is invaluable for agencies transitioning from the NIST 800-53 Rev 2.0 to Rev 3.0, with the predefined control sets from NIST 800-53. With the TalaTek solution, your subject matter experts are free to measure risks, evaluate implemented measures and/or design mitigation solutions—instead of writing documents that no one has time to read.

Most available risk measurement tools miss the big picture by focusing solely on technical controls. TalaTek’s solutions provide risk measurements for all technical, operational and management controls, under one holistic risk management platform. Controls that cannot be measured using automated scan tools can be evaluated by our subject matter experts for compliance, assigned a risk value and measured as part of the organization’s overall risk calculation.

No substitute.

Considering that about two-thirds of NIST 800-53 controls and associated enhancements do not lend themselves to automated scans, there is no substitute for a team of subject matter experts who can understand your business and help you determine your true risks. The TalaTek solution allows our team to validate these controls to measure and calculate your true overall risk.

Our solution automates the reporting process and we can use your pre-defined templates for system security plans (SSP), POA&M reports, risk assessment tables, etc. You can generate an as needed, up-to-date SSP as our experts continuously measure planned controls and update status, attach relevant artifacts and add working notes and comments for your auditors to review. Our customers receive updated POA&M reports at each weekly meeting.

The TalaTek methodology provides senior management with the necessary information to foster better-informed, risk-based decisions. TalaTek clients always have the information they need— to accept the risk, transfer it, avoid it, or mitigate it.

Hosting options.

If your policy requires local hosting at your data center(s), our methodology can meet your needs, we can host and manage the solution at your facilities and easily meet your requirements. We also offer hosted services through BlackMesh, a trusted partner. BlackMesh’s managed technology solutions offer a full suite of security services designed to keep your data locked down tighter than Fort Knox. BlackMesh’s offerings, combined with our services, complete our recommended SAAS model. Additionally, BlackMesh’s energy-efficient standards offer substantial energy savings over local hosting, providing a green solution while optimizing the protection of your vital data.

TalaTek services are available via our GSA schedule. TalaTek’s methodology supports the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX) and other compliance standards and regulations.