The TalaTek Difference

The core of our services model is the TalaTek Compliance Management Solution (CMS), a powerful, easy-to-use web application.

Security As A Service.

The TalaTek Security As A Service (SAAS) model enables our security consultants to focus on managing customers’ risk while accurately tracking and monitoring the hundreds of information system security controls. Our SAAS model allows us to monitor your compliance and manage your risk, using automated workflows, role-based assignments and a reporting engine with ready-to-use pre-defined template reports for all agency-required deliverables. Including, system security plans, privacy impact assessments and plans of actions and milestones (POA&Ms).

This model is invaluable for agencies transitioning to the use of NIST 800-53 Rev 3, since our services automatically map the NIST controls to the system’s assets based on FIPS 199/200 categorization of the system.

The core of our services model is the TalaTek Compliance Management Solution (CMS). CMS is a powerful, easy-to-use web application. The TalaTek FISMA CMS enables our SAAS model, which allows agencies to manage risk effectively and implement a mature security program using compliance as a means to an end: the ongoing management of risk.

As stated in the Presidential directive M-10-15, agencies are encouraged to seek out and utilize private sector, market-driven solutions resulting in cost savings and performance improvements—provided agency information is protected to the degree required by FISMA, FISMA implementing standards, and associated guidance. TalaTek’s accredited solution is an implementation of that service with the highest standards and consistently excellent results.

Visibility and control.

TalaTek pioneers efforts to change the way Security Authorization (C&A) is performed in the federal government. We have successfully promoted compliance process integration, changing the process from a stovepipe documentation effort to a holistic enterprise risk management process. TalaTek’s CMS offers a consolidated snapshot of compliance via our risk measurement dashboard.

The TalaTek service solution captures and illustrates risk measurements in the customer’s environment via graphical dashboards and automated reports on risk areas, systems compliance levels, and trends—for a single system or up to hundreds of agency systems. This enables better management and provides control and visibility otherwise lacking.

Understanding the overall effectiveness of the security controls implemented in the information system is essential in determining the risk to the organization’s operations and assets, as well as to individuals and to other organizations.

The TalaTek FISMA CMS solution is ideal for the implementation of effective, continuous monitoring of a system’s compliance. Security consultants have the required information at their fingertips—from agency standards and policies, to procedures and previously gathered artifacts, and applicable NIST controls—all mapped to the system assets and accessed via a Web portal. POA&M updates provide management visibility into the process allowing for better-informed risk management decisions, as well as better understanding of compensating controls’ effectiveness and applicability.

Advantages include the ability to prioritize compliance tasks, and to focus on the most risky areas and highest visibility systems.

TalaTek’s goal, from the beginning, was to make compliance an effective means to the objective of managing security. Our services are designed to change the focus from documentation development to measuring risks across your enterprise or agency, managing tasks and resources effectively, and reporting in a timely manner on your continuous monitoring activities.

Pioneering Change.

TalaTek’s solution offerings were designed to help agencies better manage compliance, adhering to the Federal Information Security Management Act (FISMA) to meet the intent of effectively improving overall security posture. The results are unmistakable.

While the market is rich with security assessment tools that can efficiently scan and measure your external or internal risks, it is important to note that these tools are designed to measure an information system’s technical controls compliance levels. However, for an agency to evaluate overall risks, what’s needed is the ability to measure an environment’s operational and management controls, in addition to the technical controls.

While the plethora of tools on the market can help businesses measure technical risks, they can leave large gaps in the much-needed measurements of the risk related to operational and management controls that do not lend themselves to an automated measure based on canned, preset criteria.

To measure the effectiveness of a policy or the accuracy of a procedure, and to evaluate remediation steps taken and management oversight or commitment to the process (as examples of management or operational controls), you need the expertise of trained, experienced security consultants.

TalaTek’s security consultants will evaluate the impact of a security measure put in place, assess the likelihood of such a risk occurring and present findings to the system owner and business managers. With our services, you’ll be able to continually determine the final risk to your environment, while managing technical, operational and management controls in one, consolidated dashboard.