Government Assessments

FedRAMP, DFARS and NIST 800-53 Assessment

Contact US

Independent Assessment Services to Cloud Providers

Our expertise serving cloud service providers naturally lends itself to understanding compliance requirements of our CSP clients doing business with the government sector. Our unified and agile compliance is a risk-based approach that maps policies, procedures, and controls across multiple regulatory and compliance requirements. This is true of the various compliance requirements such as FedRAMP, DFARS, CJIS, and NIST 800-53. Our services go beyond the mappings and help you navigate the challenges of demonstrating specific compliance requirements of customers in government. Our services support the following:

How It Works

There are various common elements to all government assessment services where BARR can help as our client navigate business with the government whether you are looking for an authority to operate (ATO) or general compliance reporting.

1

Document

• Categorize the system: Document risk impact (Low, Moderate, or High) based upon the FIPS 199 template.
• Select and implement security controls: Assist to select NIST baseline security controls based on the system categorization.
• Create a System Security Plan (SSP): We will assist with creation of the SSP which describes the security authorization boundary, how the implementation addresses each baseline NIST required control, roles and responsibilities, and expected behavior of individuals with system access.
• Other supplemental documentation: Security Policies, Privacy Analysis, e-Authentication Worksheet, User Guide, Rules of Behavior, IT Contingency Plan, Configuration Management Plan, Control Information Summary (CIS), Incident Response Plan, and Privacy Impact Assessment (if applicable).
2

Assess

Concerns about security and compliance reporting with government work drive organizations to seek help with review of their procedures before undergoing the audit. The purpose of a readiness review is to identify control weaknesses that need correction. Deliverables from the readiness assessment include:
• Control gaps and areas of improvement
• Prioritized observations and recommendations for remediation
• Implementation assistance
The advantage of performing a readiness assessment prior to a future examination is to give management an opportunity to address control gaps prior to an inaugural SOC examination.

3

Authorize

As an independent audit firm, BARR can perform security assessments using the required templates needed for submission packages to various government entities or other external stakeholders.

Why BARR for Government Assessments

  • Trusted advisor to some of the fastest growing cloud service providers (IaaS, PaaS, SaaS) in the country
  • Serving the most regulated industries including technology, financial services, healthcare and government
  • Clients range from high-growth startups to Fortune 1000 companies
  • Nearly 100% client retention rate
  • Competitive, fixed rates to accommodate growing enterprises
  • We put you and your business first, providing unparalleled communication and accessibility at all times

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.

Connect With BARR

Recent Blog Posts

CSA STAR—The Newest Addition to BARR’s Suite of Cybersecurity Certifications

| Cloud Computing, Uncategorized | No Comments

BARR Advisory is excited to announce the addition of a new certification to our suite of services—Cloud Security Alliance’s (CSA) Security, Trust, Assurance, and Risk (STAR). As one of the…

BARR Advisory Joins Cloud Security Alliance to Promote Human-First Approach to Cybersecurity

| Cloud Computing, Press Releases, Security | No Comments

BARR Advisory today announced that it has joined the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a…

BARR Advisory’s Founder and President Interviewed by CyberNews

| Cloud Computing, Compliance Updates, News, Security | No Comments

Brad Thies, founder and president of BARR Advisory, was recently interviewed by CyberNews about the importance of cybersecurity and compliance to help businesses navigate the threat landscape. Brad Thies, BARR…

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.

Contact Us for a Free Consultation

We’re here to help you! Speak with a BARR specialist about your security and compliance needs.