DataLock Consulting Group has been tasked to perform SA&A activities for Office of the Comptroller of the Currency (OCC) information systems to ensure compliance with Department of Treasury, National Institute of Standards and Technology (NIST), and OCC security requirements. DataLock will be performing the following activities:
- Interview key personnel responsible for the security of the information system.
- Examine evidence to ensure compliance with NIST 800-53 Rev. 4 and all requirements set by OCC in their IT Security Handbook.
- Perform and analyze vulnerability and compliance scans to ensure that the appropriate baselines are implemented and that no vulnerabilities are found.
- Perform a Risk Assessment (RA) on all vulnerabilities found and create a
- Plan of Actions and Milestones (POA&M) report to ensure that all vulnerabilities are remediated in a timely manner.