DataLock Consulting Group has been tasked to perform SA&A activities for USPTO information systems to ensure compliance with Department of Commerce (DOC), National Institute of Standards and Technology (NIST), and USPTO security requirements.
- Interview key personnel responsible for the security of the information system.
- Examine evidence to ensure compliance with NIST 800-53 Rev. 4 and all requirements set by USPTO in their IT Security Handbook.
- Perform and analyze vulnerability and compliance scans to ensure that the appropriate baselines are implemented and that no vulnerabilities are found.
- Perform a Risk Assessment (RA) on all vulnerabilities found and create a
- Plan of Actions and Milestones (POA&M) report to ensure that all vulnerabilities are remediated in a timely manner.