A&D Enterprise Security Roadmap
Recognizing that aerospace and defense (A&D) companies are vulnerable to attacks by hackers and state-sponsored groups, the U.S. federal government has placed a deadline of January 17, 2017 for A&D industry compliance with sweeping regulations aimed at safeguarding Controlled Unclassified Information (CUI).
These regulations, which could result in non-compliant A&D contractors being blocked from competing for government contracts, come at a time when IT organizations are implementing next-gen infrastructure and data analytics programs and expanding integration with partners and suppliers.Cloud-based applications and mobile devices are already part of the increasingly globalized workplace, as A&D companies move toward a more agile IT as a Service model.
Learn how CSC's A&D Security Roadmap can help ensure compliance in this rapidly changing environment.
Under the new regulations, A&D companies must report a breach or intrusion within 72 hours. In addition, the National Institute of Standards and Technology (NIST) will require A&D firms to demonstrate compliance by 2017 in a wide range of areas, including:
- Access control, identification and authentication
- System and information security
- Audit and accountability
- Configuration management and media protection
- Incident response
- Personnel security and physical protection
- Risk and security assessments
Comprehensive Enterprise Security Roadmap
To prepare for this new environment, A&D firms must take an enterprise-wide approach to cybersecurity, extending to partners and suppliers. CSC’s deep industry knowledge, security specialists and end-to-end solutions for traditional and next-gen technologies can help you as you adapt to evolving threats and to fast-changing business requirements and regulatory mandates.
CSC’s Enterprise Security Roadmap is a set of repeatable processes, tools and services that provide a foundational approach to evaluating cybersecurity programs and planning and implementing future enhancements.
This security framework is built on recognized standard platforms to support multiple compliance programs, including ISO 27001/27002, NIST, DFARS, COBIT, ITIL and HIPAA. Going beyond typical third-party FedRAMP audits, the CSC security framework enables your organization to employ what-if scenarios for new technologies and processes aimed at accelerating design and production, using data more effectively and lowering IT costs. Examples include:
- Securing design and engineering environments to mitigate against risks from advanced persistent threats
- Consolidating regional facilities and reducing the number of bare metal desktops with vulnerabilities
- Increasing productivity and collaboration among designers, engineers, partners, joint ventures and suppliers
The Enterprise Security Roadmap involves a three-phase approach for evaluating your current security posture, defining your priorities and migrating to your desired future state, along with ongoing monitoring:
- Assessment. CSC helps evaluate your current state throughout the enterprise, measure your security maturity levels against your peers in the A&D industry and identify gaps in your program.
- Future state planning. We help you define your future state, identify remediation projects and assess the complexity and impact of each proposed project. Each project will have a defined set of goals, outcomes and anticipated improvements.
- Migration planning. Our team helps you prioritize improvement projects and rationalize your investments to develop a 3e- to 5-year enterprise security strategy.
- Ongoing monitoring. We help ensure that you are compliant going forward, particularly against new regulations.
This comprehensive framework is a valuable tool for audit preparation, budget planning and ensuring your improvement program stays on track. CSC’s Enterprise Security Roadmap maturity model provides an at-a-glance view of how your enterprise compares to other A&D industry companies’ maturity ranges. It helps you plan key milestones to drive and prioritize projects to establish desired levels of maturity within each domain.
Security Controls Framework
CSC’s Security Controls Framework helps your organization ensure compliance. The tool is used to perform repeatable compliance assessments that over time provide you with a cumulative view of your compliance program. You get a snapshot of your current state as well as any patterns or trends developing throughout the enterprise.
CSC’s team will help you define the scope of applicable regulations or standards and perform a compliance gap assessment for each regulation. CSC reviews your security controls features, ranks them on a six-point scale and sets targets for controls enhancements. CSC then tests your controls and recommends corrective actions.
Thecontrols framework can be implemented as a standalone service to evaluate compliance or as a component of your existing Compliance Assurance Program (CAP), to profile and monitor controls and support audit preparation.
Secure Cloud Deployment
In addition to these specialized cybersecurity services, CSC can help with every step of moving your enterprise to the cloud. We are one of the few companies in the world that can manage private and hybrid cloud transition and deliver IaaS that integrates mainframe, midrange, private and public cloud into an effective whole.
The CSC Agility Platform™ centralizes governance and security across multiple clouds and cloud providers, enabling you to rapidly launch new programs with standardized security controls.
Focused on the A&D Industry
With more than 50 years of experience in aerospace and defense, CSC is a global leader of next-gen IT services and solutions. CSC works closely with the world’s leading government and commercial A&D clients to transform traditional IT environments, manage and analyze data, secure IT environments, and take advantage of mobility and emerging technologies.
CSC has a deep heritage in protecting national security and is now focused on commercial clients and governmental clients beyond the U.S. We’ve invested in providing cybersecurity at global scale through our security operations centers (SOCs) and security specialists located around the world. CSC is technology independent with an extensive partner community, so we can create best-of-breed solutions based on our clients’ needs and preferences.
Contact us to learn how CSC can help you ensure compliance with an Enterprise Roadmap.