Assist Mission

The OhCR Assist Mission works with Ohio municipalities to familiarize and meet the guidelines found in NIST 800-53, Security and Privacy Controls for Information Systems and Organizations. We do this by bringing in a group of our members to audit your processes and procedures to help walk through the controls and identify areas for improvement while getting your organization on the path to data security compliance.

Additionally, we can train our clients on IR Planning, Risk Management, Vulnerability Management, Access Control and Network Configuration, and Maintenance. Our members will work with your team through these processes to help them strengthen your networks.

The OhCR developed industry specific Cybersecurity Framework (CSF) Seminars using a ‘Make and Take’ technique that accomplishes these steps.

Introducing the OhCR NIST CSF Seminars

Incident Response & Tabletop Seminars

A good Incident Response Guide (IRG) is required for cybersecurity compliance as well as many cyber insurance carriers. A best practice is to have an IRG in place and review it annually.

For this session, attendees receive documents needed to gather and prepare information from their own networks prior to the workshop. Your organizational information and these documents will help complete your IRG template.

This “Make and Take” session is designed to assist the organization in developing a workable guide. Then an Incident Response tabletop exercise walks the group through different scenarios while referencing the Incident Response Guide.

Risk Management Tools

In this session, the OhCR team takes your organization through the industry specific Risk Management Plan and make the necessary changes to build your scheme to respond to a cybersecurity threat. Upon verification, the plan is compliant with ID.GV-4, ID.RA-1 to ID.RA-6, ID.RM-1 to ID.RM-3, ID.SC-1 to ID.SC-3 data security controls.

Vulnerability Management Detection & Analysis Seminar

In this session, the OhCR team leads your organization through the Vulnerability Management (VM) plan and expands your understanding of the VM process. We will examine the CISA Cyber Hygiene Program and can collect information within your network. We can review the Windows server and Google Workspace log analysis and threshold settings and look at both open source and VM tools with these reports.

Organizational and Third-Party Access Control and Compliance and Training Seminar

In this session, the OhCR team helps lead your organization in examining the journey to NIST Cybersecurity Compliance and meeting the organization contractual obligations and board policies. Our training focuses on Access Control that protects customer and staff data using processes and decision-making exercises.

Is your organization trying to protect everything but risking critical data? We will help your team to identify the critical data and those who access it and to reduce your attack surface. Together, the OhCR and your organization expands into the cloud space and supply chain to assure that your vendors are also compliant. You will finish the seminar with a robust look at the districtwide cyber security awareness training program.

Network Configuration and Maintenance Control Seminar

In this session, we help you improve your inventory control by identifying critical and non-critical assets. You and your team works with organization leaders to create your data flows to identify all PII, PHI and PFI storage, locally and on the cloud. The OhCR guides you and your team through building system design and maintenance skills to promote data security and efficiency. You will finish the seminar with a plan to sustain your Cybersecurity Framework.

When the organization completes the five ‘Make and Take’ seminars, your team will be ready for the OhCR led NIST Cybersecurity Assessment and Gap Analysis at your organization.

Network Configuration and Maintenance Control Seminar

The Onsite Assessment

After a customer completes all five Cyber Security Seminars, a smaller two-to-four-person team visits to complete the Cybersecurity Assist and Gap Analysis at the organization. With the knowledge from the Make and Take training, your leaders and your IT team should be familiar and functioning within the NIST CSF.

What Reports Are Received After the Cybersecurity Assessment and Gap Analysis

The OhCR uses professional reports to relay the status of the organization throughout the entire process. The reports are as follows.

Cover letter
Cybersecurity Assessment Summary Report
Cybersecurity Assessment Program of Action and Milestone (POAAM) Report
Cybersecurity Assessment NIST Framework Assessment Checklist and Gap Analysis (pdf and xls)
List of Inspected Documents and Evidence
NIST CSF Presentation

These reports are created by the OhCR team and verified before presentation. The presentation begins with restating the mission and covers the organization’s strength. Then utilizing the Identify, Detect, Protect, Respond, and Recover from the NIST Cybersecurity Framework, we address the vulnerabilities to improve

OhCR POAAM

Since 2022, we meet with the organization after the Assist mission to resolve any danger or high-risk vulnerabilities. By having two OhCR members meeting with the client on a regular schedule, they collaborate to strengthen ties and improve understanding.

In short order, all NIST controls are active, and the organization retains a systematic and efficient way to protect their data.

Assist Mission Sustainment

The critical infrastructure organization will appoint an internal cybersecurity auditor to track and assist the organization’s director in sustaining their NIST compliance.

Annually, an OhCR team may conduct a sustainment Cybersecurity Assessment and Gap Analysis inspection upon request.

Resources

The documents below contain more information on each CSF Seminar and some cybersecurity best practices.