Security governance

---

 Centrix Solution uses proven National Institute of Standards and Technology (NIST)-compliant methodologies for risk and vulnerability management. Our approach starts capturing the flow of existing risk management policies, procedures, and security baselines. Then, we add modular components as needed to support management and decision-making.

Our approach to Cyber Security policy/governance and standards development follows a proven methodology based upon our experience in performing this work across the federal government. At the heart of our multi-step process is the Program and Systems Security Requirement Traceability Matrix (SRTMx). Our work includes performing Assessment and Authorization (A&A) for large complex systems across the federal government, and working with existing systems for ongoing authorization. This process starts with performing an initial gap analysis and evaluating security controls using National Institute of Standards and Technology (NIST) procedures, leveraging our experience with automated testing tools. We perform Continuous Monitoring (CM) for our clients on both strategic and tactical levels.