CommTech Systems is a certified Cybersecurity Maturity Model Certification – Assessment Board (CMMC-AB) Resource Provider Organization (RPO), through 171Comply.
CommTech Systems is a certified Cybersecurity Maturity Model Certification – Assessment Board (CMMC-AB) Resource Provider Organization (RPO), through 171Comply. The CMMC AB process follows the National Institute of Standards and Technology, Special Publication (NIST SP) 800-171; Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.
CommTech also provides support to the Center for Internet Security (CIS) controls framework, the International Society for Automation / International Electrotechnical Commission (ISA/IEC) standard 62443, and the National Institute of Standards and Technology, Special Publication (NIST SP) 800-82 Guide to Industrial Control Systems (ICS) Cybersecurity.
Common in all these standards is the requirement for a Systems Security Plan. The second point is that Securing Industrial Control Systems (ICS), Precision Agricultural (PI), and Supervisory Control and Data Acquisition (SCADA) systems is a program management effort. To be successful, it is a process that must be institutionalized and be part of the organizational culture.
CommTech Systems, through 171Comply, the division focused on cybersecurity, provides system security policy templates and procedures designed to secure information management systems and provide for resilience. What is common in all of these standards is the requirement for an all-hazards approach to system risk and the need for a process that encompasses strategies for risk identification, training, monitoring, system testing, and a feedback process focused on system security improvement.
In addition to the ISA/IEC and NIST standards, there are also a host of industry-specific standards some of these are listed below:
- American Chemistry Council’s, Chemical Information Technology (ChemITC)™; Chemical Sector Cyber Security Program, Guidance for Addressing Cyber Security in the Chemical Industry Version 3.0
- American Petroleum Institute; API Standard 1164 – SCADA Security
- American Water Works Association (AWWA)
- Security Practices for Operations and Maintenance, ANSI/AWWA G430-09
- The standard for Risk and Resilience Management of Water and Wastewater Systems, J100 RAMCAP®
- National Association of Regulatory Utility Commissioner (NARUC), Cybersecurity for State Regulators
- North American Electric Reliability Council (NERC); NERC CIP-002 to CIP-009
- US Department of Energy, Electricity Subsector Cybersecurity, DOE/OE-003
What we do
We provide the system security plan templates, worksheets, and policies that build, establish, and assist in maintaining cybersecurity institutionalization. We take a project management approach to establishing cybersecurity programs. The CommTech Systems staff consists of professionals who have worked in both the Department of Defense (DoD) and the Department of Homeland Security (DHS). We have experience developing plans that protect critical infrastructure as part of the national Critical Infrastructure Protection (CIP) effort as directed by the DHS. Our staff has certified professional project managers by the PMI and meets the CMMC RPO requirements.
Our customers include the US Navy SPAWAR (Space and Naval Warfare Command), Pacific, and DHS (Department of Homeland Security).