Idris Basiru

• ● Support NIST Risk Management Framework (RMF) Assessment and Authorization (A&A)-based activities and provide guidance/support for all assigned Security Authorization activities.
• ● Review of security authorization documents to ensure appropriate NIST/FISMA guidelines used during selections of controls are relevant to the Confidentiality, Integrity, and Availability of the information system.
• ● Experience with Federal Risk and Authorization Management Program (FedRAMP).
• ● Experience developing and updating information system security documentations (System Security Plans (SSP), Plans of Action and Milestones (POA&Ms), PTA/PIA, CM, CP, IR, ISA, RAR, SIA etc.
• ● Experience with assessing systems and applications deployed in cloud environments following federal, healthcare industry, and broader cybersecurity community guidelines and best practices.
• ● Prepare required actions and documents relating to A&A of the system throughout its lifecycle, including
• ● Ensure required authorization activities are completed and documented result in agency’s Information
• Assurance Compliance System utilizing Cybersecurity Assessment and Management tool (CSAM).
• ● Review written documentation by client to ensure document adequacy for complete and in-depth assessment of security controls using NIST SP 800-53 as a guide.
• ● Document assessment findings of security control implementation for further necessary actions e.g.,Submissionubmission of tailoring requests, etc.
• ● Present recommendations based on assessment findings in order to advise clients on any assessmenAndli>
• and authorization issues to aid remediation efforts.
• ● Review Information System Security Plan and other A&A documents for all applications to determine Agency’sli>agency’s mandated procedures and tasks are followed.
• ● Ensure assigned systems/components meet the minimum agency A&A standards beforRecommendationcommendation is made to the CISO for Authorization.
• ● Review CRQs, complete Security Impact Analysis (SIA) as part of change management process.
• ● Review relevant FISMA Compliance SOPs on a bi-annual basis and other security documentations as Risk Assessments, Incident Response Plan, Access Control, Identification and Authentication, Audit & Accountability, Configuration Management, etc.

· Drives the end-to-end ATO (Authority to Operate) process for new and existing systems from start to finish working with System Owner, Technical Teams, Infrastructure Teams, SOC Teams, ISSMs, PM and other stakeholders.

· Experienced with developing and updating system categorization levels using FIPS 199/NIST 800-60, selecting the controls using NIST 800-53/FIPS 200, implementing controls and developing SSP and other key deliverable documents.

· Possesses in-depth ability of creating, reviewing, and updating security artifacts and documentation such as SSP, POA&M, CP, CMP, PIA and PTA.

· Assesses system compliance against NIST and DoD security requirements to include the NIST 800-53 controls, ACAS scans, DISA Security Technical Implementation Guides (STIGs), and Security Requirements Guides (S.R.G.s).

• Conduct Security Control Assessments readiness for each system as part of the Security Authorization process.
• Review Security Assessment Report (S.A.R.) post-assessment; create and complete POAM to remediate findings and vulnerabilities.
• Complete the following Security Assessment and Authorization (SA&A) artifacts; FIPS 199, Security Test and Evaluations (ST&Es), Risk Assessments (RA), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, Contingency Plan, Plan of Action, and Milestones (POAMs).
• Conducting regular security audits and assessments to evaluate the effectiveness of security controls and identify areas for improvement.
• Developing, implementing, and enforcing information security policies and procedures to protect the confidentiality, integrity, and availability of organizational information and systems.