Enhanced IT Security for the Commodity Futures Trading Commission

When the Commodity Futures Trading Commission (CFTC) sought to enhance its IT security practices, it turned to SOSi. Our team worked closely with the CFTC to plan and integrate new real-time monitoring capabilities into its mission systems. The changes were part of a larger effort to help the agency adopt and comply with the National Institute of Standards and Technology (NIST) Risk Management Framework and Continuous Diagnostics and Mitigation (CDM) policies championed by the Department of Homeland Security (DHS).

To meet NIST and CDM standards, we supported the CFTC in auditing its network design and performing risk and vulnerability assessments to enhance security. We initiated a new control accounting system to ensure that all revisions to CFTC systems were introduced in a coordinated manner and coordinated the release of all software updates across the IT environment. Our experts also worked with the agency to update its system documentation files to demonstrate compliance with NIST required policies, plans, processes, procedures, and architecture diagrams.

SOSi systematically improved CFTC’s IT security program, which now complies with the stringent standards and guidelines set by NIST. We achieved this by integrating new change control procedures, performing security impact analysis, and deploying updates to critical software systems.

We also assisted the CFTC to inventory its IT assets, develop approved software and hardware lists, and we established new baseline standards that have improved the security of all agency servers and desktops.