Trust Frameworks

Elfsec LLC is an approved SAFE-BioPharma Credential Service Providers (CSPs) Assessor. We can support the acceptance of your identity credentials under the SAFE-BioPharma Trust Framework by conducting an independent audit to demonstrate your adherence to Trust Framework requirements. 

We can also support your compliance efforts through a readiness gap assessment and services to remedy any control or process gaps in preparation of your  independent SAFE-BioPharma Trust Framework assessment. 

The six-step Risk Management Framework (RMF) includes security categorization, security control selection, security control implementation, security control assessment, information system authorization, and security control monitoring. The RMF promotes near real-time risk management and ongoing information system authorization. Applying the RMF within enterprises links risk management processes at the information system level to risk management processes at the organization level and establishes lines of responsibility and accountability for security controls.

NIST Special Publication (SP) 800-53, Revision 5 provides a catalog of security and privacy controls for federal information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats including hostile attacks, natural disasters, structural failures, human errors, and privacy risks. The controls address diverse requirements derived from mission and business needs, laws, Executive Orders, directives, regulations, policies, standards, and guidelines. This publication describes how to develop specialized sets of controls, or overlays, tailored for specific types of missions and business functions, technologies, environments of operation, and sector-specific applications. 

Produced by ISACA, a nonprofit, independent association of more than 140,000 governance, security, risk and assurance professionals in 187 countries, COBIT 5 is the leading business framework for the governance and management of enterprise IT. COBIT 5 integrates other major frameworks, standards and resources, including ISACA's Val IT and Risk IT, Information Technology Infrastructure Library (ITIL®), and related standards from the International Organization for Standardization (ISO). 

COBIT helps commercial, not-for-profit, or public-sector enterprises of all sizes:  

• Maintain high-quality information to support business decisions
• Achieve strategic goals through the effective and innovative use of IT
• Achieve operational excellence through reliable, efficient application of technology
• Maintain IT-related risk at an acceptable level
• Optimize the cost of IT services and technology
• Support compliance with relevant laws, regulations, contractual agreements and policies

The Cybersecurity Framework  responds to Presidential Executive Order 13636, “Improving Critical Infrastructure Cybersecurity.” It is a “prioritized, flexible, repeatable, performance-based, and cost-effective approach” to managing cyber security risk. The Framework views cyber security risks as part of an organization’s risk management processes and uses business drivers to guide cyber security activities. It consists of: 

Framework Core - sector-independent activities, outcomes, and references guiding the development of individual organizational Profiles. 

Profiles - sector specific guidance to align cyber security activities with business requirements, risk tolerances, and resources. 

Implementation Tiers - a mechanism to view and understand organizational approaches to managing cyber security risk. 

The Framework also includes a methodology to protect individual privacy and civil liberties as part of comprehensive cyber security programs.

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves an estimated 30-40% of government costs, time and the staff required to conduct redundant agency security assessments. FedRAMP is the result of close collaboration with cybersecurity and cloud experts from the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) Council and its working groups, and private industry groups.