SITUATION​

Everforth Apex collaborated with a premier Managed Care Organization in the U.S., known for its leading role in Medicare and Medicaid Services and a reputation for excellence. Faced with compliance challenges following a State cybersecurity audit, the client was mandated to align with industry standards and best practices in their Threat and Vulnerability Management (TVM) Program within a six-month window to maintain their service provision or face significant revenue loss. A critical component of their remediation efforts focused on upgrading their vulnerability management scanning tools to ensure compliance with audit files and CIS Benchmarks, crucial for maintaining system hardening standards.

Our experienced team of TVM engineers assessed the State’s audit report and worked with our client to methodically create a sprint-based approach for enhancing their TVM tools’ capabilities and scanning processes, especially within Tenable.io/sc, Prisma, and Nessus. The project plan prioritized the most critical assets that would help ensure remediation of the finding occurred before the deadline. Our TVM team customized and updated a total of fifty (50) audit security files that were used to scan against our client’s hardened images and CIS benchmarks. The team ensured that our client’s customized security configurations were considered, false positives were removed, and used their established change and configuration management process was leveraged. Our team also created playbooks and hosted multiple training sessions to ensure our client’s internal TVM team was ready and comfortable managing the new processes going forward, resulting in a documented and sustainable TVM benchmark and scanning program.​

RESULT​

By reconciling security with operational agility, our work meaningfully improved the client’s risk posture, enhanced their toolset’s capabilities, and remediated the State’s audit finding, thus allowing them to continue to conduct business delivering managed care for millions of beneficiaries. The Everforth Apex team delivered the following tangible results before the state’s deadline including:​

• Accelerated the timeline to remediate critical risk audit findings before the deadline across a set of complex multi-environment systems​

• Reduced complexity and enabled our client’s confidence in building a well-rounded TVM program​

• Enhanced TVM tool capabilities in Tenable.io/.sc, Nessus, and Prisma Cloud

• ​Worked through a complex business and IT environment with 5 different organizational domains​

• Provided accurate and updated real-time visibility into the TVM program for leadership​

• Built customized playbooks and training that led to a sustainable and well-governed TVM program​

These critical improvements enabled our client to satisfy their audit findings resulting in the ability to continue to provide medical care services, uphold rigorous cybersecurity standards, enhance their TVM program, and transfer knowledge back to the internal team. ​