1
WGU D486 PERFORMANCE ASSESSMENT LATEST 2024/2025 WITH COMPLETE
SOLUTION
Field Medical Center Information Assurance
College of Information Technology, Western Governors University
, 2
FMC is a federally funded organization, which means the company must meet
requirements and regulations as set forth by government organizations established for the
protection of information security. Pruhart Security Consulting (PSC), a third-party consulting
firm, was hired to conduct a security audit and assessment of the Field Medical Center (FMC).
PSC provided a Security Assessment Report (SAR) identifying gaps in the FMC security
framework. The following document is in response to the SAR provided by PSC and provides
the remediation plan forward for FMC.
A. Security Framework Gaps
As a federally funded company, FMC must adhere to standards laid out by the Federal
Information Security Modernization Act (FISMA), the National Institute of Standards and
Technology (NIST), and Federal Information Processing Standards (FIPS). With the addition of
handling doctors’ qualification documents and customer card processing, FMC must also comply
with the Privacy Act and PCI Security Standards Council. These standards are used to formulate
the basis of the entire FMC security information program.
FMC security framework gaps begin with company documentation and policy. FMC
requires an updated comprehensive System Security Plan (SSP) to establish baseline security
policy for the entire security information program that is aligned with FISMA, NIST, and
company standards. The security controls and policies set forth in the SSP must further identify
access control, zero trust, and security policy and procedures. Policies and plans written in
cooperation with management should identify policy to shape subsequent documents such as the
Information Security Plan, Incident Response Plan, and Business Continuity Plan. One update to
WGU D486 PERFORMANCE ASSESSMENT LATEST 2024/2025 WITH COMPLETE
SOLUTION
Field Medical Center Information Assurance
College of Information Technology, Western Governors University
, 2
FMC is a federally funded organization, which means the company must meet
requirements and regulations as set forth by government organizations established for the
protection of information security. Pruhart Security Consulting (PSC), a third-party consulting
firm, was hired to conduct a security audit and assessment of the Field Medical Center (FMC).
PSC provided a Security Assessment Report (SAR) identifying gaps in the FMC security
framework. The following document is in response to the SAR provided by PSC and provides
the remediation plan forward for FMC.
A. Security Framework Gaps
As a federally funded company, FMC must adhere to standards laid out by the Federal
Information Security Modernization Act (FISMA), the National Institute of Standards and
Technology (NIST), and Federal Information Processing Standards (FIPS). With the addition of
handling doctors’ qualification documents and customer card processing, FMC must also comply
with the Privacy Act and PCI Security Standards Council. These standards are used to formulate
the basis of the entire FMC security information program.
FMC security framework gaps begin with company documentation and policy. FMC
requires an updated comprehensive System Security Plan (SSP) to establish baseline security
policy for the entire security information program that is aligned with FISMA, NIST, and
company standards. The security controls and policies set forth in the SSP must further identify
access control, zero trust, and security policy and procedures. Policies and plans written in
cooperation with management should identify policy to shape subsequent documents such as the
Information Security Plan, Incident Response Plan, and Business Continuity Plan. One update to
