Information Assurance &

True security means more than checking off compliance boxes.


LMI understands that information assurance (IA) is not a static issue with a one-off technology solution. Nor does compliance with IT security legislation equal true cybersecurity. Rather IA and cybersecurity are elements of a larger ongoing risk management process that touches on people, processes, and technology.

An organization’s security environment is dynamic: new threats constantly emerge and new solutions to meet them continuously developed. LMI helps government organizations monitor, prioritize, and effectively manage their risks to create an acceptable level of security within which it can conduct its operations. For example, for the Centers for Medicaid and Medicare Services, LMI provided IA support for the Medicare Advantage Review Tool (MART). We developed IA documentation for approval to operate in the form of business continuity plans, IT systems inventory, IA principles, risk assessment, and residual risk.

In many ways, cybersecurity is a corporate governance issue—it crosses traditional functional boundaries and requires a strategy and support from the highest levels of leadership. LMI can help government organizations develop effective IA policies and develop plans for driving the policies down through all levels of the organization. We take an enterprise-level perspective, identifying and mitigating security weaknesses, not only in the infrastructure and application layers, but also within business processes and employee practices.

LMI’s IA and cybersecurity capabilities include the following:

  • Certification and accreditation
  • Security plans
  • FFMIA and FSIO audits and assessments
  • Security classification guides
  • OMB 300 support
  • IA program management support
  • Digital signatures.