Optiv + Altarum = Expertise, Efficiency and Professional



The Situation – improve security posture beyond minimum NIST & CMMI requirements


Altarum, a non-profit health systems research and consulting organization, needed to conduct an annual security risk assessment. As part of their client-centered business model, their policy requires an external vendor to evaluate their corporate network, related infrastructure systems, established policies and documentation – all to ensure compliance to the highest degree.


Evaluation criteria consisted of reviewing standards, guidelines and existing best practices for managing cybersecurity related risks. Altarum’s security team needed to ensure an assessment engagement was seamless, cost-effective and that the overall outcome would improve their security posture beyond minimum requirements of National Institute of Standards and Technology (NIST) and the Capability Maturity Model Integration (CMMI). After evaluating several proposals, Altarum chose Optiv Security to provide the best overall solution and expertise to conduct the assessment and address any gaps.


The Solution – best practices & automated controls


Actively joining our airline client’s agile process, we worked in two-week sprints to evolve their cloud security program and overall cloud journey. Working closely with the client, we consolidated their logging architecture to ingest AWS logs into QRadar. For identity access management (IAM), we kept the collaboration going to implement permissions boundaries and review secure copy protocol (SCP) and IAM policies for least privilege.


Next came providing best practices for perimeter security, specifically how to best handle ingress and egress into and from the AWS environment. After reviewing their control framework for completeness and deduplication, we proposed automated controls and remediation and mapped the client’s controls back to CIS and NIST frameworks. 

Optiv brought the expertise, efficiency and professionalism you would expect to see from a global security services firm. Our engagement was smooth, cost-effective and the overall assessment went very well. Altarum was impressed with the thoroughness and professionalism of the Optiv team during this entire engagement.


 – Steven J. Towell, CISSP, CCSP, Corporate Director, Information Security and Technology

Industry Served: Healthcare

Our Starting Point

  • Prove Optiv is the right partner to trust with analyzing the current state of security
  • Conduct an annual security assessment
  • Maintain 100% NIST compliance year after year
  • Identify and address existing security program gaps

Accelerating Forward

  • A comprehensive assessment of existing infrastructure systems, established policies and documentation utilizing NIST guidelines
  • In-depth review of extensive documentation to ensure compliance
  • Analysis of pre-determined areas to identify opportunities to advance security beyond baseline compliance requirements

Client Outcomes

  • Verification of NIST compliance
  • Confidence in the partnership, thoroughness and professionalism of the entire engagement
  • Validation for current and potential clients that Altarum has the infrastructure and controls in place to secure their entrusted data
  • Met the highest level of maturity based on the CMMI
  • Identified potential opportunities for further controls

How can we help you secure greatness?


Optiv can advise on, deploy and operate end-to-end cybersecurity programs aligned to your business goals. As the cyber advisory and solutions leader, we serve nearly 6,000 companies across every major industry. Our certified experts can help you gain the agility, security, scale and control you need to stay ahead of the competition.