-
DFARS – Defense Federal Acquisition Regulation Supplement
All contractors working for DoD, even subcontractors must comply with DFARS 252.204.7012. This clause is in direct response to data breaches and cybersecurity threats and will be part of DoD contractor responsibility going forward. Each DoD contractor must meet technical and procedural controls spelled out by the National Institute of Standards and Technology (NIST) in Special Publication (SP) 800-171.
-
CMMC – Cybersecurity Maturity Model Certification
In 2020, all contractors working for the DoD, even subcontractors must pass a CMMC Audit to ensure appropriate levels of cybersecurity controls and processes are adequate and in place to protect controlled unclassified information (CUI) on DoD contractor systems. We help DoD contractors prepare for their CMMC audit.
-
NIST 800-171 – Cybersecurity Framework
Used as the security control framework for DFARS and CMMC, NIST 800-171 is a set of cybersecurity controls designed by the National Institute of Standards and Technology. We help companies navigate the complexities of this framework and efficiently implement the controls into their IT systems.
-
FISMA – Federal Information Security Management Act
FISMA was introduced to reduce risks involving federal information and data while also managing federal spending on information security programs and procedures. The importance of FISMA is summarized as a means to protect sensitive information in a timely and costly manner. To be FISMA compliant, companies must follow a FISMA Certification Process that begins with meeting the guidelines set in place by NIST. Adherence to these guidelines is crucial for FISMA compliance.
-
SOX – Sarbanes-Oxley Act
The Sarbanes-Oxley Act came into force in July 2002 and introduced major changes to the regulation of corporate governance and financial practice. It is named after Senator Paul Sarbanes and Representative Michael Oxley, who were its main architects, and it set a number of non-negotiable deadlines for compliance.
-
NIST 800-53 – Cybersecurity Framework
This framework provides security controls for securing federal information systems. We help organizations navigate the complexities of this framework and efficiently implement the controls into their IT systems.
-
PCI – Payment Card Industry Data Security Standard
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.
-
SOC2 – Service Organization Control 2
These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems.