NIST Cybersecurity Framework
Existing information and cybersecurity frameworks provide a measurable, repeatable and defensible process for implementing and managing a security process or program. The NIST Cybersecurity Framework (CSF) is a widely adopted framework used by both private and public organizations. The ISO 2700 series is a globally recognized family of standards for keeping information assets secure. In this series, ISO 27001 is the best known and provides requirements for an Information Security Management System. Whether you're benchmark is NIST, ISO or another set of standards, SCA can provide an assessment to move you closer to your desired target state.
Cybersecurity Maturity Model Certification
The CMMC is a formal requirement of Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7021 applying to those DoD contractors who process, store, or transmit Controlled Unclassified Information (CUI). SCA will ensure you're ready to apply for this certification through out 3 tier System Security Plan, which includes an annual review and maintenance of your existing or new security plan.
HITRUST
The HITRUST CSF® is a security, privacy, risk management and regulatory compliance framework comprised of nationally and internationally accepted standards including ISO, NIST, COBIT, PCI, HIPAA and more to ensure a comprehensive set of baseline security and privacy controls. Originally developed for the healthcare industry, the HITRUST CSF now offers over 30 authoritative sources comprised of the frameworks mentioned above plus state, Federal and foreign regulations.
Federal
Two of the most highly regulated industries are financial services and healthcare. Attackers also favor them because of the huge amounts of sensitive, non-public information they store, process and maintain. Agencies including the FFIEC, FDIC, NCUA, OCC, FINRA, and SEC oversee financial services and the OCR enforces both the HIPAA Privacy and Security Rules for healthcare providers. SCA will help you successfully navigate the information and cyber security requirements for these and other industries with Federal regulations.
State
The New York Department of Financial Services 23 NYCRR 500 became the first state-backed cybersecurity regulation in 2017. Financial services companies who are domiciled, or do business, in the state of New York are subject to the requirements of 23 NYCRR 500. In May 2018, South Carolina took a similar step by enacting the South Carolina Insurance Data Security Act. SCA sees this trend continuing and can help your organization meet the cybersecurity regulatory requirements for your respective state.
Industry
Outside of financial services and healthcare, individual industries are now developing their own cybersecurity guidelines, requirements and best practices to do business. An example is the American Land Title Association (ALTA) who established a series of seven best practices. Another example is the National Association of Insurance Commissioners (NAIC) who adopted the NAIC Insurance Data Security Model Law in late 2017. SCA can help your organization meet your industry’s cybersecurity requirements and demonstrate prudent security measures to instill customer trust and confidence.
Governance
SCA governance services help your organization establish a strategic information security direction and manage your information security program. Documentation is a foundational item needed to define a process or program and how the process or program is executed. SCA specializes in developing Information Security Policy and Procedures, Incident Response Plans, and Disaster Recovery / Business Continuity Plans using applicable regulatory requirements, industry best practices and SCA expertise, specific to your organization and culture.