CIS Critical Security Controls Review
The Center for Internet Security (CIS) Critical Security Controls is a collection of best practices that organizations should take to defend against or mitigate known cyber threats. Originally developed by the SANS Institute, then known as the SANS Top 20, the control framework was transferred to the Center for Internet Security (CIS) in 2015. The CIS CSC are subject to change along with attack vectors and the ever-evolving threat landscape. Our CIS CSC controls review is an in-depth evaluation of the implementation of these controls through administrative, operational and technical inspection and testing methods. For each control, there are multiple checks which are either Foundational or Advanced in nature. Corrective advice is offered where gaps may exist.
NIST 800-171 Controls Review
NIST Special Publication 800-171 (a subset of NIST 800-53) is a framework of controls to protect Controlled Unclassified Information (CUI) in non-Federal information systems. NIST 800-171 is a referenced framework for educational institutions satisfying Department of Education requirements, a recommended baseline framework for state and local government entities and the core of DFARS Interim Rule requirements and CMMC certification. Any organization may benefit from adopting these controls as part of a prudent cybersecurity program. Our NIST 800-171 Controls Review is an in-depth evaluation of the implementation of these controls through administrative, operational and technical inspection and testing methods. We validate the existence of controls, observe their use and offer corrective advice where gaps may exist including a Plan of Action and Milestones (POAM).
NIST 800-53 Controls Review
NIST Special Publication 800-53 Rev. 4 provides information security standards and guidelines, including baseline control requirements, for implementation of federal information systems under the Federal Information Systems Management Act of 2002 (FISMA). The controls are customizable and implemented as part of an organization-wide process that manages information security and privacy risk. Our NIST 800-53 Controls Review is an in-depth evaluation of the implementation of these controls through administrative, operational and technical inspection and testing methods. We validate the existence of controls and observe their use, offering corrective advice where gaps may exist.
Reach out to us to schedule a consultation and learn more about our cybersecurity assessment and advisory services. We will help elevate your security and demonstrate your compliance so that your organization can grow and thrive.