NIST – Governance, Risk Management and Compliance

Cybersecurity framework compliance standards are being rapidly deployed across all business sectors, from small businesses to multinational organizations.  Information and data are key to every small business or large organization across all professions and industries, from services arranging from government contracting to engineering, as well as healthcare and financial services and Securing the information, data or intellectual property can create a technical challenge for an organization to implement and manage a cybersecurity risk management plan.  Some organizations are required to implement and manage one or more of the myriad of compliance standards to conduct business with the government, healthcare, engineering and financial sectors.

 

As an example, Government contractors are now required to comply with DFARS 252.204.7012? The required compliance now includes a company having to develop and implement a full set of baseline security policies. Non-compliance could result in the potential for ethical, legal, administrative, or contractual penalties. If you are a DoD contractor or subcontractor you can be debarred from doing business with the government. Our team of experts can mitigate these risks.

 

Adjuvant Consulting has the expertise to navigate through the complexities of implementing compliance standards which are tailored to the unique business model of an organization.  Adjuvant’s team can implement and manage or guide organization IT personnel with the following compliance standards;

 

  •             NIST 800-171, 800-53 and Cybersecurity Risk Management Framework
  •             HIPAA
  •             GDPR
  •             ISO 27002
  •             SOX
  •             GLBA and FFIEC

 

Adjuvant Consulting applies a GRC methodology to implement and manage compliance standards.  Our team begins with a comprehensive assessment of an organization’s;

 

  •             Organizational Structure
  •             Operating Policies and Procedures
  •             HR Security
  •             Quality Assurance
  •             Information System Security Plan – Security and Access Controls
  •             Cryptography
  •             IS Incident Management – Mitigation and Reporting
  •             Network Systems – Security Appliances, Servers, Computers, IoT, etc.
  •             Cloud Storage and Computing
  •             Physical Security
  •             Support Functions
  •             Employee Awareness Training Program
  •             Interview Management and Employees
  •             Third Party Relationships – Subcontractors, Suppliers and Vendors

 

The results of the assessment are one of several elements used by Adjuvant’s team to write and implement a cybersecurity compliance standard, and then to guide and train the organization’s IT personnel, and institute an employee awareness program.

Switch to our mobile site