The CMMC is a formal requirement of Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7021 applying to those DoD contractors who process, store, or transmit Controlled Unclassified Information (CUI). SCA will ensure you're ready to apply for this certification through out 3 tier System Security Plan, which includes an annual review and maintenance of your existing or new security plan.
The HITRUST CSF® is a security, privacy, risk management and regulatory compliance framework comprised of nationally and internationally accepted standards including ISO, NIST, COBIT, PCI, HIPAA and more to ensure a comprehensive set of baseline security and privacy controls. Originally developed for the healthcare industry, the HITRUST CSF now offers over 30 authoritative sources comprised of the frameworks mentioned above plus state, Federal and foreign regulations.
The New York Department of Financial Services 23 NYCRR 500 became the first state-backed cybersecurity regulation in 2017. Financial services companies who are domiciled, or do business, in the state of New York are subject to the requirements of 23 NYCRR 500. In May 2018, South Carolina took a similar step by enacting the South Carolina Insurance Data Security Act. SCA sees this trend continuing and can help your organization meet the cybersecurity regulatory requirements for your respective state.
Existing information and cyber security frameworks provide a measurable, repeatable and defensible process for implementing and managing a security process or program. The NIST Cybersecurity Framework (CSF) is a widely adopted framework used by both private and public organizations. The ISO 2700 series is a globally recognized family of standards for keeping information assets secure. In this series, ISO 27001 is the best known and provides requirements for an Information Security Management System. Whether your benchmark is NIST, ISO or another set of standards, SCA can provide an assessment to move you closer to your desired target state.