National Institute for Standards and Technology(NIST)
The Federal Information Security Management Act of 2002 (FISMA) was one of the first to require federal agencies to develop, document, and implement an agency-wide information security program. The framework of the program is further defined by the National Institute for Standards and Technology(NIST) standards and guidelines, Federal Information Processing Standards (FIPS) publications, and NISP Special Publications 800-series.
The framework is comprised of many individual parts – all which can be facilitated, implemented, or achieved by leveraging service offerings of Maxxsure.
- Categorize data and information systems according to risk level
- Inventory all systems and assets within an enclave
- Implement security controls
- Perform risk assessments/penetration testing
- Design and implement a System Security Plan
- Implement continuous monitoring and annual security reviews
Maxxsure has hands-on experience and expertise in all of these areas outlined above – especially within the Defense Department. Contact us for more information about how we can help you attain, manage, and sustain FISMA compliance.
Health Information Portability and Accountability Act (HIPAA)
The Health Information Portability and Accountability Act was established by Congress in 1996. Security Standards were issued as part of HIPAA in April of 2003 and established requirements to safeguard Protected Health Information (PHI) – both paper and electronic. The requirements specifically addressed administrative, physical, and technical safeguards meant to ensure that patient health records and personally identifiable information remain as secure as possible. HIPAA also established notification requirements in the event of a data security breach – a PR nightmare for any hospital, insurance provider, or federal organization.
Let Prolific Solutions help you ensure your HIPAA compliance and avoid notification requirements altogether. We can review your program, recommend changes, help you implement processes and procedures, and make sure you meet the letter of the Law with regards to HIPAA compliance.
Sarbanes Oxley Act (SOX)
The Sarbanes-Oxley Act of 2002, commonly referred to as SOX, was enacted on July 30, 2002. As a result, management of public companies are required to establish and maintain adequate internal controls over financial reporting and assess the effectiveness of such controls. Additionally, external auditors of these companies issue an opinion on whether effective internal controls over financial reporting was maintained in all material respects, in addition to their opinion on the accuracy of the financial statements.
Implementing, documenting, and testing internal controls is not only costly, but requires a tremendous amount of effort. Utilizing Maxxsure in this endeavor will significantly decrease the resources required to complete testing of both the design and effectiveness of these controls. Additionally, our team of well-trained SOX professionals is equipped to assist with the implementation and/or documentation of internal controls. We can also identify areas where automation could viably replace manual processes currently being used also resulting in cost savings.
Payment Card Industry Data Security Standard (PCI DSS)
In late 2004, the Payment Card Industry Security Standards Council (PCI SSC) established the PCI DSS, for organizations storing processing, or transmitting cardholder data. Over the last few years, the law has had minor revisions, including the Council’s clarification on the regulation, as well speaks to evolving risks within the industry. A copy of the current regulation in its entirety is available
Prolific Solutions understands reputable companies, like yours, want to protect their customers’ data, but many are intimidated by yet another complicated data security standard. Our PCI DSS compliance team was established to assist you with this seemingly daunting task. Our goal is to help you ensure your infrastructure achieves and maintains compliance with PCI DSS. Whether you’ve processed one credit card or billions, we can provide you with the following services as specified and required by the PCI SSC:
- Verify all technical information given by merchant or service provider
- Ensure adherence to the PCI Security Assessment Procedures
- Define the scope of the assessment
- Select systems and system components where sampling is employed
- Evaluate compensating controls
- Penetration testing
- Produce the final report