Compliance

Compliance For Your Organization

Compliance is a critical component of any security program in an organization. It’s directly impacted by the ever changing and always evolving rules and regulations which makes it quite challenging for organizations to maintain a sound compliance posture.
Regulatory compliance follows a specific and defined set of stringent standards that organization and industries need to follow. For most organizations, these standards must be met and to comply with regulatory laws.
Cyber Forza takes Compliance in all areas very seriously. Addressing the different markets, we find ourselves striving to meet all the regulations, standards, rules and more. If you have any concerns or questions regarding compliance in your market and it’s not listed here, please get in contact with Cyber Forza.

Healthcare

 
Health Insurance Portability and Accountability Act. The best-known standard for cybersecurity compliance for Healthcare.
Payment Card Industry Data Security Standard.  is an information security standard for organizations that handle branded credit cards from the major card schemes.
Federal Health Care. Offers comprehensive primary care medical services to individuals, will review and / or is consistent with current standards of care.
 
Federal Information Security Modernization Act. Is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats.
General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

Financial/Banking

 
Payment Card Industry Data Security Standard.  is an information security standard for organizations that handle branded credit cards from the major card schemes.
Federal Information Security Modernization Act. Is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats.
Sarbanes-Oxley Act. Legislation passed by the U.S. Congress which requires internal controls for assuring the accuracy of financial reports and disclosures, and mandates audits on the controls.
 
The Center for Internet Security is a 501 nonprofit organization, formed in October, 2000. Its mission is to "identify, develop, validate, promote, and sustain best practice solutions for cyber defense and build and lead communities to enable an environment of trust in cyberspace".

Government/Defense

 
Federal Information Security Modernization Act. Is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats.
The Center for Internet Security is a 501 nonprofit organization, formed in October, 2000. Its mission is to "identify, develop, validate, promote, and sustain best practice solutions for cyber defense and build and lead communities to enable an environment of trust in cyberspace".
The Center for Defense Information is a nonprofit, nonpartisan organization based in Washington, DC. It specialized in analyzing and advising on military matters. 
 
Defense Federal Acquisition Regulation Supplement. A supplement to the FAR that provides DoD-specific acquisition regulations that DoD government acquisition officials – and those contractors doing business with DoD – must follow in the procurement process for goods and services.
Controlled Unclassified Information refers to unclassified information that is to be protected from public disclosure. The CUI designation replaces "sensitive but unclassified" and other similar control markings. CUI replaces categories such as For Official Use Only, Sensitive But Unclassified and Law Enforcement Sensitive categories.
 
The National Institute of Standards and Technology is a physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.

Education

 
Payment Card Industry Data Security Standard.  is an information security standard for organizations that handle branded credit cards from the major card schemes.
The National Institute of Standards and Technology is a physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.
 
Family Educational Rights and Privacy Act (sometimes called the Buckley Amendment). Passed by Congress in 1974, the act grants four specific rights to the student. These rights begin as soon as the student enrolls or registers with an academic program of the university.

Retail

 
Payment Card Industry Data Security Standard.  is an information security standard for organizations that handle branded credit cards from the major card schemes.
The National Institute of Standards and Technology is a physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.
 
General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

Internet of Things(IoT)

 
Payment Card Industry Data Security Standard.  is an information security standard for organizations that handle branded credit cards from the major card schemes.
The National Institute of Standards and Technology is a physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.
 
 

DataCenter

 
Payment Card Industry Data Security Standard.  is an information security standard for organizations that handle branded credit cards from the major card schemes.
The National Institute of Standards and Technology is a physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.
 
General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

Insurance

 
Payment Card Industry Data Security Standard.  is an information security standard for organizations that handle branded credit cards from the major card schemes.
The National Institute of Standards and Technology is a physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.
 
General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

Utility

 
Payment Card Industry Data Security Standard.  is an information security standard for organizations that handle branded credit cards from the major card schemes.
The National Institute of Standards and Technology is a physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.
 
General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

SmartCity

 
Payment Card Industry Data Security Standard.  is an information security standard for organizations that handle branded credit cards from the major card schemes.
The National Institute of Standards and Technology is a physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness.
 
General Data Protection Regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).