Capstone provides compliance development and assessment services for FISMA, PCI, HIPAA, FERPA, SOX, and GLBA to ensure an organization’s efforts are both meaningful and effective.
Regulatory compliance is often the primary driving factor behind many of an organization’s security initiatives. State and federal laws as well as industry requirements are leveraging fines and penalties in an effort to move companies in the right direction when it comes to protecting sensitive information. Constantly evolving legislation and ambiguous language introduces a considerable challenge for responsible organizations seeking compliance. Capstone provides compliance development and assessment services to ensure an organization’s efforts are both meaningful and effective. Offerings are targeted for FISMA, PCI, HIPAA, FERPA, SOX, and GLBA.
Federal Information Security Management (FISMA) Compliance
Capstone Security offers a full breadth of services to help federal agencies and their affiliates in their FISMA compliance efforts. As one of the leading providers of security services, we have strong experience partnering with federal agencies and we can help you improve your security controls in accordance with NIST guidance and FIPS requirements.
Security and Risk Consulting
Delivered by top-quality consultants with deep security and compliance expertise, Capstone Security Consulting practice provides expert guidance and support for your FISMA compliance efforts. Leveraging strong experience with the NIST SP 800 Series as well as other standards such as ISO, COBIT, PCI DSS, etc., Capstone Security consultants can help improve your security posture and compliance with NIST SP 800, FIPS 199 and FIPS 200. Services include:
- Compliance Assessment and GAP Analysis
- Technical Control and Architecture Review
- Penetration Testing
- Risk Assessment
- Incident Handling and Response
- Forensic Investigation
- Risk Management Program Development
- Policy and Procedure Development
- Web Application Assessment
- Security Awareness Training
The payment card industry (PCI) is comprised of credit card companies such as Visa, MasterCard, and Discovery who banded together to create industry requirements with the goal of reducing theft and fraud of payment card information. Capstone can assist retailers and merchants comply with certain requirements within the PCI DSS.
The Family Educational Rights and Privacy Act (FERPA) was enacted in August of 1974 to protect student education records and pertains to any school, either K-12 or higher education, public, or private, that receives funds under any program from the U.S. Department of Education. Most public and private U.S. schools fall under FERPA and IT staff who work for these institutions must understand FERPA’s provisions to ensure compliance.
The Gramm-Leach Bliley Act (GLBA) gives the authority to eight federal agencies to administer and enforce the Financial Privacy Rule and the Safeguards Rule. While the Financial Privacy Rule governs the collection and disclosure of personal financial information, the Safeguards Rule requires financial institutions that receive information from customers and other financial institutions to implement and maintain safeguards to protect customer information.
The Health Insurance Portability & Accountability Act (HIPAA) demands much attention, resources, and money from the covered organizations to remedy their existing and planned systems and processes where protected health information (PHI) is involved. While security and privacy are linked intrinsically, it is the application of the appropriate security controls that actually helps to mitigate the risks associated with the identified threats to stored or transmitted PHI data.
The Sarbanes-Oxley (SOX) Act of 2002 is a United States federal law passed in response to a number of major corporate and accounting scandals including those affecting Enron, Tyco International, and WorldCom (now MCI). These scandals resulted in a decline of public trust in accounting and reporting practices. The Act also covers issues such as auditor independence, corporate governance and enhanced financial disclosure.