top of page

Policy and Compliance Assessments and Custom Audits

Policy and Compliance Assessments

​

We conduct industry wide cybersecurity policy and compliance assessments that include but are not limited to federal, financial, healthcare, energy and transportation sectors.

 

Policy and Compliance Assessments and Audits are one of Cyber Helmet's core services and expertise areas. We are highly skilled and knowledgeable in cybersecurity industry frameworks throughout most of the sectors including federal and commercial sectors.

​

We do assessments for the federal government that include NIST 800-53 standards and regulations mandated by FISMA. For financial sector Cyber helmet conducts PCI DSS, GLBA, SOX assessments. For healthcare sector we conduct HIPAA and NIST assessments just to mention a few.

​

We also have expertise in the following:

  • NIST 800-53 revision 4/5 Security and Privacy Controls for Federal Information Systems and Organizations

  • NIST 800-171 (DFARS): Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

  • NIST 800-82 Guide to Industrial Control Systems (ICS) Security

  • NIST 800-61 Computer Security Incident Handling Guide

  • NIST 800-50 Building an Information Technology Security Awareness and Training Program

  • NIST 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

  • NISPOM: National Industrial Security Program Operating Manual

  • FISMA: Federal Information Security Modernization Act

  • HIPAA: Health Insurance Portability and Accountability Act

  • PCI DSS: Payment Card Industry Data Security Standard

  • GLBA: Gramm-Leach-Bliley Act

  • SOX: Sarbanes-Oxley Act

  • GDPR: General Data Protection Regulation

  • APTA: Standards American Public Transportation Association

​

​
Custom Audits

​

We tailor and conduct custom audits that may consist of multiple industry cybersecurity compliance frameworks, as well as create custom frameworks based on client needs and requirements.

​

One of Cyber Helmet's specialties is designing custom methodologies and frameworks to conduct special security audits and reviews. This includes but is not limited to audits using a combination or multiple cybersecurity frameworks with various compliance requirements from multiple sectors and industries (federal, commercial, healthcare, financial, etc).

​

Additionally, Cyber Helmet is at the forefront of conducting audits for new and growing requirements that may not have frameworks, and may be dependent on organizational and client needs like contract and data misuse compliance topics.

​

For custom audits Cyber Helmet develops steps, audit actions, requirements, and methodology based on client requirements.

​

​

bottom of page