Compliance Banner opacity.jpg

Information Security Compliance Assessments

Our Information Security Compliance Assessment provides you with a comprehensive report of your company’s current security posture through a thorough evaluation of the organizations technical, management and administrative controls.  Stratus Cyber conducts an in-depth review of information technology general controls through on-site interviews with key stakeholders, physical walk-throughs and data/artifact collection to provide you with a concise yet comprehensive look into your organization’s information security program.

Our security experts are equipped with a broad understanding and experience with security frameworks, standards and disciplines that you can count on.  We specialize in the assessing against the following:

  • Federal Information Security Management Act (FISMA)
    All federal agencies and contractors are required by law to comply with the Federal Information Security Management Act of 2002: updated in 2014
  • Payment Card Industry Data Security Standard (PCI DSS)
    A proprietary standard created by credit card companies for organizations that handle major credit cards including Visa, MasterCard, American Express, Discover, and JCB
  • NIST 800 Series Special Publications
    NIST uses the Special Publication subseries to publish computer/cyber/information security and guidelines. Several Popular ones include:
    • NIST 800 53
    • NIST 800 171
  • Risk Management Framework (RMF)
    The RMF is the unified information security framework for the entire federal government that replaced the legacy Certification and Accreditation (C&A) processes within federal government departments and agencies, the Department of Defense (DOD) and the Intelligence Community (IC).
  • Federal Risk and Authorization Management Program (FedRAMP)
    The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.