What is a Framework?
A framework is a set of requirements (or rules) that dictate how, and what, must be done to be compliant with that framework.
Here are a few examples:
1. You must use strong passwords 2. Your data must be encrypted 3. There must be no shared logins 4. Your server room must have a lock on the door
Any medical, practitioner, dentist, insurance company or any other organization that contains, processes, or manages HIPAA
Any organization that holds a government contract, or more commonly a sub-contractor, which the contract requires compliance with…
DFARS 252.204-7012 or NIST 800-171. Those are older frameworks (which is why we don’t assess them) but those contractors have been directed to implement the requirements of the CMMC framework.
Target Market – Small to medium businesses that have government contracts that must comply with CMMC, DFARS or NIST 800-171. Many of these businesses have a half ass approach to NIST 800-171 or are simply lying. At some point in time, CMMC will be doing external audits (not to be confused with our assessments). Our assessments will provide a report that shows how ready they are for the upcoming external audit.
Special Note – Our Assessments are not the third-party audit; they are tools that show whether a company will pass the audit.
Any company that collects personal data (PII) AND has at least one client in the EU. GDPR governs the storage and use of personal data …
Any company that does not operate under one of the defined frameworks in this document but is concerned about active cyber security…
threats or their security posture.
Target Market – Any company whose CEO is aware and/or concerned about his/her company’s cyber security posture and would like to know how vulnerable they are to attack and/or want a risk assessment. We are not looking to actively market “any” company as that tends to be a waste of time. We need to market to companies with a “hook” or message that grabs the attention of someone who is concerned about cyber security.
.
Any company that collects personal data (PII) AND has at least one client in the EU. GDPR governs the storage and use of personal data …