All the frameworks you need, built into the Apptega platform and always current
Although SOC 2 certification is not required by any industry regulations, the AICPA strongly recommends that all data-handling service providers comply with SOC 2. Completing a SOC 2 certification on its own is typically not enough to demonstrate that your organization is secure; however, it provides a strong start to building a mature security program and establishing trust in your customer relationships.
The SOC 2 Framework in Apptega supports both Type 1 and Type 2 certifications and includes the five Trust Service Criteria (TSC) - Security, Availability, Processing Integrity, Confidentiality and Privacy.
The Payment Card Industry Data Security Standards (PCI DSS) specify technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The PCI DSS provides a rigorous security framework and best practices for protecting sensitive cardholder data from malicious software and individuals.
The PCI DSS Framework in Apptega supports all four Merchant Levels and includes all 12 requirements comprised of 251 sub-controls.
23 NYCRR 500 is a regulation by the New York State Department of Financial Services that requires financial companies to implement a detailed framework to better protect consumer data privacy. The law is intended to protect consumers and create new cybersecurity regulations to “ensure the safety and soundness of the institution on behalf of their clients.” These apply to all registered organizations providing financial services including insurance companies, banks, and financial services institutions.
The 23 NYCRR 500 Compliance Framework in Apptega, also known as NYDFS Cybersecurity Regulation 500, is comprised of all 16 control areas that make up the complete regulation.
The Office of Compliance Inspections and Examinations (OCIE) conducts the U.S. Securities and Exchange Commission’s (SEC) National Exam Program. Through this program, the SEC publishes and enforces cybersecurity and risk management guidelines that publicly traded companies must follow.
The SEC Framework in Apptega provides 6 control areas that enable publicly traded companies to ensure alignment with cybersecurity and risk guidelines enforced by OCIE.
CMMC 2.0 creates compliance and certification standards and a network of C3PAOs (Certified 3rd Party Audit Organizations) in a coordinated effort to protect Controlled Unclassified Information (CUI) throughout the U.S. Manufacturing and Defense Industrial Base and Supply Chain. When fully implemented, all contractors and subcontractors at all levels in this supply chain must be certified to the CMMC standard to bid on or renew Department of Defense contracts.
The CMMC Certification Framework in Apptega supports all 17 domains.
NIST 800-171 is a requirement for non-federal organizations that process, store, or transmit Controlled Unclassified Information (CUI). DFARS (Defense Federal Acquisition Regulation Supplement) regulates the minimum standards for security protocols and policy relating to sensitive information. NIST 800-171 compliance is self-reported and in the process of being replaced by CMMC.
The NIST 800-171 Framework in Apptega supports all 14 primary control areas defined in the NIST 800-171 and all of the sub-controls within the 14 controls.
NIST 800-53 is a set of guidelines and requirements that government institutions are required to follow. Non-federal organizations only need to comply in situations where they are operating federal systems. NIST 800-53 helps meet requirements set by FISMA and promotes risk management programs to keep information safe and secure.
The NIST 800-53 Framework in Apptega supports all 18 primary controls throughout the three tiers (organizational risks, business process risks and information risks) that comprise NIST 800-53.
FedRAMP establishes a standardized approach for companies that handle federal government data in the cloud. Applicable to both cloud service providers and SaaS solution vendors, FedRAMP streamlines cloud security approaches into standardized security measures organizations can implement and measure with a common baseline.
The FedRAMP Authorization Framework in Apptega supports all 17 core domains and 325 controls for Moderate impact level.
The California Consumer Privacy Act (CCPA) grants California residents new rights regarding their personal information and imposes various data protection duties on certain entities conducting business in California. The CCPA affects any business that collects or stores data about California residents and will likely set a precedent for nationwide privacy protection in the United States.
The CCPA Framework in Apptega includes controls that span the three main areas of the law - individual rights, data security, and service providers – and each of the nine sections of the law.
The General Data Protection Regulation (GDPR) was created by the European Union to regulate how organizations manage and protect personal data. GDPR includes 11 Chapters and 99 Articles about the rights of individuals and the obligations of businesses. While GDPR is required by every organization that operates within the European Union, it is also required to be followed by any organization that offers goods and services in the EU.
The GDPR Framework in Apptega provides controls covering the first five chapters of the regulation – General Provisions, Principles, Rights of the Data Subject, Controller and Processor, and Transfers of Personal Data to Third Countries or International Organizations.
The Health Insurance Portability and Accountability Act (HIPAA) is legislation which provides security provisions and data privacy, in order to keep patients’ medical information, referred to as protected health information (PHI), safe. The act provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs, reduces health care fraud and abuse, mandates industry-wide standards for health care information on electronic billing and other processes, and requires the protection and confidential handling of protected health information.
The HIPAA Privacy and Security Frameworks in Apptega cover the Security Rule with 6 controls, the Privacy Rule with 13 controls and the Breach Rule with 3 controls.
ISO 27001 is one of the most widely used security frameworks on a global scale. It is commonly used to create, implement, and/or maintain a strong Information Security Management System (ISMS). ISO 27001 is ideal for any organization looking to develop a structured and well-organized security program with the purpose of protecting organizational information and systems.
The ISO 27001 Framework in Apptega includes the 14 controls that detail best practices for cybersecurity measures (from Annex A).
The NIST Cybersecurity Framework (CSF) is a voluntary cybersecurity framework consisting of standards, guidelines, and best practices to manage cybersecurity-related risk. Because the Framework is voluntary, there are no laws or regulations mandating compliance. However, implementing the framework helps organizations better understand, manage, and reduce cybersecurity risks, as well as assist in determining which activities are most important to assure critical operations and service delivery.
The NIST CSF Framework in Apptega includes 23 control areas that comprise the NIST CSF guideline.
CIS is a general-purpose cybersecurity framework that entails best practices for securing information systems. The framework — which boasts 172 sub-controls across 20 controls — is maintained by the Center for Internet Security (CIS), which is a non-profit organization dedicated to providing up-to-date best practices for cyber security. The CIS Controls and CIS Benchmarks are considered one of the global standards and recognized best practices for securing IT systems and data against the most pervasive attacks.
The CIS Framework in Apptega is comprised of all 20 control areas that make up the complete guideline.
Apptega provides unique support for custom cybersecurity frameworks. Through a clicks-not-code process, you can easily create custom frameworks to support unique needs. Examples include:
All controls and sub-controls utilized in a custom framework are automatically included in your cybersecurity dashboards and reports.
With over 20 major frameworks being used in the industry today, it can be difficult to determine which are most appropriate for your organization. Some may be mandatory and many others offering additional value are considered voluntary.
In this recorded webinar, a panel of cybersecurity experts examines the unique attributes of the leading cybersecurity frameworks and provides recommendations for determining which are best suited to various scenarios.
Start by selecting the industry frameworks you need to follow including CMMC, SOC 2, NIST, PCI DSS, ISO 27001, HIPAA, CCPA, SEC and many others. Instantly design your program from start to finish with just a few clicks. Need your own custom framework or need to manage using multiple frameworks? Apptega’s cybersecurity software delivers that too, in seconds.
Wherever you are in your cybersecurity journey make it simple to chart your course with Apptega.
I see products in the market that promise ‘30-day audits’ but in reality that’s not feasible or very sustainable. Great security and compliance is not a one-time event to check a box. Apptega is a long-term platform and partner that supports my entire business and our strategic goals.
Cybersecurity is an ongoing program, not a one-time project. With dozens of Storage Post retail locations requiring continuous PCI compliance, Apptega organizes our entire program in one place, giving us incredible efficiencies. It's the salesforce.com for cybersecurity.
I find Apptega amazingly easy to use. What I like best is the pre-built framework content covering topics like NIST CSF, CIS, GDPR and CCPA. The reports are extremely valuable for reporting to executive and board stakeholders.
“I would absolutely recommend Apptega for anyone looking to elevate their compliance program from a static source to something that can be used to actively track and manage your compliance.”
Small businesses are not out of the woods when it comes to cyberattacks! Learn why you need strong cybersecurity frameworks and cyber insurance.
Learn More
Learn more about why you should invest in cyber insurance – an often overlooked protection for your business.
Learn More
Learn more about the 4 ways an MSSP can help clients gain executive support for their security and compliance programs and increase governance maturity.
Learn More
