All the frameworks you need, built into the Apptega platform and always current
The Apptega platform includes an ever-growing, always-current library of cybersecurity and privacy frameworks. Utilize all of them at no additional cost.
Easily modify frameworks and create new, custom frameworks. Eliminate the overhead and redundancy of aligning your program to multiple cybersecurity frameworks. Use Harmony, Apptega’s intelligent framework mapping program, to automatically crosswalk and consolidate all shared controls, sub-controls, resources, and activities across your frameworks to achieve 50+ percent efficiencies.
All cybersecurity and privacy frameworks in the Apptega platform can be modified with custom controls to support your unique needs. Each framework is also augmented with Tasks Packs that streamline the selection of appropriate tasks for managing each of the controls and sub-controls in the framework.
Although SOC 2 certification is not required by any industry regulations, the AICPA strongly recommends that all data-handling service providers comply with SOC 2. Completing a SOC 2 certification on its own is typically not enough to demonstrate that your organization is secure; however, it provides a strong start to building a mature security program and establishing trust in your customer relationships.
The SOC 2 Framework in Apptega supports both Type 1 and Type 2 certifications and includes the five Trust Service Criteria (TSC) - Security, Availability, Processing Integrity, Confidentiality and Privacy.
The Payment Card Industry Data Security Standards (PCI DSS) specify technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The PCI DSS provides a rigorous security framework and best practices for protecting sensitive cardholder data from malicious software and individuals.
The PCI DSS Framework in Apptega supports all four Merchant Levels and includes all 12 requirements comprised of 251 sub-controls.
23 NYCRR 500 is a regulation by the New York State Department of Financial Services that requires financial companies to implement a detailed framework to better protect consumer data privacy. The law is intended to protect consumers and create new cybersecurity regulations to “ensure the safety and soundness of the institution on behalf of their clients.” These apply to all registered organizations providing financial services including insurance companies, banks, and financial services institutions.
The 23 NYCRR 500 Compliance Framework in Apptega, also known as NYDFS Cybersecurity Regulation 500, is comprised of all 16 control areas that make up the complete regulation.
The Office of Compliance Inspections and Examinations (OCIE) conducts the U.S. Securities and Exchange Commission’s (SEC) National Exam Program. Through this program, the SEC publishes and enforces cybersecurity and risk management guidelines that publicly traded companies must follow.
The SEC Framework in Apptega provides 6 control areas that enable publicly traded companies to ensure alignment with cybersecurity and risk guidelines enforced by OCIE.
CMMC creates compliance and certification standards and a network of C3PAOs (Certified 3rd Party Audit Organizations) in a coordinated effort to protect Controlled Unclassified Information (CUI) throughout the U.S. Manufacturing and Defense Industrial Base and Supply Chain. When fully implemented, all contractors and subcontractors at all levels in this supply chain must be certified to the CMMC standard to bid on or renew Department of Defense contracts.
The CMMC Certification Framework in Apptega supports all 17 domains and the first three of five certification levels.
NIST 800-171 is a requirement for non-federal organizations that process, store, or transmit Controlled Unclassified Information (CUI). DFARS (Defense Federal Acquisition Regulation Supplement) regulates the minimum standards for security protocols and policy relating to sensitive information. NIST 800-171 compliance is self-reported and in the process of being replaced by CMMC.
The NIST 800-171 Framework in Apptega supports all 14 primary control areas defined in the NIST 800-171 and all of the sub-controls within the 14 controls.
NIST 800-53 is a set of guidelines and requirements that government institutions are required to follow. Non-federal organizations only need to comply in situations where they are operating federal systems. NIST 800-53 helps meet requirements set by FISMA and promotes risk management programs to keep information safe and secure.
The NIST 800-53 Framework in Apptega supports all 18 primary controls throughout the three tiers (organizational risks, business process risks and information risks) that comprise NIST 800-53.
The California Consumer Privacy Act (CCPA) grants California residents new rights regarding their personal information and imposes various data protection duties on certain entities conducting business in California. The CCPA affects any business that collects or stores data about California residents and will likely set a precedent for nationwide privacy protection in the United States.
The CCPA Framework in Apptega includes controls that span the three main areas of the law - individual rights, data security, and service providers – and each of the nine sections of the law.
The General Data Protection Regulation (GDPR) was created by the European Union to regulate how organizations manage and protect personal data. GDPR includes 11 Chapters and 99 Articles about the rights of individuals and the obligations of businesses. While GDPR is required by every organization that operates within the European Union, it is also required to be followed by any organization that offers goods and services in the EU.
The GDPR Framework in Apptega provides controls covering the first five chapters of the regulation – General Provisions, Principles, Rights of the Data Subject, Controller and Processor, and Transfers of Personal Data to Third Countries or International Organizations.
The Health Insurance Portability and Accountability Act (HIPAA) is legislation which provides security provisions and data privacy, in order to keep patients’ medical information, referred to as protected health information (PHI), safe. The act provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs, reduces health care fraud and abuse, mandates industry-wide standards for health care information on electronic billing and other processes, and requires the protection and confidential handling of protected health information.
The HIPAA Privacy and Security Frameworks in Apptega cover the Security Rule with 6 controls, the Privacy Rule with 13 controls and the Breach Rule with 3 controls.
ISO 27001 is one of the most widely used security frameworks on a global scale. It is commonly used to create, implement, and/or maintain a strong Information Security Management System (ISMS). ISO 27001 is ideal for any organization looking to develop a structured and well-organized security program with the purpose of protecting organizational information and systems.
The ISO 27001 Framework in Apptega includes the 14 controls that detail best practices for cybersecurity measures (from Annex A).
The NIST Cybersecurity Framework (CSF) is a voluntary cybersecurity framework consisting of standards, guidelines, and best practices to manage cybersecurity-related risk. Because the Framework is voluntary, there are no laws or regulations mandating compliance. However, implementing the framework helps organizations better understand, manage, and reduce cybersecurity risks, as well as assist in determining which activities are most important to assure critical operations and service delivery.
The NIST CSF Framework in Apptega includes 23 control areas that comprise the NIST CSF guideline.
CIS v7 is a general purpose cybersecurity framework that entails best practices for securinginformation systems. The framework — which boasts 172 sub-controls across 20 controls — is maintained by the Center for Internet Security (CIS), which is a non-profit organization dedicated to providing up to date best practices for cyber security. The CIS Controls and CIS Benchmarks are considered one of the global standards and recognized best practices for securing IT systems and data against the most pervasive attacks.
The CIS v7 Framework in Apptega is comprised of all 20 control areas that make up the complete guideline.
Apptega provides unique support for custom cybersecurity frameworks. Through a clicks-not-code process, you can easily create custom frameworks to support unique needs. Examples include:
All controls and sub-controls utilized in a custom framework are automatically included in your cybersecurity dashboards and reports.
With over 20 major frameworks being used in the industry today, it can be difficult to determine which are most appropriate for your organization. Some may be mandatory and many others offering additional value are considered voluntary.
In this recorded webinar, a panel of cybersecurity experts examines the unique attributes of the leading cybersecurity frameworks and provides recommendations for determining which are best suited to various scenarios.
I see products in the market that promise ‘30-day audits’ but in reality that’s not feasible or very sustainable. Great security and compliance is not a one-time event to check a box. Apptega is a long-term platform and partner that supports my entire business and our strategic goals.
Cybersecurity is an ongoing program, not a one-time project. With dozens of Storage Post retail locations requiring continuous PCI compliance, Apptega organizes our entire program in one place, giving us incredible efficiencies. It's the salesforce.com for cybersecurity.
I find Apptega amazingly easy to use. What I like best is the pre-built framework content covering topics like NIST CSF, CIS, GDPR and CCPA. The reports are extremely valuable for reporting to executive and board stakeholders.
“I would absolutely recommend Apptega for anyone looking to elevate their compliance program from a static source to something that can be used to actively track and manage your compliance.”
Gaining C-Suite's support for cybersecurity can be hard. Read this blog to learn how you can gain buy-in for your organization's cybersecurity program.Learn More
Amidst compliance and regulatory pressures, a minimal approach to compliance is tempting. Read this blog to learn why the minimal approach isn't enough.Learn More
Moving from NIST 800-171 to CMMC Level 3? Learn how one contractor completed their preparation ahead of schedule.Learn More