Governance, Risk, and Compliance

 

Our governance, risk, and compliance (GRC) services are part of our professional services team which includes risk assessments, penetration testing, vulnerability analysis, and so on.   This services typically address some sort of compliance standard or certification.   We use industry standard tool sets and the Risk Management Framework (RMF) to aid in the accomplishment of these tasks.

We support a wide range of compliance standards and regulations for both federal and commercial entities.  

  • HIPAA
  • HITRUST
  • PCI
  • NIST 800-53
  • DFARS and NIST 800-171
  • CAP
  • FedRAMP
  • NERC/CIP
  • ISO 27001/2
  • GDPR
  • VA Handbook 6500
  • DHS 4300A
  • SOC 1 Type 2/SOC 2 Type 2
  • DoD IL4/5/6 ICD 503
  • CNSS1 1253
  • IRS Publication 1075