Managed Services | GRC (Governance, Risk, and Compliance)

Compliance is not security. Organizations require the input of cybersecurity experts to avoid the pitfalls of over-reliance on audits and compliance as a replacement for proper due diligence and due care in preventing a cyber breach. We at VTS understand the struggle to establish industry standard certifications and meet the requirements of the compliance frameworks (i.e. HIPPA, PCI, ISO) across operations, systems and engineering personnel.

VTS provides compliance validation specialty teams in support of the customer’s specific needs for all regulated industry compliance frameworks, including Federal NIST 800-171 and CMMC compliance requirements. VTS will address Assessment and Authorization (A&A) Actions for the transition of legacy systems, policy analysis and development, and the implementation of new standards and emerging technologies within the client’s operational capabilities to support current and future Federal cybersecurity compliance requirements.

Information Assurance, Policy, Documentation & Training for Highly Regulated Environments

Cybersecurity / Risk Management Framework (CSF/RMF)

FAR & DFAR NIST SP 800-171 Compliance Framework (Commercial)

RMF/NIST SP 800-53, Rev. 4 (Federal Information Systems and Organizations)

NIST SP 800-82, Rev. 2

GDPR (General Data Protection Regulation 2016/679)

Information Assurance and the Risk Management Framework

HIPAA (Health Insurance Portability and Accountability Act)

PCI-DSS (Payment Card Industry Data Security Standard)

SOX (Sarbanes-Oxley) 2002

NERC (North American Electric Reliability Corporation) CIP 007-6 Requirement 2

NERC CSS (Cyber Security Standards)

ISO 27001 & 27002

ISO 15408

ISO 19092-1

ISO-IEC 15944

SAS 70 [Statement on Auditing Standards American Institute of Certified Public Accountants (AICPA)]

FISCAM (FEDERAL INFORMATION SYSTEM CONTROLS AUDIT MANUAL)

1999 Gramm-Leach-Bliley Act

2002 Homeland Security Act, including Federal Information Security Management Act (FISMA)