In the categories listed below, you will find the most common cybersecurity and privacy compliance requirements that our clients face. Each of these cybersecurity-specific statutory, regulatory and contractual requirements has one or more ComplianceForge product available to help you become and stay compliant with these obligations.
Please keep in mind that very often, companies have to comply with more than just one requirement, so if you have any questions, please contact us for clarification, since we want to ensure you select the right products for your needs.
ComplianceForge currently offers several products that are designed to assist companies with NIST 800-171, which is required by Defense Federal Acquisition Regulation Supplement (DFARS):
The NCC product is considered a "consultant in a box" product to provide consultant-level guidance on how to comply with NIST 800-171. The WISP and DSP are program-level policies and standards that will provide you with evidence you need to demonstrate compliance.
There are many ways to comply with the cybersecurity requirements of the US government's Federal Acquisition Regulation (FAR). When you look at choosing ISO or NIST from the viewpoint of complying with FAR, there are considerations that need to be accounted for since FAR has different requirements from Defense Federal Acquisition Regulation Supplement (DFARS) and for some companies, they need to comply with both.
If you only need to address FAR 52.204-21, it is possible to comply with either ISO 27002 or NIST 800-53.
However, if you need to address DFARS 252.204-7012, then ISO 27002 is insufficient and you need to align with NIST 800-53.
ComplianceForge currently offers several products that are designed to assist companies with the European Union General Data Protection Regulation (EU GDPR):
The EU GDPR can be addressed by aligning cybersecurity practices with either ISO 27002 or NIST 800-53. However, those frameworks alone will not sufficiently demonstrate evidence of due care or due diligence with building both cybersecurity and privacy principles "by default" into processes, applications or projects that could impact personal information of EU residents. This is where the Security & Privacy By Design (SPBD) product helps organizations operationalize security and privacy principles.
ComplianceForge currently offers several products that are designed to assist companies with PCI DSS compliance: