In the categories listed below, you will find the most common cybersecurity and privacy compliance requirements that our clients face. Each of these cybersecurity-specific statutory, regulatory and contractual requirements has one or more ComplianceForge product available to help you become and stay compliant with these obligations.
Please keep in mind that very often, companies have to comply with more than just one requirement, so if you have any questions, please contact us for clarification, since we want to ensure you select the right products for your needs.
ComplianceForge currently offers several products that are designed to assist companies with NIST 800-171, which is required by Defense Federal Acquisition Regulation Supplement (DFARS):
The NCC product is considered a "consultant in a box" product to provide consultant-level guidance on how to comply with NIST 800-171. The WISP and DSP are program-level policies and standards that will provide you with evidence you need to demonstrate compliance.
There are many ways to comply with the cybersecurity requirements of the US government's Federal Acquisition Regulation (FAR). When you look at choosing ISO or NIST from the viewpoint of complying with FAR, there are considerations that need to be accounted for since FAR has different requirements from Defense Federal Acquisition Regulation Supplement (DFARS) and for some companies, they need to comply with both.
One thing to keep in mind is that while the current 15 cybersecurity requirements for FAR are quite basic, there is a a pending change with FAR to compel all US government contractors, not just DoD contractors, to comply with NIST 800-171.
Currently, if you only need to address FAR 52.204-21, it is possible to comply with either ISO 27002 or NIST 800-53.
However, changes are in the works that FAR will require compliance with NIST 800-171 (see above section for products) and that will require adherence with the NIST 800-53 framework vs ISO 27002.
ComplianceForge currently offers several products that are designed to assist companies with the European Union General Data Protection Regulation (EU GDPR):
The EU GDPR can be addressed by aligning cybersecurity practices with either ISO 27002 or NIST 800-53. However, those frameworks alone will not sufficiently demonstrate evidence of due care or due diligence with building both cybersecurity and privacy principles "by default" into processes, applications or projects that could impact personal information of EU residents. This is where the Security & Privacy By Design (SPBD) product helps organizations operationalize security and privacy principles.
ComplianceForge currently offers several products that are designed to assist companies with PCI DSS compliance: