A Q&A with SideChannel (Part II)
Let’s continue and finish it!
Q. What does SideChannel offer on Cybersecurity Compliance?
A. Our vCISOs are experienced cybersecurity compliance strategists who follow an approach founded in our industry experiences from both commercial and military sectors. They consider best practices from Big 4 audit & consulting and DoD information assurance programs. We understand what it takes to secure compliance, build a resilient cyber program while enabling productivity and success of the business. This is the strategy designed as Regulatory Compliance & Cyber Program:
- NIST Cyber Security Framework (CSF)
- NIST 800-53
- DoD Defense Federal Acquisition Regulation Supplement (DFARS)
- NIST 800-171 Compliance
- Cybersecurity Maturity Model Certification (CMMC)
- DHS 4300a Sensitive Systems
- NIST Small Business
- HIPAA / HITECH / HITRUST
- SOC2 Type I / SOC2 Type II
- Sarbanes–Oxley (SOX)
- SEC Regulations
- NAIC Model Laws
- New York State DFS Part 500 Regulations (operating as an authorized NY Financial Services Virtual CISO.)
- South Carolina Insurance Data Security Act
- MA 201 State Regulations
- Ohio Data Protection Act
Q. Does SideChannel offer consulting services for the Cybersecurity Maturity Model Compliance (CMMC)?
A. First of all, SideChannel’s consulting services approach for CMMC works for enterprises, mid-market, and small businesses. Second of all, based on the advisories vCISOs will provide, the goal is to build up confidence to make client’s cybersecurity thrive. Then, taking in consideration that the CMMC combines various cybersecurity standards and best practices which map controls and processes across several maturity levels, our CMMC consulting & readiness services address:
- Assess the organization against the CMMC level outlined.
- Identify the gaps to meet and areas of risk to address.
- Outline and create a roadmap to meet CMMC level.
- Develop the SSP and recommend implementations, technologies, & people needed.
- Support the organization through the CMMC audit process and eventual certification.
Q. What is the CUI Life Cycle™?
A. The CUI Life Cycle™ is a UX-friendly training for employees on operational technologies and industrial control systems whether directly in the field or responsible for compliance. It was designed to easily learn how to work with Controlled Unclassified Information (CUI). It provides high-level understanding of control system cybersecurity and further analysis of vulnerabilities. The CUI Life Cycle™ training is a roadmap to learn:
- Which regulations apply to the organization.
- The authorized holder of a document or material is responsible for determining, at the time of creation, whether information in a document or material falls into a CUI category.
- CUI marking requirements.
- CUI dissemination instructions.
- CUI storage requirements (NIST 800-171 Revision 2 compliance and CMMC level 3 or higher maturity).
Q. What does Team Building and Staffing have to do with cybersecurity?
A. Installation of cybersecurity tools are only part of a robust cybersecurity program. Many organizations find themselves with tools that are challenging to maintain or have been orphaned due to lack of resources, affordable expertise, or not having time to manage them or their supporting vendors. The long-term impact is an investment that has good intentions with poor execution. We help businesses recover the investment utility of their cybersecurity tools.
SideChannel’s vCISOs are experts in designing, building and delivering business-driven human capital management technology and cybersecurity solutions. We help our clients gain competitive advantage through technology staffing, consulting and executive search solutions to make their businesses more responsive to market opportunities and threats, strengthen relationships with customers, suppliers and partners, improve productivity and reduce information technology costs.