1nteger Security provides step by step guidance to help you become compliant and stay that way across multiple cross-industry requirements.

Our solution is simple to use and provides what you need in the event of an audit.

Jump to…

HIPAA

DFARS

ITAR

NYS DFS

PCI-DSS

All of 1nteger’s compliance programs help you achieve the following:

  • Make cost-effective improvements to security posture with quick turn-around.
  • Look into your respective compliance requirements and see what you need to do to meet them.
  • Understand what it takes to protect sensitive, non-public data from external and internal threats.
  • Improve your security posture by reducing your attack surface and overall risk.
  • Save costs by freeing up existing resources and reducing the need for new staff.

HIPAA

The first step in achieving HIPAA compliance is completing an evaluation of how existing controls map to compliance requirements.

These requirements of HIPAA fall under the categories of administrative, technical and physical. We establish a baseline where your organization meets or doesn’t meet HIPAA compliance. The sum of all findings from these examinations is commonly referred to as a “Gap Analysis.”

Once a Gap Analysis is complete, we collaborate to establish a remediation plan that’s right for you – prioritized by the risks presented and resources available – and document the steps to be taken.

More Information

New to HIPAA?
Check out this guide from one of our partners

Want more in-depth information?
The US Department of Health and Human Services has improved their outreach, learn more here.

Our HIPAA compliance solutions include everything you need, including:

  • Audits
  • Risk Assessments
  • Remediation Guidance
  • Planning, Policies & Procedures
  • BAA’s
  • Employee Training
  • Audit Support
  • Compliance Coaching

We can augment your existing cybersecurity & compliance staff or fully manage the entire HIPAA compliance process.

Through strategic partnerships, our expertise, and breadth of knowledge, managing and maintaining HIPAA compliance has never been easier. Contact 1nteger Security for a free consultation and demo of our toolset.

DFARS

The Defense Federal Acquisition Regulation Supplements 252.204-7008 & 252.204-7012 (DFARS) issued by the Department of Defense (DoD) is a set of cybersecurity regulations required for government contractors and vendors.

To meet the minimum requirements, DoD contractors must provide adequate security to safeguard Covered Defense Information (CDI) and Controlled Unclassified Information (CUI) that is stored or transmitted through their information systems.

CDI and CUI must be separated from uncovered information and protected from unauthorized access and disclosure.

In addition to protecting this data, contractors must rapidly report cyber incidents and cooperate with the DoD to respond to these security incidents, including providing access to affected media and submitting malicious software.

What do you need to do to provide “adequate security” for this data?

In order to be considered DFARS compliant, contractors must pass all guidelines set forth in NIST Special Publication 800-171 inclusive of conducting an assessment against all 110 controls.

After the assessment, contractors must develop a system security plan (SSP) describing how the security requirements are met, as well as plans of action and milestones (POA&M) on how controls which have yet to be implemented will be met at a future date.

Conducting an assessment and implementing these security controls can be a substantial undertaking, especially for those organizations with stretched or limited resources.

1nteger Security offers services where you need the assistance most. We can provide guidance and consulting with your existing cybersecurity staff or fully manage the entire DFARS compliance process.

ITAR

ITAR (International Traffic in Arms Regulations) is an export control regulation designed to help ensure that defense related technology does not get into the hands of a Foreign National without authorization. The Department of State’s Directorate of Defense Trade Controls (DDTC) interprets and enforces ITAR. ITAR is commonly confused with DFARS, and many times DoD contractors must adhere to both.

Defense-related articles and services, as defined on the United States Munitions List (USML), are what is regulated by ITAR. Information and material listed on the USML may not be shared with foreign persons or entities unless an authorization from the Department of State is obtained. Companies must register with the DDTC and know what is required of them to be ITAR compliant and then certify that they possess that knowledge.

NYS DFS

Effective on March 1st 2017, the New York Department of Financial Services (NYDFS) issued the Cybersecurity Regulation 23 NYCRR 500, which is “…designed to promote the protection of customer information as well as the information technology systems of regulated entities.”

Each Covered Entity must file an annual certification confirming compliance with the 23 NYCRR 500 regulation.

Am I regulated by the NYS DFS?

State-chartered banks, licensed lenders, private bankers, foreign banks licensed to operate in New York, mortgage companies, insurance companies and service providers are considered a Covered Entity.

Any organizations of these categories may report to the NYS DFS.

You can also use one of the following resources provided by the DFS to determine if you are regulated:

What do I need to do to comply with 23 NYCRR 500?

Covered Entities must establish a cybersecurity program inclusive of:

  • Cybersecurity Policies
  • Chief Information Officer Designation
  • Periodic Risk Assessments
  • Annual Penetration Test
  • Bi-Annual Vulnerability Assessments
  • Training and Monitoring
  • Limiting Access via Least Privilege
  • Multi-Factor Authentication
  • Encryption of Nonpublic Information
  • Detect and Respond to Cybersecurity events
  • Incident Response Plan
  • Provide Notification to the NYS DFS Superintendent in the event of a cybersecurity event

1nteger Security can provide guidance and consulting with your existing cybersecurity staff or fully manage your Cybersecurity Program and maintain DFS compliance.

PCI-DSS

Adhering to the Payment Card Industry Data Security Standard, it is mandatory for merchants, financial institutions and vendors processing credit card data.

1nteger Security provides PCI compliance services beyond simply “checking a box” with a comprehensive suite of PCI-related services to fulfill all aspects of compliance:

Assisted Self-Assessment Questionnaire (SAQ)

1nteger Security helps you complete a PCI self-assessment questionnaire (SAQ) and aid with the submission of an Attestation of Compliance (AOC).

Risk Assessments, Gap Analyses & Remediation Plans

PCI DSS mandates an annual risk assessment to identify threats and vulnerabilities. 1nteger Security provides a risk assessment that identifies, analyzes, and documents security risks to fulfill Requirement 12.1.2. At the completion of the assessment, you will receive a PCI Gap Analysis report. Our process creates a remediation plan to close all discovered gaps and allow your organization to concentrate on meeting compliance timelines within budgetary constraints.

Compliance Training

1nteger Security’s experts provide security awareness training to fulfill PCI DSS Requirement 12.6. In order to best fit your business needs, we offer training via several modes including on-site, classroom, online and more.

Ready to Get Started?