Armed Security And Protection
Cybersecurity Services
Regulatory Compliance
In-Scope Regulatory Support:
- SOC 1 / SOC 2 / SOC 3
- NIST 800-53/800-171
- HIPAA
- PCI-DSS
- FEDRAMP
- ATO
- CPRA
- GDPR
- NYDFS 23 NYCRR 500
- ISO/IEC 27001 & 27002
- CMMC
Regulatory Compliance Offerings
- Gap Assessments
- Baseline assessment against target frameworks
- Evidence Management and Audit Support
- Liaison with auditors
- Artifact generation, remediation, validation and support
- Policy and Governance Development
- Drafting and revising security Policies, Standards and Procedures
Third-Party Risk Management:
- Third Party Questionnaires
- Risk Scoring
- Liaison with vendors
Continuous Compliance Monitoring:
- Ongoing control validation and reporting
Privacy Program Operations:
- Data Inventories
- DSAR workflows
- Consent Management Support
- Retention Schedules
- Data Deletion
- Rights Review
Executive and Board Reporting:
- Bridge between technical control implementation and business risk appetite remediation
Disaster Resistance and Recovery
Architecture Review and Hardening:
- Business Impact Analysis
- Security Technical Implementation Guides
- Secure Configuration Baselines
- Defense-in-Depth analysis
- Least-Privilege
Incident Response Readiness:
- Tabletop Exercises
- Incident Playbooks
- Backup and Recovery strategy
Post-Incident Remediation:
- Root Cause Analysis
- Control Improvement
- Long Term Monitoring
Risk Assessment and Remediation
- Threat Modeling
- Vulnerability scanning, remediation, and reporting
- Gap Analysis
- Remediation Planning