Industry Standards

AICPA Trust Services Principles and Criteria

Content Type: Standard Content
License Type: Included
The American Institute of CPAs (AICPA) is the world's largest association of accounting professionals that sets ethical standards for the profession and U.S. auditing standards for private and nonprofit organizations, as well as federal, state, and local governments. The Trust Services Principles and Criteria contain the necessary steps to address the risk and opportunities of IT-enabled systems and privacy programs. This content pack contains the most recent version, released in January 2014.
 

FedRAMP Security Controls Baseline

Content Type: Standard Content
License Type: Included
The GSA, DHS, and DoD created the government-wide program, Federal Risk and Authorization Management Program (FedRAMP), to provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP will authorize cloud systems in a four step process: initiating, assessing, authorizing, and leveraging. Any vendor that wants to provide cloud service to the government must meet these 168 security controls, which are based on NIST SP 800-53 Rev. 3 for FISMA.
 

HIPAA/HiTech Act via NIST 800-66

Content Type: Standard Content
License Type: Included
Health Insurance Portability and Accountability Act (HIPAA) Security Rule NIST-800-66 specifically focuses on the safeguarding of electronic protected health information (EPHI). All HIPAA-covered entities, which include some federal agencies, must comply with the Security Rule, which specifically focuses on protecting the confidentiality, integrity, and availability of EPHI.
 

HIPAA Privacy

Content Type: Standard Content
License Type: Included
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addressed the security and privacy of health data. This Content Pack also supports:
  • Part 164, CFR 45
  • Covered entity classification survey

ISO 22301

Content Type: Standard Content
License Type: Third-Party
International Organization for Standardization (ISO) is the world's largest developer and publisher of International Standards. ISO 22301 (2012) details requirements to plan, establish, implement, monitor, review, maintain, and improve an organization's documented management systems business continuity. These requirements are meant to be applicable to all organizations, no matter their industry or size.
 

ISO 27001 & 27002

Content Type: Standard Content
License Type: Third-Party
International Organization for Standardization (ISO) is the world's largest developer and publisher of International Standards. ISO 27001 describes requirements for Information Security Management Systems (ISMS) of all types of organizations. ISO 27002 is a code of practice for information security and establishes the guidelines and general principles for information security management. ISO 27001 and ISO 27002 documents were intended to be used together to complement each other to help organizations adhere to the security information management best practices. These content packs contain the most recent version, released in October 2013.
 

ISO 27799

Content Type: Standard Content
License Type: Third-Party
International Organization for Standardization (ISO) is the world's largest developer and publisher of International Standards. ISO 27799 is intended for healthcare organizations to use, in accordance with ISO 27002, to help them manage health information security. This standard also provides health information security best practice guidelines and by implementing these guidelines, healthcare organizations can ensure the personal health information is at a minimum level of security that is appropriate for their organization.
 

MISMO Security Guidance

Content Type: Standard Content
License Type: Third-Party
Mortgage Industry Standards Maintenance Organization (MISMO) is the leading technology standards development body for the residential and commercial real estate finance industries, is a wholly owned subsidiary of the Mortgage Bankers Association. MISMO data standards make e-commerce more profitable for the industry and open the door to groundbreaking innovations, such as electronic mortgages (eMortgages). MISMO activities cover four broad areas: residential standards, commercial standards, eMortgage specifications and information security guidelines.
 

NERC CIP V5.0

Content Type: Standard Content
License Type: Included
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards specify the minimum requirements to protect the Critical Cyber Assets that support the reliability of the electrical system. All organizations who are involved with the North American bulk electrical network are subject to these standards.
 

NIST SP 800-53/53A

Content Type: Standard Content
License Type: Included
The National Institute of Standards and Technology (NIST) SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations, was developed by NIST, the Department of Defense, the Intelligence Community, and the Committee on National Security Systems as part of the Joint Task Force. The purpose of the publication is to provide a complete approach to information security and risk management by providing organizations with the security controls necessary to fundamentally strengthen their information systems and the environments in which those systems operate. The security and privacy controls have been designed to be largely policy / technology-neutral to facilitate flexibility in implementation.

This content pack contains the most recent NIST update, 800-53 Revision 4 (2013), which includes updates to controls and control enhancements that address the increasing sophistication of cyber-attacks, and supplementary document 800-53A Revision 1 (2010): Guide for Assessing the Security Controls in Federal Information Systems and Organizations.
 

NIST SP 800-37

Content Type: Standard Content
License Type: Included
The National Institute of Standards and Technology SP 800-37 is a guide for Applying the Risk Management Framework to Federal Information Systems.
 

PCI DSS 2.0

Content Type: Standard Content
License Type: Included
The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for credit card data protection. The standard includes twelve higher-level requirements that are mapped to the Agiliance Common Control Framework. Agiliance RiskVision supports the new 2.0 version which requires all organizations with payment card data to adhere to the new requirements by January 1, 2012. Standard content includes controls and common control mapping.
 

PCI DSS 2.0

Content Type: Advanced Content
License Type: Included
The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for credit card data protection. The standard includes twelve higher-level requirements that are mapped to the Agiliance Common Control Framework. Agiliance RiskVision supports the new 2.0 version which requires all organizations with payment card data to adhere to the new requirements by January 1, 2012.
Advanced PCI Content includes:
  • Controls
    • Scoping requirements for 1.2.1 and 2.0
    • Asset inventory
    • Unlimited automated assessments and control checks
  • Common control mapping
    • Mapping to owners and requirements
  • Suggested guidelines for evidence
  • Pre-created questionnaires and surveys, for example:
    • Asset classification questionnaires
    • Assessment questionnaires
    • PCI readiness assessment questionnaires
  • Audit and executive ready out-of-the-box reports and dashboards, for example:
    • QSA readiness & signoff
    • Executive Readiness Report
    • GAP Analysis, Remediation status, Evidence reports
  • Additional documentation, for example:
    • PCI Compliance Dashboard
    • CDE Asset Dashboard
    • Current Assessments
    • Executive Overview
    • QSA Scoring

PCI DSS 3.0

Content Type: Standard Content
License Type: Included
The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for credit card data protection. Agiliance RiskVision supports the new 3.0 version which requires all organizations that are involved in the payment card process to adhere to the new requirements by January 1, 2015. The content pack contains the twelve requirements and Appendix A. Standard content includes controls and common control mapping.

PCI SAQ P2PE-HW

Content Type: Standard Content
License Type: Included
PCI SAQ P2PE-HW was developed to address requirements applicable only to merchants who process cardholder data via hardware payment terminals. SAQ P2PE-HW merchants can either be brick-and-mortar (card-present) or mail/telephone order (card-not-present) merchants. Each section of the questionnaire focuses on a specific area of security, based on the PCI DSS Requirements and Security Assessment Procedures.
 
 

Solutions
Actionable Risk
Continuous Compliance
Risk-Based Security
Products
Technology
Platform
Applications
Connectors
Content
Services
Cont. Comp. Services
Cloud Managed Services
Consulting Services
Support
Education
Customers
Financial Services
Healthcare and Privacy
Public Sector
Retail, Internet and Media
Technology, Industrial and Energy
Partners
Service Providers
Technology Providers
Content Providers
Become a Partner
News
Press Releases
Webcasts
Events
Demo Tuesday
Company
Management
Directors
Careers
Contact Us