Industry Standards

FedRAMP Security Controls Baseline

Content Type: Standard Content
License Type: Included
The GSA, DHS, and DoD created the government-wide program, Federal Risk and Authorization Management Program (FedRAMP), to provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP will authorize cloud systems in a four step process: initiating, assessing, authorizing, and leveraging. Any vendor that wants to provide cloud service to the government must meet these 168 security controls, which are based on NIST SP 800-53 Rev. 3 for FISMA.
 

HIPAA/HiTech Act via NIST 800-66

Content Type: Standard Content
License Type: Included
Health Insurance Portability and Accountability Act (HIPAA) Security Rule NIST-800-66 specifically focuses on the safeguarding of electronic protected health information (EPHI). All HIPAA-covered entities, which include some federal agencies, must comply with the Security Rule, which specifically focuses on protecting the confidentiality, integrity, and availability of EPHI.
 

HIPAA Privacy

Content Type: Standard Content
License Type: Included
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Department of Health and Human Services (HHS) to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addressed the security and privacy of health data. This Content Pack also supports:

• Part 164, CFR 45
• Covered entity classification survey

ISO 27001 & 27002

Content Type: Standard Content
License Type: Third-Party
International Organization for Standardization (ISO) is the world's largest developer and publisher of International Standards. ISO 27001 describes requirements for Information Security Management Systems (ISMS) of all types of organizations. ISO 27002 is a code of practice for information security and establishes the guidelines and general principles for information security management. ISO 27001 and ISO 27002 documents were intended to be used together to complement each other to help organizations adhere to the security information management best practices.
 

MISMO Security Guidance

Content Type: Standard Content
License Type: Third-Party
Mortgage Industry Standards Maintenance Organization (MISMO) is the leading technology standards development body for the residential and commercial real estate finance industries, is a wholly owned subsidiary of the Mortgage Bankers Association. MISMO data standards make e-commerce more profitable for the industry and open the door to groundbreaking innovations, such as electronic mortgages (eMortgages). MISMO activities cover four broad areas: residential standards, commercial standards, eMortgage specifications and information security guidelines.
 

NIST SP 800-53/53A

Content Type: Standard Content
License Type: Included
The National Institute of Standards and Technology SP 800-53 Rev. 1 is a Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach. Agiliance has implemented these guidelines for the security certification and accreditation of IT systems into RiskVision. All supporting executive branch agencies of the federal government are subject to this standard.
 

NIST SP 800-37

Content Type: Standard Content
License Type: Included
The National Institute of Standards and Technology SP 800-37 is a guide for Applying the Risk Management Framework to Federal Information Systems.
 

NERC CIP V4.0

Content Type: Standard Content
License Type: Included
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards specify the minimum requirements to protect the Critical Cyber Assets that support the reliability of the electrical system. All organizations who are involved with the North American bulk electrical network are subject to these standards.
 

PCI DSS 2.0

Content Type: Standard Content
License Type: Included
The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for credit card data protection. The standard includes twelve higher-level requirements that are mapped to the Agiliance Common Control Framework. Agiliance RiskVision supports the new 2.0 version which requires all organizations with payment card data to adhere to the new requirements by January 1, 2012. Standard content includes controls and common control mapping.
 

PCI DSS 2.0

Content Type: Advanced Content
License Type: Included
The PCI Security Standards Council is an open global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for credit card data protection. The standard includes twelve higher-level requirements that are mapped to the Agiliance Common Control Framework. Agiliance RiskVision supports the new 2.0 version which requires all organizations with payment card data to adhere to the new requirements by January 1, 2012.
Advanced PCI Content includes:

• Controls
  • Scoping requirements for 1.2.1 and 2.0
  • Asset inventory
  • Unlimited automated assessments and control checks
• Common control mapping
  • Mapping to owners and requirements
• Suggested guidelines for evidence
• Pre-created questionnaires and surveys, for example:
  • Asset classification questionnaires
  • Assessment questionnaires
  • PCI readiness assessment questionnaires
• Audit and executive ready out-of-the-box reports and dashboards, for example:
  • QSA readiness & signoff
  • Executive Readiness Report
  • GAP Analysis, Remediation status, Evidence reports
• Additional documentation, for example:
  • PCI Compliance Dashboard
  • CDE Asset Dashboard
  • Current Assessments
  • Executive Overview
  • QSA Scoring