Evolve your security and privacy program
The NIST SP 800-53 framework is mandatory for federal systems of the United States and is often adapted and applied by private organizations. Because NIST SP 800-53 requires many controls, knowing where to start can be daunting. Our consultants have deep experience with NIST 800-53 and can help scope, design, implement, document, and assess your NIST SP 800-53 program. From scoping to reviewing, TrustedSec can help organizations at any point in their compliance journey.
- Scope - Set your program up for success by ensuring proper scoping and baselines for your information assets and systems.
- Implement - Design and tailor your program to ensure applicability and effectiveness.
- Document - Build all of the documents you'll need to run and attest to your security program.
- Review - Assess the effectiveness of your security program by identifying all barriers to full compliance. Recommendations detail ways to meet the intent of identified gaps.
“Weaving risk, group theory, and adaptation with business strategy is one way we stand out.”Rockie BrockwayDirector of Advisory Innovations
Rockie Brockway
Director of Advisory InnovationsRockie's focus is on helping organizations strengthen their security posture by better aligning security with business needs and requirements.
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
Read our blog
Explore trending cybersecurity topics on the TrustedSec Security Blog
Book Review - The Definitive Guide to PCI DSS Version 4
As a PCI QSA, I have answered numerous questions about the new PC DSS Version 4. With over 500 total controls, and at least 100 of them unique to this version,…
Cybersecurity Policy Enforcement: Strategies for Success
Introduction Your organization has invested significant effort in formally documenting its approach toward cybersecurity to enhance accountability and…
Why Risk Assessments are Essential for Information Security Maturity
Introduction Many compliance frameworks require Information Security Risk Assessments, and some organizations may receive third-party requests for Risk…
Compliance Abuse: When Compliance Frameworks are Misapplied
Introduction Here at TrustedSec, we help our clients achieve and maintain compliance with a variety of Information Security and privacy frameworks. We often…
Data Retention Practices – A Brief Overview
Data retention practices can vary between companies based on compliance requirements, location, and types of data. Best practice dictates an organization…
Measuring the Impact of a Security Awareness Program
Our goal in building a security awareness program is to embed security into our partners' existing organizational culture. Impacting culture is a long-term…
The Crucial Role of Data Center Resiliency in Business Security
For many organizations, data center operations are handled by the facilities team or a third-party vendor. Although these functions aren’t part of the everyday…
Detection and Alerting: Selecting a SIEM
Summary Basic SIEM requirements should be in place to create mature detections for a variety of log sources, including network logs, system logs, and…
Maturity, Effectiveness, and Risk - Security Program Building and Business Resilience
One of the most common questions asked by business leadership is also one of the most challenging to answer: “How secure are we?” Now, some of you reading this…
An 'Attack Path' Mapping Approach to CVEs 2021-42287 and 2021-42278
1.0 Introduction On Friday, December 10, 2021, Charlie Clark (@exploitph) published a blog post detailing the weaponization of CVEs 2021-42287 and 2021-42278.…