All data centers, computers, infrastructure, processes and methods are compliant under one or more of the below. The compliance level depends on the requirements of the client. MIS Sciences can perform the necessary audits on customer owned equipment and new equipment and infrastructure and provide documentation in support of the audits, as necessary.
SSAE 16
Also called Statement on Standards for Attestation Engagements 16, is a regulation created by the Auditing Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA) for redefining and updating how service companies report on compliance controls.
SSAE 16 is the reporting standard for all service auditor's reports from June 15th, 2011, and beyond. SSAE 16 was preceded by SAS 70, which had been in effect since April 1992.
(
more information)
STIG
A Security Technical Implementation Guide or STIG is a methodology for standardized secure installation and maintenance of computer software and hardware. The requirements were developed from Federal and DoD consensus, as well as the Windows Security Guide and security templates published by Microsoft Corporation.
(
more information)
NIST SP 800-53
NIST 800-53 is a publication that recommends security controls for federal information systems and organizations and documents security controls for all federal information systems, except those designed for national security.
NIST 800-53 is published by the National Institute of Standards and Technology, which creates and promotes the standards used by federal agencies to implement the Federal Information Security Management Act (FISMA) and manage other programs designed to protect information and promote information security. Agencies are expected to meet NIST guidelines and standards within one year of publication.
(
more information)
NIST FIPS 200
FIPS 200 and NIST Special Publication 800-53, in combination, help ensure that appropriate security requirements and security controls are applied to all federal information and information systems. An organizational assessment of risk validates the initial security control selection and determines if any additional controls are needed to protect organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the United States. The resulting set of agreed-upon security controls establishes a level of security due diligence for the organization.
(
more information)
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard used by organizations who handle card payments and cardholders information.Handled and developed by the Payment Card Industry Security Standards Council, PCI DSS helps to prevent and reduce card fraud. Our compliance covers requirements 2.1, 5.1.1, 5.2, 6.1, 8.5 and 12.2 of the PCI DSS v2.0 standards.
(
more information)
SANS
The SANS Institute is a private US company specializing in Internet security training. SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.
(
more information)
NERC CIP-007
NERC have provided Critical Infrastructure Protection (CIP) requirements. CIP-007 covers Systems Security Management sections of these requirements. Standard CIP-007-4 requires Responsible Entities to define methods, processes, and procedures for securing those systems determined to be Critical Cyber Assets, as well as the other (non-critical) Cyber Assets within the Electronic Security Perimeter.
(
more information)
NSA
NSA provides guidelines, scoring tools, software, data, information, suggestions, ideas, and other services and materials from the NSA website or elsewhere ("Products") as a public service to Internet users worldwide. Recommendations contained in the Products ("Recommendations") result from a consensus-building process that involves many security experts and are generally generic in nature. The Recommendations are intended to provide helpful information to organizations attempting to evaluate or improve the security of their networks, systems and devices.
(
more information)