NetSPI Services
Services
Risk
Management
Compliance
Management
Assessment
Services
PCI/PA-DSS
Services
Advisory
Services
HITRUST
Services
CorrelatedVM™
Engine
 

Compliance Management

Regulations, statutes, industry requirements and legislative mandates are time-consuming and problematic for any organization—and they keep changing. NetSPI helps you stay up to date. We review, assess and audit essential controls that guarantee your compliance. Our compliance management services reduce operating expenses and strengthen security program development.

We help businesses and other organizations meet current government and industry regulations with compliance consulting. Because of our expertise in regulatory and industry compliance requirements, we are also prepared to help customers anticipate new ones. If you work in a regulated industry, you understand the importance of full compliance.

Compliance Management Services
  • ASV Scanning
  • Application Code Review
  • Web Vulnerability Assessment
  • External Pen Testing
  • Internal Pen Testing
  • Data Center Controls Review

Click on any topic to read more about it:

PCI Services

PCI Services

NetSPI is certified by the Payment Card Industry (PCI) Security Standards Council to perform both the PCI onsite audits and the ASV network scans that are required for merchants and service providers. We are also certified by Visa to perform Payment Application Data Security Standard (PA DSS) assessments.

Complete Life Cycle

In addition to conducting PCI auditing, NetSPI provides:

  • Pre-audit consulting and advisory services in which we work with organizations to interpret, and to help them interpret and realistically comply with, the standard.
  • Help wuth tracking your remediation progress, which provides evidence that you are meeting compliance requirements, and can be used from an audit perspective to demonstrate the effectiveness of controls.

GLBA Services

Gramm-Leach-Bliley Act (GLBA)

In 1999, the U.S. Congress changed federal regulations governing financial services. It repealed the Glass-Steagall Act, which prohibited banks from offering insurance, investment, or commercial banking services. This change in regulation included a new law, the Gramm-Leach-Bliley Act (GLBA).

Under the GLBA, financial services companies are required to protect customer records and information against unauthorized access or disclosure. This requirement is intended to prevent the buying and selling of sensitive personal information without the customer’s permission.

GLBA Compliance Services include:
  • Risk assessment and management, using discovery and profiling processes
  • Comprehensive network review, testing effectiveness of digital asset protection
  • Confirmation of controls that apply to information systems and business continuance
  • Checking of application controls designed to prevent or detect unauthorized transactions
  • Third-party risk assessment
HIPAA Services

Health Insurance Portability and Accountability Act (HIPAA)

Enacted by Congress in 1996, the Health Insurance Portability and Accountability Act (HIPAA) has two parts. Title II of HIPAA, which covers administrative requirements, sets direction for national standards in electronic healthcare transactions. It also establishes unique identifiers for employers, providers, and health insurance plans.

NetSPI specializes in addressing healthcare industry-specific issues, and provides the most targeted, comprehensive solutions for effectively dealing with them. Our services for healthcare organizations include:

  • Enterprise Risk Assessment—Reviewing risk and security programs to ensure complete understanding and compliance with HIPAA guidelines
  • Application Security Assessments—Providing improved confidence and security for your applications. NetSPI provides Application Assessments, Code-Level reviews, SDLC Analysis and more
  • Financial and Patient-System centered Vulnerability Assessments—Examining the technologies, policies, procedures, and standards used to route and secure patient and confidential information
  • HIPAA and ISO 27002 Security Program Development—Follow-up to HIPAA Assessment, ensuring the incorporation of a business-centered approach to security program development in your three- or five-year plan
NRC Services

The Nuclear Energy Institute (NEI) has developed a set of standards for cyber security programs at nuclear power plants. It includes specific requirements for ensuring the integrity and availability of digital safety and control systems, including both technical and administrative controls. The Nuclear Regulatory Commission (NRC) is in the process of adopting and codifying these standards, thereby ensuring that nuclear utilities will comply with the standards and establish protections against a variety of threats, both accidental and intentional.

Power utilities are important to our economic health and national security, so information security systems in the energy industry, and particularly at nuclear power plants, should be reviewed regularly from inside and out.

NetSPI support for NEI 08-09 includes:
  • Benchmarking / gap analysis against NEI 08-09 and NRC requirements
  • Cyber security assessments of critical systems, networks, and assets, including plant process computer systems
  • Comparison of individual measures to standard industry practices
  • Recommendations for mitigation and protection measures
FFIEC Services

FFIEC

The Federal Financial Institutions Examination Council, or FFIEC, is an interagency organization of the United States government. It has responsibility for setting uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Office of Thrift Supervision (OTS). It also makes recommendations to promote uniformity in the supervision of financial institutions.

NetSPI stays abreast of FFIEC regulations and can help your financial organization comply with its standards.
 
 
© 2010 NetSPI Inc. All rights reserved.