Compliance Mandates

Standing Ready to Solve Your Compliance Challenges

In today’s complicated regulatory environment, staying compliant and improving the efficiency of your compliance efforts is a major challenge. Not only must your Security Team safeguard data and systems, but it must also ensure that your organization is compliant with a multitude of regulations while providing the necessary reporting to satisfy the needs of auditors. Adding to your problems, the number, scope, and complexity of regulations and standards continues to increase—with many regulations now carrying penalties for data breaches. Lynx Managed Security Services and Security Consulting Services can help you become compliant and stay compliant with government regulations and industry mandates.

 

Overview

Deep Expertise in Meeting Requirements of Compliance Mandates

PCI DSS

We know that maintaining compliance with PCI DSS can feel like a daunting task, but we can work with you to develop successful strategies, matching PCI DSS requirements with your workflow and compliance needs to make complying easier and less costly. Lynx is a PCI Approved Scanning Vendor (ASV) and Qualified Security Assessment Company (QSAC). Our PCI compliance services are delivered by experienced, certified security experts, including PCI Qualified Security Assessors (QSAs) and PCI Payment Application (PA-QSAs). Through our managed security services and security consulting services, we can help you address all twelve requirements for PCI DSS compliance.

GLBA, FFIEC, NCUA

Financial institutions are required to comply with a variety of regulations, which are enforced by multiple authorities. Lynx can help your institution reduce security risk, enable FFIEC and GLBA compliance, and increase operational efficiency throughout your institution. Our experience in FFIEC, FDIC IT-RMP, GLBA, NCUA and PCI DSS allows us to provide thorough, cost-effective solutions to ease the burden of compliance with a multitude of complex IT risk management requirements. With Managed Security Services and Security Consulting Services available, you can depend on our experts to use proven methodologies and streamlined solutions to cost-effectively meet your needs.

HIPAA & HITECH

Data security is becoming an increasingly important concern for healthcare organizations. With stricter HIPAA and HITECH compliance standards for covered entities (healthcare providers, healthcare plans and clearinghouses) and business associates (a service provider to healthcare organizations), many organizations are feeling vulnerable and uncertain about how to maintain compliance with these standards. Backed by a team of certified security experts (HITRUST CSF, CISSP, CISA, CRISC, GCIA, CSOA, QSA and others), Lynx offers a variety of healthcare-related IT auditing, security, and compliance solutions designed to help you protect the privacy and security of electronic protected health information (ePHI), and avoid civil and criminal penalties for non-compliance.

SOX, COSO

Publicly traded U.S. corporations must maintain compliance with Sarbanes-Oxley Act of 2002 (SOX) security provisions as well as monitor their environments and prove compliance with control framework guidance from the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Lynx Managed Security Services and Security Consulting Services can help your company cost-effectively comply with SOX IT security requirements. We can help you leverage your existing investments in applications and databases as well as gain a comprehensive, integrated view of security compliance that ties controls back to business practices. Additionally, we can help you provide the necessary audit trail of configuration controls, access, and change.

NERC CIP

The Bulk Electric System (aka the power grid) has become an increasingly tempting target for cyber terrorism and nation-level threats. NERC’s Critical Infrastructure Protection (CIP) Standards, identify the minimum cyber controls and protections that power suppliers and generators must address or face significant penalties and fines of up to $1M per day. Lynx offers a wide variety of IT security solutions designed to help you implement compliance programs, reduce the risk of control failure, and avoid fines. With services such as risk assessment, policy development, and controls testing and audit, Lynx can help you achieve a solid security posture while complying with NERC CIP mandates.

FISMA

Signed into law part of the Electronic Government Act of 2002, the Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. Commercial organizations seeking ‘FISMA compliance’, through a ‘FISMA assessment’, have to work directly with each specific agency to achieve authority to operate (ATO) and be assessed to controls that are based in FIPS 199, FIPS 200 and NIST 800-53. From controls mapping to documentation development for a system security plan (SSP) to security testing, Lynx provides the advisory and assessment services necessary to meet your FISMA authorization needs.

FEDRAMP

The Federal Risk and Authorization Management Program (FedRAMP) is a result of the ‘Cloud First’ Policy established in 2010 which provides a known set of federal security requirements that cloud service providers (CSP) must adopt in order to be eligible to host government data. CSP that receive a Provisional Authorization to Operate (P-ATO) under this program can leverage this ATO to do business with multiple agencies as part of the ‘do once, use many’ framework that FedRAMP has established. Lynx has been accredited as a Third Party Assessment Organization (3PAO) to conduct independent assessments of cloud environments developed for FedRAMP evaluation.