Ris GroupRis GroupRis GroupRis Group
  • Home
  • Consulting
    • Incident Response
    • Cloud Consulting
    • Cyber Risk Assessment
    • Penetration Testing
    • Application Development and Management Solution
  • Compliance
    • DFARS 7012 & NIST SP 800-171
    • PCI DSS Compliance
    • FISMA | GBLA | SOX
  • About Us
  • Why Us
    • Our Focus
    • Our Experience
    • Customer Support
  • Cyber Security Training
  • Contact Us

The FISMA, GBLA, and SOX Compliance

The RIS Group provides the comprehensive service of supporting companies to meet FISMA, GBLA, and SOX requirements. Our experts work dedicatedly to identify and implement the appropriate cybersecurity and risk management best practiced for your particular business.

The FISMA

FISMA stands for the Federal Information Security Management Act. It is the US legislation defining the comprehensive framework for the protection of governmental information, operations, and assets. The framework will protect the data against natural or man-made threats.

Under the FISMA legislation, various agencies are responsible for ensuring the security of data in the federal government. Individuals like the program officials and agency heads will be required to perform annual reviews of the information security programs. The aim is to reduce the risk of security breaches and keep it below the specified level. The responsibility also requires adhering to cost-effective methods that work in a timely fashion and efficient manner. The National Institute of Standards and Technology (NIST) has outlined 9 steps that ensure compliance with the FISMA.

9 steps that ensure compliance with the FISMA:

  1. Categorization of the information to be protected
  2. Selecting minimum baseline controls
  3. Refining the controls using risk assessment programs
  4. Documenting of the controls in the system security plan
  5. Implementation of the controls in the information systems
  6. Assessment of the effectiveness of the controls after implementation
  7. Identifying the agency-level risk to the mission or business case
  8. Authorization of the information system for processing
  9. Monitoring the security controls on a regular basis

The GBLA

GBLA is the Gramm-Leach-Bliley Act. Also known as the Financial Modernization Act of 1999, this US federal law requires the financial institutions to state how they share and protect the private information of their customers. The communication allows the customers to opt-out of the company’s services if they don’t wish to share their private information with third parties. The company is also supposed to protect the customer’s data under the written information security plan developed by them.

Under the Safeguards Rule, companies must:

  1. Assign one or more employees for the coordination of information security program
  2. Determining and assessing the risk to customer information in different areas of the company operations. Also, controlling these risks
  3. Implement a safeguard program along with  constant monitoring and testing
  4. Selecting service providers to maintain the security controls and oversee the handling of the information
  5. Evaluating and adjusting the security program according to changes in the business operations

The SOX

Known as the Sarbanes-Oxley Act, the SOX compliance standard indicated that the publically held companies must have internal controls and procedures for financial reporting. This reduces the risk of corporate fraud. There are no specific controls mentioned within the scope of SOX but indicated towards the COBIT framework in order to ensure high standards of IT governance.

The RIS Group can be your IT GRC partner to ensure you meet the above compliance standards. With our services, you can have the peace of mind not only for your next compliance audit but effective cybersecurity and risk management.

 

About Us

RIS Group is a leader in cybersecurity solutions that help organizations whether small, medium or large to reduce the risk of cyber breaches and demonstrate compliance. We are best in tightly integrating and automating all eight critical IT GRC components: Risk Management, Compliance Management, Audit Management, Vendor Management, Incident Response Management, Vulnerability Management and Policy Management.

Read More

Recent Posts

  • Ransomware & What You Need to Know! August 6, 2017
  • GBLA Compliance and Information Security July 24, 2017
  • Cybersecurity awareness, the best Investment July 24, 2017

Contact Us

Address:

5900 Balcones Dr, Suite 8157 Austin Texas 78731

Phone:

281-803-8431

Fax:

(855) 544-8747

Email:

info@risgroup.org

NAICS Codes

541511 541512
541619 541618
324110 541611


DUNS: 080764941
CAGE Code: 7WVL6
EIN: 821944210

©2022 Ris Group. All Rights Reserved
  • Home
  • Consulting
    • Incident Response
    • Cloud Consulting
    • Cyber Risk Assessment
    • Penetration Testing
    • Application Development and Management Solution
  • Compliance
    • DFARS 7012 & NIST SP 800-171
    • PCI DSS Compliance
    • FISMA | GBLA | SOX
  • About Us
  • Why Us
    • Our Focus
    • Our Experience
    • Customer Support
  • Cyber Security Training
  • Contact Us
Ris Group