SphereCom Enterprises Inc, Logo

Security Compliance Support

SphereCom provides security compliance support to assist customers in meeting a wide variety of U.S. Government and International security compliance requirements. SphereCom maintains a library of over 7,000 Government and international security-related publications to remain up to date on security initiatives that impact our customers.

NIST Cybersecurity Framework
NIST SP 800-171/800-171A Controlled Unclassified Information (CUI) Programs
Federal Information Security Modernization Act (FISMA)
Federal Risk and Authorization Management Program (FedRAMP)
Department of Defense (DoD) Risk Management Framework (RMF)
International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) ISO 27001/27003
European Union (EU) General Data Protection Regulation (GDPR)
Health Information Portability and Accountability Act (HIPAA)
Privacy Act of 1974 (as amended)

NIST Cybersecurity Framework

Align customer systems and processes to the NIST Cybersecurity Framework.  Analyze existing security processes and procedures, as well as develop new security policies and procedures that align with the framework; conduct security assessment to determine system compliance with the 15 security categories within the framework and document the assessment results in a Security Assessment Report or other customer requested format.

NIST SP 800-171/800-171A Controlled Unclassified Information (CUI) Programs

Conduct initial gap assessment, prepare Security Plan, assist in developing Plans of Action, conduct required ongoing CUI security assessments using SphereCom-developed models based on NIST SP 800-171A test cases and procedures to assist Government contractors in meeting the requirements of NIST SP 800-171.

Federal Information Security Modernization Act (FISMA)

Perform NIST SP 800-53 security gap assessment, develop full FISMA security documentation package, analyze vulnerability scans, and provide security Assessment and Authorization (A&A) support to assist customers in achieving FISMA compliance.

Federal Risk and Authorization Management Program (FedRAMP)

Provide general consulting on the FedRAMP process, perform FedRAMP Gap Assessment and Readiness Review, prepare FedRAMP Joint Authorization Board (JAB) presentations, develop FedRAMP Agency Authorization package, analyze vulnerability scanning results, conduct 3PAO audit rehearsals and provide security support during and after the 3PAO audit to assist Cloud-Service Providers in achieving FedRAMP authorization. 

Department of Defense (DoD) Risk Management Framework (RMF)

Assist DoD Agencies and contractors with the implementation of the DoD RMF.  Develop complete suite of security policies as required by CNSS Instruction No. 1253, support security assessment and authorization activities for DoD systems in accordance with the DoD RMF, and prepare DoD and contractor organizations for Command Cyber Readiness Inspections (CCRI).

International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) ISO 27001/27003

Create, document and assist in the implementation of ISO/IEC 27001 complaint Information Security Management Systems (ISMS).  Conduct initial ISO 27001 gap assessment using SphereCom-developed assessment models; develop ISMS policies, procedures, risk assessment and treatment processes and other documentation required by ISO/IEC 27001; incorporate ISO/IEC 27001 into other customer security programs (e.g., FISMA, FedRAMP, NIST Cybersecurity Framework); and prepare the customer for ISO certification audit.
 

European Union (EU) General Data Protection Regulation (GDPR)

Conduct GDPR gap assessments of systems and data centers, develop security policies to mitigate GDPR security findings, document results and brief customer executive management on the business risks associated with GDPR to assist customers in satisfying the security and privacy requirements of the GDPR.      

Health Information Portability and Accountability Act (HIPAA)

Work with customers to create processes and implement system security and privacy controls to meet the requirements for protecting Personal Health Information in accordance with the HIPPA Security Rule and the HIPPA Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”).  Conduct risk analysis to evaluate the likelihood and impact of potential risks to electronic PHI records and document the customer’s chosen security measures and, where required, the rationale for adopting those measures.

Privacy Act of 1974 (as amended)

Conduct and Document Privacy Threshold Analyses (PTA) and Privacy Impact Assessments (PIA) to ensure protection of Personally Identifiable Information (PII) in accordance with the Privacy Act of 1974 (5 U.S.C.A. 552a, as amended), Office of Management and Budget (OPM) guidance, and other Government-specified requirements (e.g., FISMA, FedRAMP, Agency-specific guidance).