Security and Compliance Audits

Trusted by Leading Government Agencies - HHS, CMS, DOD, DHS, State and Local Governments

IT Compliance and Regulatory Compliance is one of the greatest challenges faced by organizations today.

Observing IT Security and Regulatory compliance is a requisite for every organization. Sensitive enterprise data is always at a risk of being compromised; therefore it has become a mandate to secure sensitive information by establishing network security processes and meeting the guidelines of regulatory bodies. Compliance standards such as NIST 800-53, PCI DSS , FISMA, GLBA, SOX, STIG and HIPAA require organizations to secure their networks, harden servers and desktop computers thus ensuring a high levels of security for their confidential enterprise assets and provide network compliance audit reports to auditors when demanded.

It is critical for organizations to observe the regulatory compliance audit guidelines since being non-compliant to the security and regulatory standards can result in severe penalties or loss of an ATO (Authority to Operate). To meet all security and compliance requirements, organizations are required to take proactive measures to establish network security processes for detecting network anomalies, attacks and other vulnerabilities that can cause harm to the sensitive information of the enterprise.

MIS can perform audits that meet multiple industry requirements. View the list of compliance levels.


Audit Baseline:

The minimum baseline for all audits is NIST 800-53 Revision 4 - Recommended Security Controls for Federal Information Systems and Organizations. This is the framework used for providing "gap analysis" on all systems, from point of entry to the keyboard. This includes:

  • The network infrastructure and related appliances

  • Servers and related components

  • Desktop and related components

  • Policies and procedures


Details:

Audits and Gap Analysis can be performed on-site, remotely, or a combination of both. The typical process will take three to five days to complete depending on the audit level required. The process will include:

  • Meet with the stakeholders to determine what level of auditing is required and set the expectations.

  • Review policies and procedures

  • Perform security and compliance audits

  • Analyze the audit results and prepare the necessary reports and recommendations

  • Meet with the stakeholders and review the audit results and recommendations

  • Prepare a after-action report identifying all issue with recommendations to mitigate any negative findings

  • Work with the client to prepare and implement a mitigation strategy

  • Reexamine the areas that required mitigation to ensure compliance

  • Prepare final report