IT Assessments & Compliance
Gain An Accurate Understanding And Find The Gaps
To be able to invest the most efficiently in new technologies, you need an unbiased view of the current environment. An outside assessment can reveal security vulnerabilities and less than ideal configurations. When Corserva performs a technology assessment, you gain an actionable to-do list of where improvements can be made to align the business with industry best practices and meet compliance objectives.
Corserva offers NIST assessments for US defense suppliers and subcontractors who need to comply with the NIST 800-171 mandate. To be eligible to participate in DoD contracts, suppliers provide evidence of compliance with NIST 800-171 to the subcontractor or prime contractor with whom they are working. This evidence can include formal documents such as System Security Plans (SSP) and Plans of Actions with Milestones (POA&M).
In addition to performing NIST assessments, Corserva can create the required documents for the supplier and perform any required remediation identified during an assessment
The Cybersecurity Maturity Model Certification (CMMC) is a unified cybersecurity standard created to increase the security posture of companies operating in government supply chains. The Department of Defense is gradually transitioning from the NIST 800-171 mandate to the CMMC framework. Corserva is a CMMC-AB Registered Provider Organization™ (RPO) and we are listed on the CMMC-AB Marketplace.
As an RPO, Corserva is authorized by the CMMC-AB to provide pre-assessment consulting services to government contractors and other Organizations Seeking Certification (OSC).
Corserva’s IT network assessment provides a complete view of the entire IT environment including all devices that are connected to the network (servers, switches, firewalls, routers, printers, end-user devices, etc.). The analysis generates profiles of each device on the network including the hardware components, operating systems and patch levels, applications and associated licenses, current antivirus, signature update status, and warranty/support status. Additionally, the analysis identifies open ports that should be closed. Benefits include:
- A complete mapping of physical and logical topologies
- Profiles of every device on the network
- IP addresses currently in use and which devices are using them
- Information on every connection in the network
Penetration testing can validate assumptions that all data is secure and the network cannot be hacked. Whereas the Network Assessment is analyzing your network and providing resulting to-do lists of areas to address, penetration testing is the act of purposely trying to break into the network or access data. A successful round of penetration testing will tell you that your network is truly secure.
Due to changing needs, your business may have outgrown its wireless infrastructure. In today’s working environment, your employees are carrying multiple devices and may be spending considerable time away from their desks. You need a robust wireless infrastructure to provide strong WiFi throughout your building or campus for staff and customers. A wireless assessment from Corserva provides deep insights into the most optimal means to improve your wireless network, customized for your specific environment.
After the wireless assessment, we can design a new or supplemental wireless infrastructure to provide you with enterprise-quality WiFi throughout your building or campus.
Virtualization can be a way to stretch your IT investment. But your virtualization architecture needs to be planned carefully, which can prove difficult, especially as the needs of the organization evolve over time.
For companies that have deployed large numbers of virtual servers, or who want to prepare for virtualization projects, a virtualization assessment creates a strong foundation of where you are now. The assessment identifies virtual machines (VM) and their configurations as well as VM “sprawl,” which can be created by the constant addition of new VMs without the elimination of unused VMs. This assessment provides an accurate view of the workload support required for new or expanded virtual environments.
Data Protection Assessments
Companies continue to store and manage increasing amounts of data about customers, vendors, employees, and other proprietary information. This data must be kept confidential and there are multiple data privacy regulations to which companies must adhere including GDPR, HIPAA, PCI DSS, CCPA, NYCRR, and CMR.
Corserva’s data protection assessments identify potential risks to personal information and business operations associated with a company’s policies and procedures. The methods of data storage (onsite, cloud, remote) are analyzed for security, data archiving, and accessibility.
After the assessment, you will have an understanding of what process changes and technology changes should be made to protect data.
The Payment Card Industry Data Security Standard (PCI DSS) requires companies that store, process, or transmit credit card information to protect that information to reduce credit card fraud. Corserva’s PCI DSS Assessment checks to see if your company is storing data in a way that meets the requirements of this information standard in the areas of security, data archiving, and accessibility. Methods of all types of data storage are analyzed including onsite, cloud, and remote.
Microsoft 365 Assessments
Microsoft 365 includes leading-edge security capabilities that can protect your business. But as with any platform, it must be configured correctly to derive maximum value. Corserva’s assessments for Microsoft 365 and Office 365 evaluate your configuration for security and optimization. As part of the assessment, Corserva performs the following activities:
- Data protection baseline: Implement baseline technical, procedural, and people controls to protect your data.
- IT risk management: Assess and monitor risks in Microsoft 365 and Intune.
- Regulatory compliance: Assess and maintain controls for data protection regulations (NIST, ISO, HIPAA, GDPR, CCPA, etc.).