• Do you have clearly defined roles in the organization in accordance with Section 500.16?
  • If not, we can help you establish your security roles and policies.
• How do these roles interact with each other and affect cybersecurity decisions?
  • You will need to clearly outline the relationship of your security roles as aligned with your organization’s assets and operations.

• What policies does your organization already have in place for maintaining posture and reacting to incidents as required in Section 500.2 Cybersecurity program? 
  • If this area is lacking or outdated, let our cybersecurity experts help!
• Have you conducted a detailed review of your policies for incident response, disaster recovery, network security, data governance, and other areas outlined in Section 500.3 Cybersecurity Policy?
  • Our cybersecurity experts can manage the development of these policies to give you back the time you need to run your business
• Are you prepared to perform a detailed audit of policies and procedures?
  • Our team can take this requirement off your plate.

• How do you track your assets and keep regular inventory? According to the Section 500.13 amendment, “As part of its cybersecurity program, each covered entity shall implement written policies and procedures designed to produce and maintain a complete, accurate and documented asset inventory of the covered entity’s information systems.”
  • We can help you establish an asset inventory process that aligns with the unique needs of your organization as well as meets requirements.
• How do you manage your asset lifecycle?
  • Maintaining and optimizing the security for your assets can change as each enters new stages in the lifecycle. Let us help you identify the stages your assets are in and plan appropriate security measures accordingly to set you up for success in your asset control reports.

Demonstrating compliance to the most recent standards is a significant challenge. The evolving threat landscape results in a growing list of requirements and security policies, placing a significant burden on in-house IT/cyber personnel. In addition to the NYDFS NYCRR 500 regulation, Quanterion Solutions’ professionals are experts in demonstrating compliance to a variety of compliance frameworks, including the following:

• NIST Risk Management Framework (RMF)
• Mission Relevant Terrain – Cyber (MRT-C)
• HIPAA Privacy and Security Rules
• Controlled Unclassified Information (CUI) / Cybersecurity Maturity Model Certification (CMMC)
• NIST CSF for Critical Infrastructure
• Sarbanes-Oxley (SOX)
• Gramm-Leach-Bliley Act (GLBA)
• Family Education Rights and Privacy Act (FERPA)

Leverage our experience to ensure that your organization is compliant, but more importantly that the necessary safeguards are implemented and optimized. Visit our cybersecurity solutions page to learn more.