COMPLIANCE MAPPING SUBSCRIPTION

Allgress's Compliance Mapping Subscription service eliminates time-consuming and costly compliance mapping efforts...

CHALLENGE

  • Reduce organizational business risk exposure, operational burden, and provide executive teams and boards with a holistic view of the organization’s compliance posture

  • Minimize time-consuming and costly compliance mapping efforts

  • Regulatory compliance management is a moving target

  • Current service offerings are very manually intensive and expensive

  • Lack of knowledge of how compliance to one standard maps to the compliance of others

  • Difficulty in keeping up-to-date with the frequency of regulation changes and how those changes affect existing manual mappings

SOLUTION

  • New mappings as they become available

  • Access to in-house regulatory GRC subject matter experts

  • Complete access to over 200+ ready to use compliance mappings content library

  • Easily edit available compliance mappings to meet your organization’s global requirements

  • Professional services available to customize existing or create new compliance mappings

  • Proactive notifications of Regulatory Changes that are due for release or have been enacted by Regulatory Bodies

BENEFITS

  • Centralize the requirements and documentation of mapped controls

  • Quickly showcase your organization's adherence to standards across the business

  • Reduce the time and cost to comply with new compliance requirements and standards

  • Focus expensive expert resources on reducing other IT risks

  • Identify gaps across all department and business unit in less time with less complexity

  • Provides a strong and verifiable control environment

MAPPING LIBRARY CONTENTS

All Allgress users have access to a default set of the most common standards and mappings:

  • HIPAA Audit Protocol

  • ISO 27001

  • ISO 27001 with Annex

  • ISO 27002

  • NIST 800-53 rev 4

  • NIST Cybersecurity Framework

  • PCI DSS v.3.2.1

  • SOC2 Audit - Common Criteria

  • BSI Cloud Compliance (C5)

  • Criminal Justice Information Services 5.7

  • Cybersecurity Framework - Executive Order 13636

  • Department of Corrections and Rehabilitation

  • FedRAMP R4 Moderate with DISA-SRG-V1R2

  • FedRAMP-Rev-4-Baseline-Workbook-with-DISA-SRG-V1R2-High

  • FedRAMP-Rev-4-Baseline-Workbook-with-DISA-SRG-V1R2-Low

  • FedRAMP-Rev-4-Baseline-Workbook-with-DISA-SRG-V1R2-Moderate

  • Global Data Protection Regulation (GDPR)

THE COMPLIANCE MAPPING SUBSCRIPTION service provides access to all the standards and mappings above, in addition to 300+ one-to-one mappings between the following standards:

  • Human Asset Risk Assessment

  • IEC 80001-1

  • Incident Investigation Framework

  • IRS 1075 Security and Privacy Controls

  • ISO 13485:2016

  • ISO 27017:2015

  • ISO 27018

  • ISO 27019:2018

  • ISO/IEC 40500:2012

  • NIST 800-171

  • NIST 800-190

  • NIST 800-53 rev 4-Baseline

  • NIST 800-66

  • NIST 800-97

  • OWASP 2013

  • PCI DSS v3.1

  • PCI DSS v2.0

  • PCI DSS ROC 3.2.1

  • SAM 5300

  • SANS Critical Security Controls

  • SIG 7.0 2014

  • SOC2 (Service Organization Control) March 2017

  • SOC2 Criteria Common to All [Security, Availability, Processing Integrity, and Confidentiality] Principles

  • SOC2 Trust Service Criteria

  • SOXIT

  • SSAE 16

  • The Standard of Good Practice for Information Security

  • Australian Signals Directorate Targeted Cyber Intrusions  Mitigation Details

  • California Consumer Privacy Act of 2018

  • California Consumer Privacy Act Step by Step

  • CA Privacy ACT

  • CATO

  • CIS Benchmark_1.2.0

  • CIS Controls Version 7

  • CLETS (PPP)

  • Cloud Controls Matrix v3.0.1

  • Cobit 5

  • Committee of Sponsoring Organizations of the Treadway Commission (COSO)

  • Consensus Assessments Initiative Ver 2

  • Criminal Justice Information Services (CJIS) 5.4

  • Critical Security Controls Version 6.0

  • DOM Full Version 1-49

  • EHNAC v1.3

  • Global Data Protection Regulation (GDPR) Checklist

  • Health and Safety Code - HSC

  • Higher Education Cloud Vendor Assessment Tool

  • HIPAA Security and Privacy Rule

  • HIPAA Subpart C

  • HIPAA Subpart D

  • HIPAA Subpart E

  • HITECH Act

  • HiTrust CSF v7

  • HiTrust_CSF_V_8.1_Feb_2017

Allgress’s Compliance Mapping Subscription Service allowed us to gain a rapid understanding of compliance levels across multiple standards. This service has saved the company a great deal of time and money.

My leadership is extremely pleased with the results we’ve achieved in such a short amount of time and the response to our work from others in the company interested in cross-compliance has been overwhelming.

Allgress rocks!
Marie Nellist, MSIS, CISSP
Snr. GRC Software Engineer, Cisco