Cybersecurity Compliance

More than just a checklist, our clients work with us to implement compliance frameworks, measurably improve cybersecurity, and decrease cyber risk.

Sera-Brynn’s areas of focus:

Higher Education We are the selected third-party assessor and compliance advisor to large pubic universities.  We invite you to start a discussion with our experts.

FedRAMP Sera-Brynn is an authorized Third Party Assessment Organization (3PAO) for Cloud Service Providers (CSPs) who are or would like to be part of the Federal marketplace. We provide end-to-end support from understanding baselines to assessment and authorization.

NIST SP 800-53 revision 4“Security and Privacy Controls for Federal Information Systems and Organizations.” As the title implies, this framework is intended as a comprehensive guide to securing Federal information systems, but it has applicability in the private sector. Ask us about our 800-53-based Risk Assessments for industry.

NIST SP 800-161 Developed for government organizations, NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, has applicability in the private sector. Sera-Brynn helps defense contractors and others interpret and build 800-161-compliant environments.

NIST SP 800-171 Developed for non-government organizations, NIST SP 800-171 and supporting documents focus on protecting the confidentiality of sensitive information. Required for DFARS and expected for FARS, NIST SP 800-171 is rapidly becoming the industry standard baseline for cyber risk management. From interpretation to application, Sera-Brynn helps our clients use NIST SP 800-171 to mitigate cyber risk.

FAR and DFARS Doing business with the U.S. Government? Cyber acquisition clauses including Federal Acquisition Regulation 52.204-21 and Defense Federal Acquisition Regulation Supplement 252.204-7012 requires cyber security and incident reporting requirements. Sera-Brynn is a recognized expert with clients across all sectors including manufacturing, research, and services.

GDPR ComplianceThe European Union’s General Data Protection Regulation (GDPR) has global reach and imposes penalties on companies that fail to manage protected information. If you do business in the EU, or maintain data on EU citizens, Sera-Brynn can help with GDPR compliance.

23 NYCRR 500 Financial services companies regulated by the New York State Department of Financial Services must comply with the cybersecurity requirements of 23 NYCRR 500. Vendor management, internal responsibilities, policies, and defensive infrastructure are key. Sera-Brynn offers audit support and full-service Fractional Chief Information Security Officer services.

PCI ComplianceRetail merchants, regardless of size, must comply with the Payment Card Industry’s Data Security Standards (DSS). If your business needs help with PCI, use a Qualified Security Assessor (QSA) company. Sera-Brynn’s experienced assessors help you identify and reduce scope, document control implementation, and validate compliance with the DSS.

GLBA ComplianceGLBA applies to a broad range of financial institutions such as, but not limited to, banks, securities firms, insurance companies, and accounting firms. Non-compliance penalties can be as high as $100,000 per violation. Sera-Brynn can help ensure your financial institution is in full compliance.

FISMA Compliance FISMA requires that Federal agencies comply with guidelines for IT systems security. Failing a FISMA inspection may result in increased oversight from the next organizationally higher agency, negative publicity, and it leaves the failing agency vulnerable to data breaches. Sera-Brynn has the experience required to achieve FISMA compliance is ready to help your agency in the most cost effective manner possible.

SOC 2 ReadinessSera-Brynn prepares organizations for their formal Service Organization Control (SOC) 2 audit based on the Trust Services Criteria – security, availability, processing integrity, confidentiality, and privacy. SOC 2 is an internationally-recognized standard developed by the American Institute of Certified Public Accountants (AICPA) that focuses on non-financial reporting controls in service based organizations.