Compliance

Nomic is
your partner
in compliance.

Nomic Networks can play an essential role in the ever-changing world of network security compliance. Here are a few examples of current frameworks, laws, and guidelines, and how Nomic can help you comply.

An accessible cybersecurity framework

CIS Controls

The Center for Internet Security – managers of the MS-ISAC – have published a “prioritized set of actions” to protect “organizations and data from known cyber attack vectors.” (Their words.)

Through a combination of our managed threat protection and internal visibility tools, Nomic Networks not only checks a lot of the obvious network security CIS Controls boxes ... Our solutions also provide a safety net for organizations as they implement other controls, too.

  • Control #1: Inventory and Control of Enterprise Assets
  • Control #3: Data Protection
  • Control #4: Secure Configuration of Enterprise Assets and Software
  • Control #07: Continuous Vulnerability Management
  • Control #10: Malware Defenses
  • Control #13: Network Monitoring and Defense
  • Control #17: Incident Response Management
federal standards and compliance

NIST CSF and FISMA

The Federal Information Security Management Act (FISMA) requires every federal agency to implement an information security strategy that protects that agency’s “operations and assets”. In turn, the National Institute of Standards and Technology (NIST) has created the standards and guidelines that agencies must follow.

Outpost’s Network Cloaking and reporting functions play an important role in meeting several of the NIST Minimum Security Requirements. Here are a few examples:

Access control

Organizations must limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems) and to the types of transactions and functions that authorized users are permitted to exercise.

Audit and Accountability

Organizations must: (i) create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity; and (ii) ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions.

Incidence response

Organizations must: (i) establish an operational incident handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities; and (ii) track, document, and report incidents to appropriate organizational officials and/or authorities.

More on NIST CSF at https://www.nist.gov/cyberframework

Healthcare

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) contains specific guidelines to protect the privacy of individuals’ health information and sets national standards for the security of electronic health records. Nomic Networks helps organizations comply with HIPAA’s ‘Security Management Process’ and ‘Security Incident Procedures’ as a solution to prevent and detect security violations and provide reporting for security incidents.

Read more at the PCI Security Standards Council website: https://www.pcisecuritystandards.org/pci_security/
Credit Card Processing

PCI DSS

As an important piece in the network security puzzle, the Outpost helps organizations comply with PCI requirements by protecting stored credit cardholder data, keeping our signature database up to date, and providing reporting to aid in regular testing of security systems and processes. Our Insight device also lets organizations find infected machines inside their LAN, providing them with a way to monitor the effectiveness of their anti-virus software.

Read more at the PCI Security Standards Council website: https://www.pcisecuritystandards.org/pci_security/
Finance

Sarbanes-Oxley (SOX)

The Sarbanes-Oxley Act (SOX) sets new or enhanced standards for all public company boards, management and public accounting firms. The bill was a reaction to the many corporate financial scandals of the late 1990s and early 2000s, such as Enron, Tyco International, and WorldCom. SOX requires the management of a publicly traded company to demonstrate that it has the proper internal controls in place to protect the organization’s financial information, including the prevention and detection of network security breaches. Of course, this is exactly what Nomic’s systems are designed to do.

Nothing better to do? Want to read the whole bill? Here it is: https://www.congress.gov/bill/107th-congress/house-bill/3763