Have your own custom, internally developed framework of security controls? Great! We will develop a dedicated Security Assessment and supporting security program documentation that is specific to your organization’s security controls.

The ASCENT Certified Security Program (CSP) is the perfect security framework of controls for organizations that are not required to comply with a specific regulatory framework, but still need to maintain an effective Security Program for reducing risks and protecting the confidentiality, integrity, and availability of information, assets, and systems.

The Cloud Control Matrix (CCM) is a framework of cybersecurity controls for cloud computing. CCM is aligned with best practices from the Cloud Security Alliance. It is widely considered the de-facto standard for cloud security.

CIS Controls (previously known as SANS Top 20 Critical Security Controls) is a prioritized set of security best practices created by the Center for Internet Security to stop the most pervasive and dangerous security threats.

CRR is a non-technical framework created by the Department of Homeland Security. It is intended to evaluate the operational resilience and cybersecurity practices of organizations.

The CMMC 2.0 framework consists of NIST Special Publication controls designed to provide security best practices for DoD contractors and the Defense Industrial Base (DIB).  All CMMC 2.0 control requirements are addresses within the ASCENT Portal.

The Education and Academia control framework developed by ASCENT contains controls that are appropriate to maintain secure systems, secure operations, secure data, and a secure future for all education and academia organizations.

FedRAMP was established to provide a cost-effective, risk-based approach for the US federal government to adopt and use cloud services. FedRAMP empowers agencies to use cloud technologies, with a focus on securing and protecting federal information assets.

The Cybersecurity Assessment Tool (CAT) helps financial institutions identify risks and determine cybersecurity preparedness. CAT assessments provide institutions the ability to measure performance and maturity of their security program over time.

The FFIEC control framework consists of security program requirements defined within the IT Examination Handbooks published and updated to provide requirements for financial institutions.

GDPR has been called the toughest privacy and security law in the world. If you perform business activities in the Europeans Union, you will likely need to be GDPR compliant to avoid hefty fines.

HIPAA was created to modernize the flow of healthcare information and stipulate how protected health information maintained by the healthcare industry should be protected.

HITRUST is a framework of security controls created by a private alliance of security and privacy industry experts. It includes many aspects of the HIPAA Security Rule, Privacy Rule, and Breach Notification Rule.

ISO 27001 is the international standard for information security, published by the International Organization for Standardization. This framework enables organization of any kind to manage the security of information assets.

The NIST CSF control framework is voluntary guidance that is based on existing standards, guidelines, and security best practices. It is intended to help organization better manage and reduce security risks.

This framework provides a list of controls that support the development of resilient and secure federal information systems to maintain the confidentiality, integrity, and availability of information assets.

This framework has been designed by the National Institute of Standards and Technology to protect Controlled Unclassified Information (CUI) in non-federal organizations and information systems.

Service Organization Control (SOC) 2 is a set of compliance requirements and auditing processes. It was developed to help organizations determine whether their business partners, vendors, and suppliers can securely manage data and protect the security of their clients.

The PCI-DSS framework of controls is for organizations that handle credit cards from the major payment card brands. Controls are mandated by the card brands and administered by the PCI Council.

Don’t see your framework here? While we have highlighted our most commonly used control frameworks, dozens more are available. All have the same ASCENT Portal Functionality.