FRAMEWORKS SUPPORTED

Address over 40 industry-leading compliance frameworks with real time, automated ease.

Ready to Automate Your Compliance Process?

Get Started Now

Automate Compliance with Any Framework

The ASCENT Portal provides the automation and workflow to manage your complete security program. Maintain compliance with any framework of controls – or build your own framework to address your specific governance requirements. Manage one, or multiple frameworks all in one unified, automated platform.

Your Company’s Custom Framework

Build your own custom framework policies and controls. Establish dedicated tasks and milestones to manage compliance in combination with other frameworks or stand alone.

Cloud Control Matrix (CCM)

(Difficulty: 2.2/5)

CCM is a cybersecurity framework of controls for cloud computing. It is aligned with best practices from the Cloud Security Alliance. It is widely considered the de-facto standard for cloud security.

Cybersecurity Maturity Model Certification (CMMC)

(Difficulty: 2/5 - 3.5/5)

The CMMC framework combines various cybersecurity standards and industry best practices. Controls are defined for various maturity levels that range from basic cyber hygiene to advanced.

see the video

Center for Internet Security (CIS) Top 20

(Difficulty: 2/5)
The CIS Top 20 security controls (previously known as SANS Top 20 Critical Security Controls) is a prioritized set of best practices created to stop the most pervasive and dangerous security threats.

Cyber Resilience Review (CRR)

(Difficulty: 2/5)

CRR is a non-technical framework created by the Department of Homeland Security. It is intended to evaluate the operational resilience and cybersecurity practices of organizations.

Cybersecurity Assessment Tool (CAT)

(Difficulty: 3.5/5)

The CAT framework helps institutions identify risks and determine cybersecurity preparedness. Assessments provide institutions the ability to measure preparedness over time.

Federal Financial Institutions Examination Council (FFIEC)

(Difficulty: 3/5)
The FFIEC framework contains controls identified within the IT Booklets published an updated by the FFIEC for financial institutions.

General Data Protection Regulation (GDPR)

(Difficulty: 3/5)
GDPR has been called the toughest privacy and security law in the world. If you perform business activities in the European Union, you likely need to be GDPR compliant to avoid hefty fines.

HIPAA

(Difficulty: 4/5)
HIPAA was created to modernize the flow of healthcare information and stipulate how personally identifiable information maintained by the healthcare industry should be protected.

HIPAA/HITRUST

(Difficulty: 4.5/5)
HITRUST is a framework created by a private alliance of security and privacy industry experts. It includes many aspects of the HIPAA Security Rule, Privacy Rule, and Breach Notification Rule.

ISO 27001

(Difficulty: 2/5)

ISO 27001 is the international standard for information security. If you are starting a new program, or pursuing certifications, start here.

NIST Cyber Security Framework

(Difficulty: 1.5/5)

The NIST CSF is voluntary guidance that is based on existing standards, guidelines, and best practices. It is intended to help organization better manage and reduce security risks.

NIST SP 800-53 (Revision 4 or Revision 5)

(Difficulty: 1.5/5)

This framework provides a list of controls that support the development of resilient and secure federal information systems to maintain confidentiality, integrity, and availability.

NIST SP800-171

(Difficulty: 1.5/5)

This framework has been designed by the National Institute of Standards and Technology to protect Controlled Unclassified Information (CUI) in non-federal systems and organizations.

Payment Card Industry-Data Security Standard (PCI-DSS)

(Difficulty: 3/5)

The PCI-DSS framework of controls is for organizations that handle credit cards from the major payment card brands. Controls are mandated by the card brands and administered by the PCI Council.

Introduction to CMMC Compliance

0+
Frameworks
0
Day to ROI
0
Pre-built Policies
0
Artifacts Collected

Manage Security and Compliance End-to-End

ASCENT Portal delivers the tools and automation to persistently manage your security and compliance program across the complete control lifecycle.

Readiness Assessment

Assessment questionnaires are pre-populated with all required controls.

Real-Time Dashboards

Status is updated in real-time as tasks are completed or become overdue.

Compliance Calendar

Required tasks are pre-scheduled throughout the year – every control is addressed.

Control Library

Artifacts uploaded as evidence are placed in control library for export or read-only auditor access.

Task Management

Automated task reminder emails. Tasks can be exported for planning.

Artifact Examples

Artifacts examples and evidence templates provided for every control.

Remediation Requirements

Recommended remediation requirements are included for each in-scope control.

Policies, Plans, Procedures

Templates are included and can be tailored to meet the specific needs of your organization.

Correction Action Plans

CAP/POA&M templates are available to drive remediation activities and tracking.

Vendor Management

Due diligence questionnaires and reports. All information housed within the Portal.

Awareness Training

Easy management of annual, new hire, and role-based training, including reporting.

Reporting

Automatic weekly status reports and on-demand full security assessment reports.