CNS Mosaic COMPLY&SECURE Service can be tailored to meet and maintain compliance to a number of standards.
CNS Group have created a bespoke set of Service Level Agreement and Operational Level Agreements, for each service module, to meet the specific mandatory and recommended requirements for the following standards:
PSN (Public Services Network)
HMG (Cloud Security Principles)
HMG (Baseline Control Set (DETER) State)
CPNI Critical Security Controls
SEC OCIE Cyber Security Initiative
(SANS) Top20 Critical Security Controls
CESG GPG13 Protective Monitoring
For COMPLY & SECURE clients specific assistance is given regarding their chosen compliance regimes. CNS provides specialist information assurance, InfoSec & Solution based consultancy services. Through access to CNS Group specialist teams, customers are able to cover their basic need for expert advice and assistance in meeting Governance, Risk and Compliance, Threat Protection, Threat Mitigation and Solution Management requirements. This enables bridging the gap between IT Security, Information Security and Risk Management. This comes in the form of:
- Assistance and advice back to compliance in the event of a failure
- Evidence for 3rd Party Auditors of all Compliance Status, tasks and remediation
- Single platform for the collation of relevant compliance data
- Single interface for viewing real-time IT Security Compliance Status
Compliance as a Service: the complete service is delivered by one knowledgeable and expert company. A CNS consultant scopes the customer compliance needs and offers best practice guidance for the managed service, alerts and responce to events.
A CNS consultant visits post event to review and audit events and current security posture – looking for evidence of trends, helping with remediation and conducting a deep dive into incident causes.
Compliance against your baseline:
whether it is PCI-DSS, GPG-13 or other mandates, the service operates against your baseline, explicitly monitoring the events that affect your compliance mandate.
The service can be extended and tweaked to monitor and alert on a range of events that can be specific to your infrastructure and can be extended into security and network monitoring.
Reduced Cost of Compliance:
Our CNS consultants know from experience how to design infrastructures and monitor them so that time and effort involved in implementing a solution is drastically reduced, allowing the local IT team to focus on additional activities.
Low upfront capital expense:
we call this Compliance-as-a-Service. The service provides all the hardware, software and activities necessary to implement compliance monitoring and response.
Improved Business Continuity:
many compliance events are security events and implementing compliance monitoring improves our clients security posture and business continuity
Lifecycle compliance monitoring:
Compliance should not be an annual one-off event it should be measured and monitored 24x7x365. The service delivers full life-cycle compliance monitoring of your infrastructure.
Centralised management portal:
authorised client contacts can access a central portal to inspect logs, view rules and run reports against the event catalogue and selected devices.
there is no need to maintain a 24x7x365 IT response team in a NOC or SOC environment, CNS is performing this activity for you