Cyber Risk Management and Compliance Services
COACT is an Accredited FedRAMP 3PAO and is authorized to perform security assessments for cloud service providers (CSP) seeking FedRAMP Authorization to Operate.
COACT’s security and risk management consultants have proven expertise in helping U.S. federal agencies comply with FISMA and improve their security posture. Whether your agency requires assistance in setting up an security authorization program, enhancing an established program, authorizing new information systems, or assessing the security of existing authorization packages, COACT can help.
Organizations providing goods or services to the Federal government are now required by the DFARS to provide evidence that they appropriately safeguard Covered Defense Information (CDI) and Controlled Unclassified Information (CUI). Furthermore, any organization that handles, receives, stores or processes CUI must implement the same safeguards as DoD contractors. NIST SP 800-171 guides organizations in how to implement safeguards to protect CUI and CDI in a compliant manner.
The Department of Defense has updated the DoD 8500 series to mandate alignment with the NIST Risk Management Framework. The Joint Task Force JTF Transformation Initiative Interagency Working Group (i.e. DoD, ODNI, NIST, and CNSS) is leading this effort to establish a more unified security and compliance framework to improve security and risk management processes. Many DoD agencies and systems have yet to complete the transition, and could benefit from advisory services.
Your organization may meet the administrative and physical controls required to safeguard PHI. Are you confident that your organization meets the rigorous technical requirements?
The COACT risk management and compliance services for the private industry were established to allow commercial entities to take advantage of the same information security and assurance processes used by Federal agencies and leading companies around the world. As part of our service offering, COACT can support your compliance needs in meeting the requirements of the Health Information Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Defense Federal Acquisition Regulation Supplement (DFARS) 252.242-7012, and other frameworks and regulations.