Vestige and McGuireWoods law firm are presenting to the SAME BOSTON POST on October 3. Topic: What to Know Before the CMMC Auditor Arrives.



Your CyberSecurity Assessments Resource

Jump To

It starts with clarity

Over the years Vestige has watched organizations struggle with their cybersecurity.  Let’s face it, every organization is playing a cat-and-mouse game with bad actors that seek to do harm to an organization.  It almost seems like an endless set of choices that can be made when approaching your cybersecurity.  Where to start?  And then where do you spend your precious resources – time, labor, and dollars?  Having a plan ensures that you can answer these crucial questions.

A critical first-step to a proactive cyber defense strategy is performing an Assessment of your digital environment.

Vestige offers numerous types of assessments to locate security gaps that impact your environment.  While varying in the motivation and specifics for these assessments, the ultimate goal is to provide a baseline and a meaningful plan of attack so that you gain the clarity you need to attack the organization’s cybersecurity in the most robust, economical and impactful manner.

Vestige’s Cybersecurity Assessments include:

CyberReadiness Assessments:

  • Pre-Certification & Readiness Compliance Assessments
  • Risk Mapping
  • Compliance Audits –
    • CMMC – Cybersecurity Maturity Model Certification
    • PCI DSS – Payment Card Industry  Data Security Standard
      Set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
    • HIPAA – Health Insurance Portability and Accountability Act (health industry patient privacy)
    • GLBA – Gramm-Leach-Bliley Act  (financial institutions)
    • SOX –  Sarbanes-Oxley Act
      The Sarbanes-Oxley Act of 2002 is a law the U.S. Congress passed to help protect investors from fraudulent financial reporting by corporations. Also known as the SOX Act of 2002, it mandated strict reforms to existing securities regulations and imposed tough new penalties on lawbreakers. Applies to the U.S. Stock exchange.
    • SOC2 / SSAE18 – Service Organization Control 2, reports on various organizational controls related to security, availability, processing integrity, confidentiality or privacy.   /   Statement on Standards for Attestation Engagements 18, or SSAE 18, is a standard that auditors can use to review the controls of technology vendors and other service providers so that businesses using those vendors can be confident that the vendors’ controls-particularly those related to cybersecurity-won’t pose a risk to your own business.

Technical Assessments:

Contact Vestige today to discuss Assessment options for your organization.


A quote icon
That work you did for us - that guy ended up pleading guilty to criminal charges including arson and insurance fraud. So that's a pretty good deal. Thanks for your help. Vestige did an outstanding job!
Bruce Shuck Investigator (retired), Westfield Group Insurance, Parkersburg, WV

Related White Papers