720-891-1663
CYBERCECURITY
NIST CYBERSECURITY 2.0 PROGRAM AND CERTIFICATION
PROGRAM BASED ON NIST CYBERSECURITY 2.0 FRAMEWORK (CSF)

Our comprehensive NIST CSF 2.0 compliant program is the defacto U.S. standard for all companies that do not have to meet DoD CMMC requirements. This program protects your company and helps you meet all responsibilities for protecting company data. The certification for this program are provided by Turnkey Cybersecurity and Privacy Solutions LLC. More information below.

Our fixed-price, turnkey NIST CSF 2.0 program with optional certifications are designed for companies with 1-250 staff.

All programs will fully align your company with the NIST CSF 2.0 and other applicable regulations. Our program starts with the basics and by the time you complete it, you will have a complete and professional cybersecurity program that is fully compliant with the NIST CSF.

NIST cybersecurity certification matrix HERE.

All fixed-price turnkey NIST CSF 2.0 programs include:

  • Initial and pre-certification cybersecurity risk assessments
  • System Security Plan (SSP)
  • Plan of Action with Milestones (PoAM)
  • Detailed custom mitigation steps
  • NIST CSF policies and procedures
  • Incident response, disaster recovery-business continuity, vendor cyber risk management, and work-from-home programs
  • Inventories, forms, documentation
  • Cybersecurity and privacy training including phishing platform
  • Pre-agreed number of hours of proactive and reactive technical and program support

NIST CSF Certification. We are the first company to offer NIST CSF certification as part of our fixed-price programs. Unlike the CMMC program, NIST or other governing bodies do not offer official certifications of cybersecurity readiness. However, TCPS provides this certification option. We model our certification processes based on the established CMMC AB process and the NIST CSF.

Go HERE to see how we align our certification levels with the NIST CSF requirements. Please call us for more information.

NIST CSF Program Components

We train company leaders and staff on both the strategic and detailed levels of your cybersecurity and privacy programs. Both are required to correctly govern your programs and manage risk. We provide tools and processes designed to help you govern and document your cybersecurity and privacy programs in accordance with the NIST Cybersecurity and Privacy Frameworks and other applicable regulations for your business. We provide the only comprehensive, turnkey solution to address this type of issue for your sized company. All activities and progress are correctly documented and managed. The price you pay includes our direct reactive and pro-active support for one year from a dedicated Chief Information Security Officer (CISO), a Technical Engineer, and a Customer Success Manager. This team and you use our proprietary, shared, secured Google tool to monitor, manage and document your programs.

You can't fix it unless you know what is broken. We provide you with our highest level NIST Cybersecurity and Privacy Framework risk assessment. You will fill it out. Our Chief Information Security Officer (CISO) reviews it and asks you additional questions. We perform various external technical tests against your network - just like a hacker would - except we don't break in. When done, we provide you with a detailed written report including prioritized recommendations for fixing problems and mitigating risks. We are available to discuss and support your next steps. This report has both a concise executive summary with all high-level findings and detailed technical reports for IT and other staff to follow up on.

Level 3 provides you with various cybersecurity and privacy options. For larger enterprises that can absorb the highest level policies...we have spent years building the industry standard. These policies establish complete control over the organization's response to cybersecurity and privacy. For companies that want to work into the concept of a policy-driven program...we also provide our Level 2 policy package which is not as comprehensive...and easier to deploy. Level 2 policies are a nice stepping stone towards enterprise-level policies and procedures. All our policies comply with the NIST CSF and NIST PF, and the regulations discussed in # 1 above.

Security awareness training is critical. We supply you with a wide range of professional training materials, including on-demand videos and webinars covering many subjects including phishing and ransomware. Your training includes full access to the best phishing simulator available for you and your staff. You also get access to Mitch's nationally recognized blog, weekly newsletter, and client alerts. On-going, continuous cybersecurity and privacy information is a regulatory requirement--especially for larger enterprises.  We support and monitor your progress as you build and deploy your first line of defense via security awareness training.

We provide you with policies, procedures, and processes to on-board, train, and off-board personnel in a manner that reduces risk and exposure for the HR department and the organization. This component of your program works hand-in-hand with security awareness training to bolster your first line of defense - your people.

It is critical that your company's IT infrastructure is correctly and professionally "hardened" and made more difficult to attack. All IT teams need support in understanding the full scope of this effort and how to document the processes required. We'll start by helping you fully inventory your hardware and software assets and then we'll lead you through a process of methodically and carefully making those assets MUCH more difficult to attack. Additionally, we look at your IT infrastructure architecture and help you identify your critical data and make sure it is backed it up in a professional and correct manner. This hardening process is monitored and supported by our technical engineers.

At Level 3, we up the game with respect to your Vendor Cyber Risk Management Program. We provide the policies, procedures, tools and support required for you to inventory and control vendors who may have access to your data. Every time you connect and IoT device such as printers, cameras, smart TVs, etc., you are adding new vendors who have access to your network and data. Our program helps you control this risk.

If you have an incident or a breach, you must know what to do--IMMEDIATELY. There can be no response delay while you try to figure things out. We help you set up your incident response and disaster recovery programs and prepare for the breach the we hope never comes. Larger enterprises need a more comprehensive Incident Response Program and our L3 program provides that. If you experience a breach, follow the program we have helped you to build and the damage should be minimized. 

Privacy and cybersecurity are joined at the hip. They are both about protecting data. We help you address privacy issues up front. It's a big risk not to address privacy in today's world. We provide your business with what it needs to show the world you are not asleep at the wheel when it comes to privacy. Our program includes a company privacy policy, a website privacy policy, training and more.

The low price you pay for our L3 - Larger Business Program includes 50 hours of proactive and reactive technical and program support. Most companies only provide reactive support, i.e. they wait for you to contact them requesting support. We provide reactive support as well, but we also provide proactive support. We monitor your progress and look for issues. When we see something we ping you about it. We support you as you build a professional program. Additional hours are optional and available for an additional charge.

If you take your responsibilities seriously about building your cybersecurity and privacy program and you accomplish all aspects of the program successfully, we will certify your efforts and give you a certification image you can put on your website. Click on the TCPS certification image below to see what information is presented to interested customers, partners, and others about your commitment to cybersecurity and privacy.

Six (6) third-party cybersecurity technical products/tools are provided with Level 3 TCPS Cybersecurity & Privacy Programs. This is because larger companies with more staff and more complex IT environments require more advanced protection.

NOTE: We are vendor assessment specialists. One of the biggest problems facing companies is how to vet and screen third-party technical products. We have reviewed the products below for suitability for companies of your size. Note that we are resellers for these products and make a small amount of money on any sales to you which include these products. The price we charge you is the same price as charged by the companies that produce these products. There is no advantage to buying the product directly from the company and the disadvantage is that you lose our expertise with the product and the benefit of our leverage with the company should there be an issue with their product or support.

The price for Level 3 third-party technical products is automatically calculated by our Recommendation Wizard based upon the number of staff (users) you have provided and the product subscription level that we recommend. Note that you can adjust the number of staff/users/seats that you require in our Recommendation Wizard, and the price for your program will be automatically adjusted. Also, you have the option of removing any one or more 3rd party technical products from the recommended program, and the program price will be automatically adjusted to reflect that change.

The six products we automatically recommend for Level 3 customers include:

  • Know-Be-4 (KB4) Security Awareness Training program (Silver Level): Security awareness training is not an option. Without it, you do not have a professional program. The Silver Level of KB4 provides training content (in addition to what we provide you with) and the full phishing platform which allows you to train your staff on identifying fraudulent emails.
  • Crash Plan Backup: Backing up crtical data is the foundation of any disaster recovery and business continuity program. We provide you with basic, easy, continuous cloud backup protection for all servers.
  • Web Root Endpoint Protection: For the office and remote workers, protecting the endpoint computers is a key piece of your security strategy. We have vetted Webroot as an essential malware and threat detection tool as part of your program.
  • LastPass (Logmein): Access control and password protection are two central requirements for any cybersecurity program. LastPass simply and securely connects employees to to their work while maintaining complete visiability and control.
  • Barracuda Email Protection: Email communications must be secure. We have partnered with the premier email protection partner that will enable secure communications for your organization.
  • CCleaner: Clean and optimize endpoint computers with this powerful product. Helps machines run better, boosts security and supports compliance.

 

Deeper Dive Into Our NIST Cybersecurity Program

Turnkey Cybersecurity and Privacy Solutions, LLC partners Ray Hutchins and Mitch Tanenbaum go a bit deeper to explain how their unique NIST cybersecurity and privacy certification program reduces risk and increases your company's value. In today's world, few companies can operate without a professional, turnkey program.