Most entities in government, industry and education have specific security frameworks that they are required to assess their cyber security maturity against. Very few firms in the cyber security, privacy, and regulatory compliance consulting field have the 3 decades-long experience that JANUS has. Our subject matter experts have engaged with virtually every type of organization, testing against well over two dozen recognized frameworks, and this number continues to grow.

The list below is a representative sample of the frameworks that JANUS has expertise in. If the framework you assess against is not on the list, contact us. Chances are we have worked with it.

  • Center for Internet Security (CIS) Controls
  • Consortium for IT Software Quality (CISQ)
  • Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)
  • Capability Maturity Model Integration (CMMI)
  • Control Objectives for Information Technology (COBIT)
  • Committee of Sponsoring Organizations of the Treadway Commission (COSO)
  • Cybersecurity and Infrastructure Security Agency (CISA)
  • Cybersecurity Maturity Model Certification (CMMC)
  • Federal Risk and Authorization Management Program (FedRAMP)
  • Federal Information Security Management Act (FISMA)
  • Family Educational Rights and Privacy Act (FERPA)
  • General Data Protection Regulation (GDPR)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • International Office of Standardization (ISO) 27001, 27002
  • National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF)
  • National Institute of Technologies (NIST) Cybersecurity Framework (CSF)
  • National Institute of Technologies (NIST) Risk Management Framework (RMF)
  • National Institute of Technologies NIST Special Publication Controls 800-53, 800-171
  • New York Department of Financial Services (23 NYCRR 5000)
  • North American Electric Reliability Corporation – Critical Infrastructure Protection (NERC CIP)
  • Open Web Application Security Project (OWASP)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Security Content Automation Protocol (SCAP)
  • Service Organization Control (SOC) Type 2
  • Transportation Systems Sector (TSS) Cybersecurity Framework
  • Various other state and industry-specific requirements

New call-to-action