Profile cover photo
Profile photo
Affordable, Editable, Professionally-Written IT Security Documentation
Affordable, Editable, Professionally-Written IT Security Documentation

Communities and Collections

Post has attachment

Post has attachment
Our customers needed documentation on how they could prove they have a "vulnerability management program" in place, so we built the Vulnerability & Patch Management Program (VPMP) document.

Similar to the other cybersecurity documentation we sell, many of our customers tried and failed to create their own program-level documentation. However, this is what we've found to be the most difficult for companies to get right. It is not uncommon to have hundreds of man-hours spent on this type of documentation effort and only have it end in failure. That is why we are very excited about this product, since it fills a void at most organizations, both large and small.

The Vulnerability & Patch Management Program (VPMP) is framework-independent (e.g., ISO, NIST, COBIT, etc.) and was designed to integrate with our Written Information Security Program (WISP) and Risk Management Program (RMP) documentation - this allows you to have policies, standards and procedures that work together to create a holistic and comprehensive cybersecurity program!

- Audit Failures - Similar to risk management, most organizations run into trouble in audits when asked HOW vulnerabilities and patches are managed, since they cannot provide documentation beyond policies and standards. The VPMP addresses the HOW for you!
- Vendor Requirements - It is very common for clients and partners to request evidence of a vulnerability management program during their due diligence. The VPMP provides this evidence!
- Compliance Requirements - Requirements such as PCI DSS, MA 201 CMR 17.00 and NIST 800-171 establish a mandate to formally manage vulnerabilities. The VPMP addresses these compliance requirements!

- Clear Documentation - The VPMP provides the comprehensive documentation to prove that your vulnerability and patch management program exists.
- Actionable Steps - The VPMP provides actionable guidance on what steps can be taken to proactively address risk and keep systems patched in a sustainable manner.
- Alignment With Leading Practices - The VPMP is written to support leading practices for patching, vulnerability scanning, penetration testing and vulnerability remediation.

Post has attachment
The New York State Department of Financial Service (DFS) 23 NYCRR 500 is a requirement that our documentation addresses. ComplianceForge offers two(2) unique products to comply with the New York Department of Financial Services (DFS) cybersecurity requirements:

- Written Information Security Program (WISP)
- Digital Security Program (DSP) - ISO or NIST versions

Post has attachment
We created a few discounted bundles specifically tailored for clients who need to comply with NIST 800-171. The discounts are up to 30% retail price, so it is a significant savings on the following products:

- NIST-based Written Information Security Program (WISP)
- NIST 800-171 Compliance Criteria (NCC)
- Risk Management Program (RMP)
- Cybersecurity Risk Assessment (CRA) template
- Vulnerability & Patch Management Program (VPMP)
- Vendor Compliance Program (VCP)
- Information Security Assessment Template (ISAT)

Post has attachment
When you look at NIST 800-171 compliance, it has some similarities to the Payment Card Industry Data Security Standard (PCI DSS).

From the perspective of PCI DSS, if scoping is done poorly, a company's entire network may be in-scope as the CDE, which means PCI DSS requirements would apply uniformly throughout the entire company. In these scenarios, PCI DSS compliance can be prohibitively expensive or even technically impossible. However, when the network is intelligently-designed with security in mind, the CDE can be a small fraction of the company's network, which makes compliance much more achievable and affordable.

We feel that NIST 800-171 should be viewed in the very same manner. This guide is meant to help companies identify assets within scope for NIST 800-171 and potentially find ways to minimize scope through isolation or controlled access.

Post has attachment
ComplianceForge is pleased to announce the launch of its newest product, the Digital Security Program (DSP). The DSP is a major evolution of the Written Information Security Program (WISP). However, unlike the WISP that is available in ISO 27002 and NIST 800-53 versions, the DSP is not locked into a single framework – it is a hybrid model that is built for organizations that do not want to be tied to just ISO or NIST frameworks.

Post has attachment

NIST 800-53 rev4-based cybersecurity assessment template is now available at!

ISO 27002-based Vendor Compliance Program (VCP) for the information security side of vendor management is available at!

PCI DSS IT Security Policies & Standards template is available at!
Wait while more posts are being loaded