Strategic Partners

At ComplianceForge, we are often asked for referrals for subject matter experts who can help with their unique needs. We've put together a list of strategic partners who can help you with your cybersecurity, privacy and other security needs.

Cybersecurity Consulting Services

 how to grc

How To GRC
+1-907-299-7775
https://www.howtogrc.com/scf
learn@howtogrc.com

HowToGRC has extensive experience implementing and tailoring ComplianceForge products. HowToGRC is a cybersecurity firm focused on designing and implementing cost-effective and scalable Secure Control Framework (SCF) based security programs. 

HowToGRC offers the following services:

  • Tailoring & implementation consulting services for ComplianceForge products (e.g., DSP, CDPP, CSOP, etc.). 
  • Governance, Risk & Compliance (GRC) platform integration.
  • Developing a tailored cybersecurity program.
  • Secure Controls Framework (SCF) consulting.
  • Capability maturity assessments. 

security waypoint

SecurityWaypoint
+1-800-289-3740
https://securitywaypoint.com
connect@securitywaypoint.com

SecurityWaypoint has extensive experience implementing and tailoring ComplianceForge products. SecurityWaypoint is a specialized cybersecurity consulting company that focuses on the compliance and governance aspects of your cybersecurity needs. SecurityWaypoint provides vCISO services and can help organizations implement NIST 800-171 & CMMC 2.0 requirements. Security doesn't have to be hard, let SecurityWaypoint do the work for you.

SecurityWaypoint offers the following services:

  • Tailoring & implementation consulting services for ComplianceForge products (e.g., DSP, CDPP, CSOP, etc.). 
  • NIST 800-171 / CMMC 2.0 gap assessments utilizing the Secure Controls Framework (SCF).
  • CMMC 2.0 Level 1 & Level 2 program and process implementation packages.
  • Cybersecurity business planning services (CISO-level business plan).
  • Risk assessments.
  • System Security Plan (SSP) & Plan of Action & Milestones (POA&M) development. 
  • Secure Controls Framework (SCF) consulting.

steel root

Steel Root
+1-978-312-7668
https://www.steelroot.us
info@steelroot.us

Steel Root is an IT Managed Services Provider (MSP) that specializes in helping companies in the U.S. Defense Industrial Base (DIB) implement and manage security requirements under DFARS, CMMC, and other federal standards.

Key elements of the Steel Root approach:

  • Steel Root offers a reference architecture for CMMC that allows companies to effectively scope out technical debt and accelerate compliance timelines. The system design can be deployed as an enclave or across the entire organization.
  • The Steel Root reference architecture is a set of systems, configuration baselines, and tools — built on the Microsoft Government cloud and using zero trust architecture principles — that is purpose built for meeting the CUI safeguarding requirements in DFARS 252.204-7012 and preparing for CMMC Maturity Level 3.
  • Steel Root provides managed cybersecurity and IT services post-implementation, as well as program management coaching and virtual ISSO services to help organizations meet their ongoing responsibilities.
 For CMMC-specific consulting services, the CMMC Center of Awesomeness (CMMC-COA) has a list of "CMMC Practitioners" that is a good place to start - https://www.cmmc-coa.com/cmmc-practitioners 
 

Governance, Risk & Compliance (GRC) & Integrated Risk Management (IRM) Platforms 

 

SCF Connect
https://www.scfconnect.com
info@scfconnect.com

SCF Connect is a GRC platform that takes the guesswork out of operationalizing the Secure Controls Framework (SCF). SCF Connect was built to natively support the SCF and is designed to integrate with ComplianceForge's Digital Security Program (DSP) and Cybersecurity Operating Procedures (CSOP).  

  • SCF Connect is affordable, starting at $200 / month. 
  • Designed to perform SCF Conformity Assessment Program (CAP) assessments.
  • Consultant and auditor / assessor portals.
 
Ignyte assurance platform

Ignyte Assurance Platform
+1-833-446-9831
https://www.ignyteplatform.com
info@ignyteplatform.com

Ignyte Assurance Platform is a leader in collaborative security and integrated GRC solutions for global corporations. For corporate risk and compliance officers who depend heavily on the protection of their resources, Ignyte is the ultimate translation engine for simplifying compliance across regulations, standards and guidelines.

  • The Ignyte platform is used by leading corporations in diverse industries, such as Healthcare, Defense, and Technology.
  • Ignyte operationalizes compliance for many organizations through the use of the SCF controls and can be used to facilitate a SCF Certification, based on the SCF Information Assurance Program (IAP):
  • The IAP program leverages the SCF controls and is designed to help organizations quickly get up to speed on completing information assurance tasks; and
  • Ignyte helps organizations scale these tasks to make audit-preparation and audits much more efficient.
 

LogicGate
+1-312-279-2775
https://www.logicgate.com
sales@logicgate.com

LogicGate utilizes the SCF to define how we map controls between the standards and regulations which are included as part of our core content repository.

  • LogicGate's flexible data mapping capabilities allow users to easily view relationships between these controls, as well as between other critical data objects, such as risks, assessments, evidence, policies, and assets. Through these relationships, risk teams can perform an assessment on one control framework and then easily determine the compliance status of a mapped control framework, helping to reduce the amount of time and effort spent by teams needing to ask for the same evidence or attestations over time.
  • The database technology that LogicGate is built on also enables organizations to easily adjust relationships between controls and other items as regulatory requirements and standards change.
Ostendio

Ostendio
+1-877-668-5658
https://www.ostendio.com
info@ostendio.com

Ostendio My Virtual Compliance Manager (MyVCM) is a cloud-based GRC/IRM platform that:

  • Helps organizations understand what they need to do to build their security and risk management program;
  • Operates the program across the entire organization on a day by day basis; and
  • Makes it simple to demonstrate compliance across over 100 laws, regulations and industry standards, ensuring the organization is always audit ready. 
  • Fully integrates the SCF's controls and allows organizations to easily compare their security program against over 100 security and privacy frameworks by simply mapping the controls necessary for any additional standard or regulation:
    • Everyone in the company can log in and use the platform, which makes MyVCM's licensing model the most cost-effective GRC/IRM solution for multiple-user involvement.
    • It offers a "single-pane-of-glass" reporting, automated workflow management, and integration with some of the world’s leading platforms including OneLogin, Microsoft and Google. 

reciprocity

Reciprocity (ZenGRC)
+1-877-440-7971
https://www.reciprocitylabs.com
engage@reciprocitylabs.com

Reciprocity ZenGRC is a cloud-based GRC/IRM platform that utilizes the SCF as an available set of cybersecurity and privacy controls.

  • ZenGRC is an easy-to-use, enterprise-grade GRC/IRM solution for compliance and risk management that offers businesses efficient control tracking, testing, and enforcement.
  • ZenGRC streamlines control management to provide tangible value because it speeds up audit and vendor management tracking and consolidates risk mitigation tasks.
  • Clients can be up and running in as little as 6-8 weeks, saving time for compliance teams to focus on security work while saving time on mundane implementation tasks.

 

Risk Management Solutions

SimpleRisk

SimpleRisk
+1-650-619-8669
https://www.simplerisk.com
sales@simplerisk.com

SimpleRisk is a free and open source GRC tool that leverages the SCF, giving our customers what they've been asking for - an easy way to load up and utilize controls for various compliance frameworks. 

  • The SCF is a free downloadable "extra" within SimpleRisk.  Customers can go to the Configure > Register & Upgrade menu in any registered SimpleRisk instance and click "Download" to download and then install the SCF in that instance. 
  • Within SimpleRisk, clients are presented with a list of the frameworks represented with the SCF and the option to select which ones apply to their organization.  Applicable controls are automatically imported into the Governance functionality of SimpleRisk with mappings to their associated frameworks.  From there, customers can document exceptions, perform testing, and use the controls to plan mitigations for their risks.
  

Browse Our Products

  • Digital Security Program (DSP)

    Digital Security Program (DSP)

    ComplianceForge

    Enterprise-Class, Hybrid Framework For Cybersecurity & Privacy What Is The Digital Security Program (DSP)? The DSP is an enterprise-class solution for cybersecurity & data privacy documentation consisting of thirty-three (33) domains that...

    $9,500.00
    Choose Options
  • NIST 800-171 Compliance Program (NCP). This is a bundle of products that are specific to NIST 800-171 and CMMC 2.0 compliance - policies, standards, procedures, SSP & POA&M templates. Editable CMMC 2.0 Level 2 (old Level 3) policies, standards, procedures, SSP & POA&M templates.

    NIST 800-171 Compliance Program (NCP): CMMC Level 2

    ComplianceForge

      UPDATED FOR CMMC 2.0   NIST SP 800-171 & CMMC "Easy Button" Solution - Editable & Affordable Cybersecurity Documentation What Is The NIST 800-171 Compliance Program (NCP)? The NCP is a compilation of editable Microsoft...

    $8,950.00
    $8,950.00
    $5,200.00
    Choose Options

Learn More About Cybersecurity & Data Privacy