Every Securafy service is built on a foundation of recognized security frameworks and industry standards. We don’t just reference NIST — we operationalize it. Here’s exactly how our services map to the frameworks that govern your industry and satisfy your auditors, insurers, and regulators.
Released in February 2024, NIST CSF 2.0 is the gold standard for cybersecurity program management. Every Securafy service tier is mapped to one or more CSF 2.0 functions. Our COMPLY-CARE program delivers full implementation across all six.
CISA published specific hardening guidance for MSPs recognizing that MSPs are high-value targets — a compromised MSP means access to all their clients. Securafy complies with every CISA MSP hardening requirement internally and operationally.
MFA enforced on all internal Securafy systems, all client-facing portals, and all remote access paths. Privileged access strictly managed and logged.
Comprehensive logging of all Securafy internal and client-facing systems. Logs retained, reviewed, and correlated. Audit trail available for all privileged actions.
No employee has more access than required for their role. Access reviews quarterly. Segmentation between client environments prevents cross-client exposure.
Securafy’s own infrastructure follows the same standards we enforce for clients — Zero Trust, EDR, vulnerability management, and security awareness training.
Written, tested Securafy IR plan for responding to security events affecting our own infrastructure or supply chain. CISA-aligned notification procedures.
All Securafy staff complete security awareness training, phishing simulations, and role-specific technical training. Tracked and documented.
Securafy’s service catalog covers all major compliance frameworks. Our COMPLY-CARE tier is purpose-built for regulated industries — delivering the controls, documentation, and audit support each framework requires.
110-practice framework governing protection of Controlled Unclassified Information (CUI) for defense contractors and manufacturers. CMMC 2.0 now required in DoD contracts.
Administrative, physical, and technical safeguards for electronic Protected Health Information. Updated 2024 rules add mandatory MFA, encryption, and 72-hour breach notification.
2023 Safeguards Rule mandates MFA, encryption, pen testing, and an annual board report for financial institutions. FFIEC CAT governs bank examinations across 5 maturity domains.
All 14 policy areas governing access to criminal justice information (CJI) for law enforcement agencies and their IT vendors. Securafy signs MCAs with all LE clients.
12-requirement standard for cardholder data protection. v4.0 is now the only valid version (since March 2024), with expanded MFA requirements and new anti-phishing controls.
Ohio’s Data Protection Act provides an affirmative defense against data breach lawsuits for businesses with a qualifying cybersecurity program aligned to a recognized framework.
18 prioritized security controls providing a practical, prescriptive roadmap from basic cyber hygiene to advanced security operations. Also qualifies for Ohio Safe Harbor.
Trust Service Criteria for technology companies, SaaS providers, and service organizations. SOC 2 Type II is increasingly required by enterprise clients and investors.
Cyber insurers now require documented controls — MFA, EDR, tested backups, and a written incident response plan — before issuing or renewing coverage. Missing controls mean denied claims or no policy at all.
Our service tiers are purpose-built to match your compliance obligations. Every regulated industry has the right tier available.
| Framework | Primary Industry | Minimum Tier | Full Coverage Tier |
|---|---|---|---|
| NIST CSF 2.0 | All industries | ESSENTIAL-CARE (PROTECT, RECOVER) | COMPLY-CARE (all 6 functions) |
| CIS Controls v8 | All industries | ESSENTIAL-CARE (IG1) | COMPLY-CARE (IG1+IG2+IG3) |
| HIPAA Security Rule | Healthcare / Business Associates | SECURE-CARE | COMPLY-CARE |
| GLBA Safeguards Rule | Banking / Finance | SECURE-CARE | COMPLY-CARE |
| FFIEC CAT | Banks / Credit Unions | SECURE-CARE | COMPLY-CARE |
| CMMC 2.0 Level 1 | Defense Contractors (FCI) | SECURE-CARE | COMPLY-CARE |
| CMMC 2.0 Level 2 | Defense Contractors (CUI) | COMPLY-CARE | COMPLY-CARE |
| CJIS Security Policy | Law Enforcement | COMPLY-CARE | COMPLY-CARE |
| PCI DSS v4.0 | Merchants / Payment Processors | SECURE-CARE | COMPLY-CARE |
| Ohio Safe Harbor (ORC §1354) | All Businesses | ESSENTIAL-CARE (basic program) | COMPLY-CARE (full documentation) |
| SOC 2 Type II | SaaS / Tech / Service Providers | SECURE-CARE | COMPLY-CARE |
| Cyber Insurance Readiness | All Industries | SECURE-CARE | COMPLY-CARE |
Securafy speaks the language of your auditors, examiners, and regulators. Our team includes CISSP, CISM, CMMC-AB, and CISA certified professionals who live and breathe these frameworks for Columbus and Cleveland, our clients.
FREE · 30 MINUTES · NO SALES PITCH
Our free 47-point network and security assessment gives you a prioritised remediation report in plain language — no obligation, no upsell.
★ Soteria Award — Most Trusted MSP in North America 2024 · 30-Day Risk-Free Trial · 10-Minute Response Guarantee