Standards and Certifications

eTERA Consulting provides a variety of business and technical services for commercial and federal clients. Our security operations are based on the following cybersecurity standards, laws and regulations:

  • 20 Critical Security Controls v6 (Center for Internet Security)
  • Federal Information Security Management Act (FISMA) of 2002, Title III – Information Security, P.L. 107-347: A security plan must be developed and practiced throughout all life cycles of the agency’s information systems.
  • Office of Management and Budget (OMB) Circular A-130, Management of Federal Information Resources: A System Security Plan (SSP) is to be developed and documented for each GSS and Major System (MA) consistent with guidance issued by the National Institute of Standards and Technology (NIST).
  • Federal Information Processing Standards (FIPS) Publication (PUB) 199, Standards for Security Categorization of Federal Information and Information Systems: This document defines standards for the security categorization information and information systems. System security categorization must be included in SSPs.
  • Federal Information Processing Standards (FIPS) Publication (PUB) 200, Minimum Security Requirements for Federal Information and Information Systems: This document contains information regarding specifications for minimum security control requirements for Federal information and information systems. Minimum security controls must be documented in SSPs.
  • NIST Special Publication (SP) 800-18, Guide for Developing Security Plans for Information Technology Systems: The minimum standards for an SSP are provided in this NIST document.
  • NIST SP 800-53, Recommended Security Controls for Federal Information Systems: This document contains a list of security controls that are to be implemented into federal information systems based on their FIPS 199 categorization. This document is used in conjunction with FIPS 200 to define minimum security controls, which must be documented in SSPs.
  • United States Department of Commerce, U.S.-Europe Safe Harbor Framework: The European Commission’s Directive on Data Protection prohibits the transfer of personal data to non-European Union nations that do not meet its standard for privacy protection. eTERA Consulting has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. Learn more about the Safe Harbor program and view eTERA Consulting’s certification.
  • Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
  • Statement on Standards for Attestation Engagements (SSAE) No. 16, Reporting on Controls at a Service Organization, Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA): This standard was finalized in January 2010 to replace the previous SAS-70 standard and ensures that operational security controls are met within an organization.