IT Compliance Solutions

Toomey and Associates focuses on providing customers with comprehensive solutions for meeting increasingly complicated IT security compliance requirements.

Services

Consulting

  • FISMA
  • PCI
  • HIPAA
  • DOD STIG / SRG

View details »

Contact

The development of my web based projects and learning experiments

View details »

About

About Toomey and Associates

View details »

Services

FISMA Compliance

The Federal Information Security Management Act (FISMA) is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA was signed into law part of the Electronic Government Act of 2002 and has since changed the IT security compliance landscape for Government agencies and Contractors

Toomey and Associates provides comprehensive consulting services to help organizations meet the over 1500 requirements involved with meeting the FISMA standards.

PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) or by a firm specific Internal Security Assessor (ISA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes

HIPAA Compliance

HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information. The HIPAA Security Rule deals specifically with Electronic Protected Health Information (EPHI). It lays out three types of security safeguards required for compliance: administrative, physical, and technical. For each of these types, the Rule identifies various security standards, and for each standard, it names both required and addressable implementation specifications. Required specifications must be adopted and administered as dictated by the Rule.

DISA STIG / SRG Compliance

The Security Technical Implementation Guides (STIGs) and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, DISA has played a critical role enhancing the security posture of DoD's security systems by providing the Security Technical Implementation Guides (STIGs). The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack.

Contact



Please send all inquires and requests to info@toomeyassoc.com

About



Toomey and Associates is a Limited Liability Company (LLC) registered in Virginia, USA. It was founded in 2017 by Nickolas Toomey and is headquartered in Northern Virginia.

Nickolas Toomey is the founder of Toomey and Associates. Nick has a bachelors degree from the University of Maryland, College Park and over 20 years of IT experience. He is a specialist in IT compliance requirements for all types of modern IT operating systems and products.