OUR SERVICES

Regulatory Compliance: CMMC, HIPAA, NIST 800

Ember logo

Soteria is proud to partner with

Ember Technology

Achieving regulatory compliance can be daunting, especially when the rules keep changing. That's why we partner with Ember Technology, an experienced, trained, and detail-oriented team who knows all the ropes - so you don't have to.


Whether you need help with HIPAA, CMMC, or NIST 800 - Ember has you covered.  For CMMC/NIST: Ember Technology is a Registered Practitioner Organization (RPO), authorized by the Cyber AB to provide consulting services to government contractors and other companies in preparation for their CMMC assessments.

Ember's Registered Practitioners (RPs) have the expertise to help you navigate the regulations and processes to prepare, maintain, and improve your regulatory compliance.

What is CMMC/NIST?

The Department of Defense (DoD) created the Cybersecurity Maturity Model Certification (CMMC) program in 2019; based on the cybersecurity guidelines already laid out in the National Institute of Standards and Technology's Special Publications 800 series (NIST 800 or NIST SP800).


CMMC is a set of cybersecurity standards that contractors in the Defense Industrial Base (DIB) need to adhere to in order to win and service DoD aquisition contracts. CMMC is there to protect sensitive information involving DoD projects, the contractors themselves, and the final products against the increasing threat of cyberattack, malware, and compromise.


The DoD's incorporated CMMC into it's acquisition programs to ensure that all contractors and subcontractors are trusted and secure. However, several major changes and updates to the program have made keeping full compliance difficult.


That is where Registered Practictioner Organizations (RPOs) like Ember come in, to assist contractors and subcontractors with keeping current, compliant, and secure.


What is HIPAA?

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted in 1996, intended to modernize the handling of healthcare information and ensure patient privacy. 


Among other things, HIPAA stipulates how personally identifiable information (PII) or protected health information (PHI) needs to be handled and maintained by the healthcare and health insurance industries, in order to protect it from fraud and theft.


HIPAA's Privacy Rule prohibits healthcare providers and related businesses from disclosing protected personal information to anyone other than a patient and the patient's authorized representatives without their consent.


Less well known is HIPAA's Security Rule, which dictates how entities handle PHI in electronic form (e-PHI).

To comply with the HIPAA Security Rule, all covered entities must:

  • Ensure the confidentiality, integrity, and availability of all e-PHI
  • Detect and safeguard against anticipated threats to the security of the information
  • Protect against anticipated impermissible uses or disclosures that are not allowed by the rule
  • Certify compliance by their workforce


For more information about Compliance, CMMC, HIPAA, or NIST 800, or more about how Ember can help your business,

please visit Ember's website:

Share by: