DOJ Data Security Program Compliance Audits

Securing Sensitive Personal and Government-Related Bulk Data

The U.S. Department of Justice (DOJ) has finalized its new “Data Security Program” (DSP) effecting Executive Order 14117, aimed at safeguarding sensitive personal and government-related data. To be able to conduct certain “restricted” transactions under the rule, U.S. entities need to have an external auditor certify compliance with security requirements developed by the Cybersecurity and Infrastructure Security Agency (CISA). FTI Cybersecurity helps organizations achieve compliance with the DSP, thereby mitigating national security data risks.

How We Can Help

FTI Cybersecurity conducts assessments to identify governance and technical solutions that help clients achieve compliance with DOJʼs DSP and mitigate threats from national security risks. Demonstrating compliance through an assessment and mitigation measures will protect against potential litigation and regulatory actions related to the mishandling of “bulk data,” as defined by the DSP. Our team has worked with financial institutions, payment processors, defense contractors, and medical providers, among others, in helping mitigate these risks.

Data Assessment

We collaborate with your organization to assess the technical, administrative, and governance structures surrounding data identified as “covered data,” determining potential cybersecurity gaps that need to be addressed. We can leverage already-available information from previous audits or assessments conducted at the organization against standards such as NIST, ISO, PCI-DSS, or CFIUS, which will make for an efficient and streamlined review process.

Risk Mitigation

Following an initial assessment, our team works with your organization and counsel to develop and implement the most effective mitigation strategies. We understand that organizations handling sensitive or covered data face diverse and complex risks, which can be addressed through various approaches, with the goal of identifying practical, tailored solutions that leverage existing resources and infrastructure. We provide expert guidance on key areas including vulnerability management, utilizing actionable threat intelligence, and protecting systems and associated data.

Build Secure

Our experts act as security architects, designing, prioritizing, and executing tailored solutions to remediate non-compliant systems. Our solutions are focused on efficiency, minimizing additional investments by leveraging existing infrastructure, data mapping, tools, and processes, while ensuring alignment with risk profiles and operational needs.

FTI Cybersecurity utilizes threat intelligence from diverse sources and conducts a holistic assessment of your organization’s data to identify attack vectors threatening protected data. This approach includes leveraging sophisticated tools for dark web and deep web monitoring, credential intelligence, and attack surface management, alongside publicly available data. By doing so, we help ensure your organization stays ahead of the ever-evolving threat landscape.