No.
FERPA is a regulation that schools are required to comply with, not Coro. FERPA governs how schools handle personal information, including obtaining parental consent.
For more information, see FERPA.
The Coro platform supports the following technical safeguards required by CJIS:
- Business email compromise (BEC).
- Email account takeover.
- Data governance monitoring and notifications on outgoing/incoming email.
- Anti-virus (AV).
- Advanced Threat Protection (ATP) (Next-Generation Antivirus (NGAV)).
- Device security posture.
- Data recovery.
- Data Distribution Governance (DDM) and Role management.
- Security and business-specific data monitoring.
- Personally Identifiable Information (PII) monitoring.
For more information, see CJIS.
Unlike CMMC certification, CMMC compliance is not a well-defined concept. Companies that want to do business with the Department of Defense (DoD) must obtain CMMC certification from an accredited third-party organization, which verifies that the necessary security controls and practices are implemented. Coro Cybersecurity currently does not provide direct services to the Department of Defense (DoD), and thus CMMC certification is not required. Simultaneously, as a company, Coro is meeting the requirements of the CMMC standard, specifically the NIST SP 800-171 framework. Furthermore, Coro's data security and privacy service meets the vast majority of relevant CMMC certification requirements.
For more information, see Regulations and compliance.
NIST has numerous frameworks, including::
- NIST Cybersecurity Framework (CSF) (CSF Framework).
- NIST Special Publication 800-53: Security and Privacy Controls for Federal Information Systems and Organizations.
- NIST Special Publication 800-171: Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations.
- NIST Special Publication 800-30: Risk Management Guide for Information Technology Systems.
- NIST Special Publication 800-37: Guide for Applying the Risk Management Framework to Federal Information Systems.
- NIST Special Publication 800-53A: Assessing Security and Privacy Controls in Federal Information Systems and Organizations.
- NIST Special Publication 800-57: Recommendation for Key Management: Part 1 – General (Rev. 4).
- NIST Special Publication 800-131A: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths.
- NIST Special Publication 800-171A: Assessing Security Requirements for Controlled Unclassified Information.
Coro assists its customers in complying fully with some of these frameworks and partially with others, while some NIST frameworks focus on aspects of organizational operations that Coro does not address.
For more information, see Regulations and compliance.
No, Coro does not form part of any GPO, but, of course, can be distributed by any GPO of the customer's choice.
SEC follows the main framework for any government organization. In terms of data loss prevention, access rights, and controls, Coro covers the majority of their requirements.
Coro stores data in the United States, Germany, and Canada. Coro only stores basic identifiers for users and devices, and no other customer organizational data. Coro does not store any customer files, emails, or similar data. The only data Coro stores from monitoring customer activities are threats and suspicious patterns discovered during Coro protection monitoring.
ATO is a permission to operate on the DoD's network, and in order to receive it, the requirement is to undergo security assessment such as the DoD Information Assurance Certification and Accreditation Process (DIACAP) or the Risk Management Framework (RMF). The overall network security is assessed to ensure that the DoD's information systems are secure and can operate effectively in a secure environment.
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication method that protects against fraudulent emails. Email servers (M365/GW/etc.) are responsible for examining incoming messages for DMARC. This process unfortunately produces a high number of false positives. Coro has introduced conservative DMARC and Sender Policy Framework (SPF) analysis to mitigate this.
Yes, organizations with the SASE suite enabled can effectively block and govern internet access, enabling them to meet CIPA requirements at a high level.
Yes. Coro’s Managed Detection and Response (MDR) offering aligns with Cybersecurity Maturity Model Certification (CMMC) requirements. All Coro managed service staff undergo the necessary background checks, and Coro stores all customer data in the region you select when creating your workspace.
Yes.
Coro helps organizations align with the principles of PIPEDA (Personal Information Protection and Electronic Documents Act), which governs how private-sector organizations in Canada handle personal information. PIPEDA requires organizations to protect personal data, obtain appropriate consent, and provide individuals with access and correction rights.