Cybersecurity Policies and Procedures

Certification after Certification

Learn how our policies and procedures service enabled a customer to earn two cybersecurity accreditations.

Join our newsletter:

Client Objectives

The client sought the earn the CompTIA Security Trustmark+ Certification to demonstrate that it adheres to industry standard cybersecurity practices. The CompTIA Security Trustmark+ involves a third-party audit, and certification would demonstrate to customers that AEM Corp maintains security best practices.

What We did

We initiated the certification process with CompTIA for the Security Trustmark+ and began reviewing all of AEM Corp’s IT and Cybersecurity policies and procedures. After the review we needed to generate additional policies and procedures to meet the Security Trustmark+ requirements. Examples of documentation created were the data classification policy, access control matrix, and incident response plan. We also modified existing AEM Corp documentation to better align with CompTIA’s Security Trustmark+ requirements.

The Result

After completing all of the necessary documentation and submitting it for assessment to CompTIA AEM Corp earned the CompTIA Security Trustmark+ certification. Coincidentally, this also helped AEM Corp earn its ISO 27001 certification a year later. We also supported this initiative by providing consulting services.

About the Customer

AEM has been providing mission-critical expertise and support services to defense and intelligence agencies for the past three decades. AEM also provides services to other civilian agencies. It has multiple locations across the US and has employees in over 30 states.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.