harveynewstrom.com

What It Is

HarveyNewstrom.com is more of a personal expert profile and cybersecurity consulting showcase than a standardized SaaS security product. The site states that Harvey Newstrom is an IBM Consultant and holds certifications including IBM Cloud Professional Architect, Security Engineer, and Compliance Specialist. He is also listed as one of the co-authors of NIST SP 800-53, 800-53A, and 800-53B, with long-term experience implementing and assessing NIST controls for government agencies and Fortune 500 companies.

Core Capabilities and Compliance Focus

In terms of protection categories, the focus is not on specific technical products such as firewalls, EDR, or WAF, but rather on cybersecurity architecture, cybersecurity program development, consulting, advocacy, and compliance. The text explicitly mentions expertise in applying the NIST framework as well as IBM ITSS, Service Framework, CIS Benchmarks, DISA STIGs, Financial Services, HIPAA, HITRUST, FedRAMP, RMF, FISMA, CMMC, Privacy, DoD, and other standards. This means the main value lies in control framework mapping, compliance gap assessment, cloud security governance, and security architecture design for complex regulatory environments.

Pricing, Deployment, and Management

The website does not disclose a pricing model, fee range, payment methods, service contracts, or SLA terms, nor does it describe deployment methods. Since this is a consulting service rather than a product, delivery may typically be project-based or advisory in nature, but the text does not confirm this, so it should not be assumed. Management and alerting capabilities are also not described, so it is not suitable to evaluate it as a plug-and-play monitoring and alerting platform.

Pros and Cons

The main advantage is a highly focused and relatively rare background: participation in NIST standards development, long-term service to government agencies, IBM security and privacy consulting experience, and cross-framework expertise spanning FedRAMP, FISMA, CMMC, HIPAA, and more. The downside is that the website reads more like a résumé, with limited information on service offerings, case studies, pricing, delivery methodology, team resources, or support channels. For procurement teams, this may mean higher upfront communication costs.

Who It Is Best For and Access from China

It is better suited to U.S. government contractors, multinational enterprises, cloud business teams, and heavily regulated industries such as finance or healthcare, especially for security architecture reviews, NIST control implementation, and consulting related to FedRAMP, RMF, FISMA, CMMC, and similar frameworks. Access from China cannot be determined based on the page content alone, and payment methods are not disclosed. Chinese companies focused mainly on domestic regulatory requirements may want to prioritize MLPS assessment providers, security compliance services from domestic cloud vendors, or local cybersecurity consulting firms. However, if U.S. government or international compliance requirements are involved, this type of expert consultant may be worth considering.