Compliance

The Defense Department recently proposed a new rule, published in the Federal Register on August 15, detailing how it plans to integrate the Cybersecurity Maturity Model Certification (CMMC) program into its contracting process. The CMMC program is designed to assess whether companies handling sensitive unclassified information comply with the department’s cybersecurity requirements. Since its announcement […]

As artificial intelligence (AI) continues to evolve and integrate into various sectors, the importance of managing its risks becomes increasingly critical. To address these concerns, the AI Risk Management Framework (AI RMF) was developed as a voluntary resource aimed at enhancing the trustworthiness of AI systems. This blog post will explore the key elements of […]

In recent years, cybersecurity has become a critical focus for the U.S. Department of Defense (DoD), particularly in safeguarding the defense industrial base (DIB) from increasing cyber threats. To address these concerns, the Cybersecurity Maturity Model Certification (CMMC) was introduced as a framework to enforce stronger cybersecurity practices among defense contractors. Recently, the DoD proposed […]

What To Know About Cybersecurity Insurance The cybersecurity insurance sector is in the midst of significant transformation. Escalating premiums, shifting prerequisites, and inconsistent standards within the industry present formidable hurdles for organizations seeking coverage. Now is a critical moment for these organizations to gain insight into the evolving landscape of cyber insurance and ascertain the […]

In today’s interconnected world, businesses often rely on an extensive network of vendors and third-party service providers to meet various operational needs. While outsourcing offers many advantages, it also exposes organizations to significant security risks. Vendor security questionnaires have emerged as a crucial tool for assessing and managing these risks effectively. In this comprehensive guide, […]

Securing Your Cloud Infrastructure Google Cloud Penetration Testing: In today’s rapidly digitizing world, cloud environments have become essential to businesses of all sizes. With a massive surge in cloud adoption, ensuring security in these virtual environments is paramount. Google Cloud Platform (GCP) is a leading provider of cloud services, and penetration testing or “pen testing” […]

Introduction In today’s intricate digital ecosystem, one of the primary challenges is to ensure that the right individuals access the right resources, at the right time. Any lapse can lead to unauthorized access, data breaches, or system compromise. Addressing this challenge head-on is the Identification and Authentication family within the NIST (National Institute of Standards […]

Introduction In the sprawling world of cybersecurity, there’s a need to bring order to potential chaos. As systems and networks expand and diversify, so does their vulnerability to breaches. To navigate this complexity, a methodical approach is required, which the NIST (National Institute of Standards and Technology) Special Publication 800-171 provides. Among its components, the […]

Introduction In the fast-paced digital universe, as threats to data security multiply, organizations race to strengthen their defense mechanisms. Yet, while technology and infrastructures play vital roles, the human factor cannot be underestimated. Here’s where the NIST (National Institute of Standards and Technology) Special Publication 800-171 comes into focus. Designed to safeguard Controlled Unclassified Information […]

Introduction In the age of increasing digital threats and expanding data repositories, it’s no wonder that regulations and frameworks are ever-evolving to match the pace. The NIST (National Institute of Standards and Technology) Special Publication 800-171 is one such framework, designed to protect Controlled Unclassified Information (CUI) within non-federal systems and organizations. Among its core […]

Introduction In the rapidly evolving realm of cybersecurity, staying a step ahead of potential threats is paramount. The National Institute of Standards and Technology (NIST) plays a pivotal role in shaping cybersecurity guidelines to ensure data protection. Building on its established framework, NIST Special Publication 800-171, the institute introduced NIST 800-172, designed to enhance defense […]

Introduction The increasing importance of data security has ushered in various cybersecurity frameworks. Among the most prominent is the NIST Special Publication 800-171, which focuses on the protection of Controlled Unclassified Information (CUI) in non-federal systems. Boasting 110 controls spread across 14 families, this guideline offers a comprehensive approach to safeguarding sensitive data. A Deep […]

Introduction Cybersecurity, in our digitized era, is akin to a game of chess. As the opponent evolves, so too must the defenses. Among the various guidelines and controls stipulated by the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171, Control 3.13.12 stands out for its emphasis on session protection. This often-overlooked aspect […]

Businesses of every size and in every sector are at risk from growing cyber threats—those are just the facts. With awareness of the danger growing, more and more companies are looking at ways to protect themselves when they’re hit with a malware attack or data breach (and I do mean when, not if), which is […]

With ransomware and malware attacks getting more frequent and sophisticated year after year, more businesses are waking up to the reality that it isn’t a matter of if their company is going to be hit, but when. By 2025, global cybercrime is estimated to cost over $10.5 trillion annually, and your organization could be one […]

It’s not your imagination—the number of significant data breaches and cyberattacks is on the rise. Among the latest prominent victims is Dallas-based retailer Neiman Marcus, who recently notified 4.6 million customers that information associated with their online accounts may have been accessed by an unauthorized third party in May 2020. [i]  In addition to notifying customers, the […]

What does CCPA Compliance mean for your business? The California Consumer Privacy Act of 2018 (CCPA), a consumer privacy law that establishes guidelines on collecting personal information and post-data-acquisition usage goes into effect January 1, 2020. The new law will apply to any business that operates in California and has annual gross revenues in excess […]