Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Every audit turns up a few surprises. A missing patch here. A policy that was missing a few key processes. An employee training record that slipped through the cracks. Together all of these gaps tell a story: somewhere, a control isn’t doing what you expect. ‍ In GRC, we give those events names, issues, risks, and exceptions, and the way they connect is what separates a reactive program from a resilient one. ‍

As AI and automation increasingly become embedded into healthcare operations, securing these technologies becomes critical, especially for organizations managing protected health information (PHI), which are frequent targets for cybersecurity threats such as data breaches and unauthorized access. ‍ To safeguard this sensitive data, regulatory agencies like the U.S. Department of Health and Human Services (HHS) enforces strict cybersecurity and privacy regulations under HIPAA.

In today’s fast-moving digital economy, growth depends on strong, trusted relationships with vendors, suppliers, and partners. These third parties are often essential to modern business operations; however, they also open the door to a range of risks, from regulatory fines to operational slowdowns. Many organizations have already felt the impact of these risks becoming reality firsthand.

This past month, the Vanta team launched new features to help you: ‍

After years of drafts, revisions, and shifting timelines, the Cybersecurity Maturity Model Certification (CMMC) program is no longer just a concept. It's a contractual requirement, and enforcement begins soon. ‍ On September 9, 2025, the U.S. Department of Defense (DoD) released the final CMMC rule (48 CFR) for public inspection, with official publication in the Federal Register on September 10. From this point forward, all DoD contracts require some level of CMMC certification. ‍

As a startup, your early success and growth depend on earning buyer trust. But when you have limited levers to pull, like brand recognition, customer logos, and investor backing, proving trust often comes down to demonstrating a strong security posture. ‍ However, the bar for trust is rising—especially if you’re building with AI. Today’s discerning buyers expect more than a SOC 2 report.

In late March 2025, the General Services Administration (GSA) announced the first major overhaul to FedRAMP in over a decade, soft-launching a new, fast-track authorization path called FedRAMP 20x. ‍ In May 2025, we submitted our initial package for the pilot, quickly followed by a resubmission of our final package. We’re now excited to share that Vanta has officially achieved FedRAMP 20x Low Authorization and a listing on the FedRAMP Marketplace.