Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SOC 2 (Service Organization Control 2) provides a framework for assessing and reporting on the security, availability, processing integrity, confidentiality, and privacy of systems and data of service organizations. It was developed by the American Institute of Certified Public Accountants (AICPA) to address the need for consistent and comprehensive security and privacy controls in service organizations.

Cybersecurity challenges continue to grow in impact and complexity, especially as they relate to government and Defence information. In response to increasing hacking and cyber attacks, the Department of Defense (DoD) has released the DFARS and CMMC information management and cybersecurity standards to reduce the risk of system compromises within government agencies and the defense industrial base (DIB) that supports them.

In this blog post, I will be talking about audit and compliance and how to implement it with Calico. Most IT organizations are asked to meet some standard of compliance, whether internal or industry-specific. However organizations are not always provided with the guidance to implement it. Furthermore, when guidance has been provided, it is usually applicable to a more traditional and static environment and doesn’t address the dynamic nature of Kubernetes.

Netacea is proud to announce that six months on from completing SOC 2 Type 1 compliance, we can now confirm SOC 2 Type 2 compliance as well, further demonstrating our commitment to data security and protecting our customers.

In this ongoing series, you’ll hear directly from the teams keeping Vanta—and most importantly, our customers—secure. Today’s post by Rob Picard and Jess Chang on the Security team explains why and how we migrated to WebAuthn as the mandatory way to log into Okta. ‍ ‍

In 2019, the UK Government (NSCS) conducted The UK Telecoms Supply Chain Review, to assess and address potential risks associated with the supply chain of telecommunications infrastructure in the country. The review highlighted the risks associated with reliance on certain vendors, particularly those with high-risk profiles. It also recommended increased oversight and regulation to mitigate security risks and protect critical national infrastructure.

Data security has become an essential aspect of our lives and is more crucial than ever before. In the healthcare industry, organizations are entrusted with a plethora of sensitive information, including PHI, PII, and financial data. This renders them accountable for complying with both HIPAA and PCI regulations. Adherence to these regulations is paramount for safeguarding sensitive patient information from data breaches and cyber attacks.

Businesses that work with the US Department of Defense (DoD) and collect, process, transmit, or store controlled unclassified information (CUI) must comply with Defense Federal Acquisition Regulation Supplement (DFARS) standards. The DoD has responded to the growing threat of cyber incidents, including cyberattacks from cybercriminals and nation-states, by prioritizing cybersecurity best practices and insisting they are implemented throughout the DoD supply chain.