Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Decree No. 2009-834 established ANSSI (Agence nationale de la sécurité des systèmes d’information) as the National Cybersecurity Agency of France in 2009. In 2013, Article 22 of the Military Programming Law defined ANSSI’s functions and responsibilities, giving the agency regulatory and enforcement powers. Further, ANSSI is France’s primary point of contact with the larger European Union (EU) Network and Information Systems (NIS) Directive, with Decree No.

June was a month full of exciting releases for Vanta, including enhanced Risk Management customization, 21 new integrations, Automated Statement of Applicability, and more. ‍ ‍

NIST established the crucial set of guidelines known as FIPS 140-2 to safeguard sensitive data, particularly for governmental organizations. It is to provide security and privacy when encrypting and decrypting data. The primary distinction between FIPS 140-2 validation and compliance is that. In contrast, validation involves determining if a system or product has been developed to comply with the standard’s requirements; compliance is putting those requirements into practice.

SOC 2 (Service Organization Control 2) provides a framework for assessing and reporting on the security, availability, processing integrity, confidentiality, and privacy of systems and data of service organizations. It was developed by the American Institute of Certified Public Accountants (AICPA) to address the need for consistent and comprehensive security and privacy controls in service organizations.

Cybersecurity challenges continue to grow in impact and complexity, especially as they relate to government and Defence information. In response to increasing hacking and cyber attacks, the Department of Defense (DoD) has released the DFARS and CMMC information management and cybersecurity standards to reduce the risk of system compromises within government agencies and the defense industrial base (DIB) that supports them.

In this blog post, I will be talking about audit and compliance and how to implement it with Calico. Most IT organizations are asked to meet some standard of compliance, whether internal or industry-specific. However organizations are not always provided with the guidance to implement it. Furthermore, when guidance has been provided, it is usually applicable to a more traditional and static environment and doesn’t address the dynamic nature of Kubernetes.

Netacea is proud to announce that six months on from completing SOC 2 Type 1 compliance, we can now confirm SOC 2 Type 2 compliance as well, further demonstrating our commitment to data security and protecting our customers.

In this ongoing series, you’ll hear directly from the teams keeping Vanta—and most importantly, our customers—secure. Today’s post by Rob Picard and Jess Chang on the Security team explains why and how we migrated to WebAuthn as the mandatory way to log into Okta. ‍ ‍