Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The licensing partnership with the Navy will allow the Ignyte team to integrate SCAP with the existing open source ecosystem to bring the capability to a broader set of potential customers that serve the military.

Whether your org is about to begin its journey for SOC 2, or you’re planning to wrangle up more standards (think ISO 27001, CMMC, and HIPAA, to name a few), the set of tools and software you have in place can be make-or-break. We asked our customers what their recommended tools were, and compiled your shopping list for security and privacy program essentials. Tools or services marked with * denotes a partner or integration.

At the turn of the most recent century, the financial world was in a moment of unregulated growth, which lead to some serious corporate misdeeds in the United States. This presented the opportunity for two senators to enact a new law to ensure accurate and reliable financial reporting for public companies in the US. The result was the Sarbanes-Oxley Act (SOX) of 2002. But what does financial reporting have to do with cybersecurity and IT compliance?

In March 2022, the U.S. Securities and Exchange Commission (SEC) issued a proposed rule, the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, that, if adopted, would require companies to disclose their cybersecurity governance capabilities and the role of the board concerning oversight of cyber risk.

‍The Cybersecurity Maturity Model Certification (CMMC) is a cyber program and security framework used by the US Department of Defense (DoD) to measure firms’ cybersecurity maturity. All DoD contractors working with the federal government must comply with this program by 2025. CMMC compliance demands that DOD contractors pass an external CMMC assessment carried out by an approved CMMC Third Party Assessment Organization (C3PAO) for all but the lowest level of CMMC certification.

After completing an ISO 27001 audit, there may be some critical responses you must undertake based on the recommendation in your audit report. This step-by-step guide will ensure you don’t miss any of the outstanding follow-up tasks that need to be addressed after the audit process is over. Learn how UpGuard simplifies Vendor Risk Management >

Even before the fiasco at Silicon Valley Bank, financial institutions were under tremendous scrutiny from regulators. How could they not be? Banks are among the oldest known targets for theft, and in a digital age, the best way to extract money is going to be either straight cyber-theft from existing accounts or ransomware. IT systems that house customers’ financial data can be architected with the right security controls in place to protect that data to the highest standard.

In this series, you’ll hear directly from Vanta’s Security, Enterprise Engineering, and Privacy, Risk, & Compliance Teams to learn about the team’s approach to keeping Vanta — and most importantly, our customers — secure. ‍ The following post comes from our Security Team and explains our approach to threat modeling. ‍ ‍

21 CFR Part 11 is a set of regulations issued by the U.S. Food and Drug Administration (FDA) that establishes the criteria under which electronic records and signatures are considered trustworthy, reliable, and equivalent to paper records. In order to sell products in the United States, companies must demonstrate that their systems meet the standards set forth in Part 11. This can be a daunting task, as the requirements are numerous and detailed.