Cybersecurity challenges continue to grow in impact and complexity, especially as they relate to government and Defence information. In response to increasing hacking and cyber attacks, the Department of Defense (DoD) has released the DFARS and CMMC information management and cybersecurity standards to reduce the risk of system compromises within government agencies and the defense industrial base (DIB) that supports them.

In this blog post, I will be talking about audit and compliance and how to implement it with Calico. Most IT organizations are asked to meet some standard of compliance, whether internal or industry-specific. However organizations are not always provided with the guidance to implement it. Furthermore, when guidance has been provided, it is usually applicable to a more traditional and static environment and doesn’t address the dynamic nature of Kubernetes.

Netacea is proud to announce that six months on from completing SOC 2 Type 1 compliance, we can now confirm SOC 2 Type 2 compliance as well, further demonstrating our commitment to data security and protecting our customers.

In this ongoing series, you’ll hear directly from the teams keeping Vanta—and most importantly, our customers—secure. Today’s post by Rob Picard and Jess Chang on the Security team explains why and how we migrated to WebAuthn as the mandatory way to log into Okta. ‍ ‍

Compliance is often viewed as a “one and done” activity – an annual rite of passage, for example, performed during yearly audits. That is an archaic approach to compliance in the modern business world, and won’t suffice any longer. Instead, organizations must adopt a mindset of continuous compliance, where adherence to regulatory requirements becomes integral to day-to-day operations. How can a company achieve that evolved state?

In 2019, the UK Government (NSCS) conducted The UK Telecoms Supply Chain Review, to assess and address potential risks associated with the supply chain of telecommunications infrastructure in the country. The review highlighted the risks associated with reliance on certain vendors, particularly those with high-risk profiles. It also recommended increased oversight and regulation to mitigate security risks and protect critical national infrastructure.

Data security has become an essential aspect of our lives and is more crucial than ever before. In the healthcare industry, organizations are entrusted with a plethora of sensitive information, including PHI, PII, and financial data. This renders them accountable for complying with both HIPAA and PCI regulations. Adherence to these regulations is paramount for safeguarding sensitive patient information from data breaches and cyber attacks.

Businesses that work with the US Department of Defense (DoD) and collect, process, transmit, or store controlled unclassified information (CUI) must comply with Defense Federal Acquisition Regulation Supplement (DFARS) standards. The DoD has responded to the growing threat of cyber incidents, including cyberattacks from cybercriminals and nation-states, by prioritizing cybersecurity best practices and insisting they are implemented throughout the DoD supply chain.