As a risk-based response to the continuous, and varied assaults on our systems by criminals, the PCI DSS standard requires a minimum of 20 technical scans per full year for merchants, and 21 for third-party service providers (TPSPs)
The Federal Information Processing Standard (FIPS) is a collection of rules published by the National Institute of Standards and Technology (NIST) that outlines how to store and handle sensitive data securely. It is a fundamental security precaution that all companies must use to protect Personally Identifiable Information (PII). FIPS defines best practices for data encryption, authentication, and access control.
The U.S. federal government tends to move very slowly – except when it comes to zero-trust cybersecurity. The drive to get all agencies to zero trust is cruising along at warp speed, as evidenced by White House Executive Order 14028, CISA’s Zero Trust Maturity Model, OMB OMB M-22-09 and the DoD zero trust strategy and roadmap, all of which were released within the span of less than two years.
Welcome to our guide on SOC 2 compliance! We’ll cover everything you need to know about SOC 2, including its key principles, types of reports, the preparation & audit processes, costs, and best practices. Let’s get started!
SOC 2 reports evaluate internal controls to see how well a company identifies, assesses, mitigates, and monitors risks. In the context of third-party risk management (TPRM), a SOC 2 can give you confidence that your critical vendors are following best practices to protect your data. If you’re getting started with SOC 2 for third-party risk management or need an update, this blog has got you covered.
Since its initial release in January 2020, the Cybersecurity Maturity Model Certification (CMMC) has undergone a series of fundamental changes. In particular, the US Department of Defense (DoD) transitioned from five planned compliance levels for CMMC 1.0 compliance to three required levels for CMMC 2.0 compliance. Coinciding with that change, more DoD contractors have become empowered to perform CMMC 2.0 self-assessments.
Did you know that 70% of organizations have adopted a Bring Your Own Device (BYOD) policy? As technology continues to evolve, more companies are encouraging employees to use their personal devices for work purposes. While this can increase flexibility and productivity, it also poses unique challenges in terms of security and compliance. In this article, we’ll discuss.
One of Canada’s largest credit unions, Coast Capital Savings Credit Union (CSS), with over 50 branches across the country, needed to protect critical PII data stored in their AWS cloud environments, Amazon Redshift, AWS EMR, and AWS S3. CSS had to meet Canadian regulatory standards for compliance in 2021, including the Personal Information Electronic Documents Act (PIPEDA), along with a data transformation initiative surrounding its architecture.
