Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The compliance deadline (March 31, 2025) for PCI DSS v4.0.1 is over. This date was a big change for global information security rules. It’s now April 1, 2025, and companies need to ask: “What’s next?” Some organizations haven’t finished requirement 6.4.3 (script integrity verification) or requirement 11.6.1 (browser protection controls). They must act fast to avoid non-compliance consequences.

Federal Desktop Core Configuration (FDCC) was mandated by the US Office of Management and Budget (OMB) in 2007 and provides a set of security standards that must be adhered to by all federal workstations and laptops running Windows XP or Vista. FDCC evolved into the United States Government Configuration Baseline (USGCB) starting in 2010, although some agencies and contracts may still be under lingering FDCC compliance obligations.

If your SaaS platform collects, processes, or stores EU residents’ data, GDPR compliance is essential to avoid regulatory issues, legal escalations, and operational interruptions. ‍ Due to GDPR’s comprehensive nature, ensuring compliance can be challenging—especially without adequate guidance. ‍ This guide provides granular information to help you start working toward GDPR compliance as a SaaS platform owner. We’ll cover: ‍

Every year, companies across industries breathe a collective sigh of relief when the auditors give the thumbs-up. The SOC 2, ISO 27001, PCI DSS – pick your acronym – get ticked off, and it’s back to business. But let’s be honest: how often does that success feel earned? More than a few security and compliance teams have walked out of an audit room with relief, not pride.

As of the end of last year, DoD contractors have to start paying attention to CMMC, as the Final Rule for CMMC 2.0 is now in force. While the timelines for full CMMC 2.0 compliance have just started, the full compliance process will inevitably take time. There will be mistakes, gaps, and missed items along the way. The accepted way to handle these gaps is through the use of POA&Ms. What are POA&Ms, how do you use them, and what do you need to know for 2025 and beyond?

Content originally published in Cybersecurity Insiders.

CURRENCY noun (cur· ren· cy): a common article for bartering.

The EU AI Act is one of the world’s first comprehensive regulations aimed at AI-based systems. While we had voluntary standards like ISO 42001, the Act introduced mandatory requirements that in-scope organizations must meet to avoid considerable fines and operational disruptions. ‍ If you develop, use, or distribute AI systems, you may have to meet the obligations prescribed by this directive. Our EU AI Act summary will help you do so by covering: ‍

Canada's digital infrastructure relies heavily on APIs, facilitating a range of services from citizen interactions to vital government data exchanges. This interconnectedness, though revolutionary, brings forth intricate security challenges. Comprehending and complying with the Government of Canada's API standards is now imperative rather than optional. We will delve into these standards, the increasing threat landscape, and examine how solutions like Salt Security can protect your APIs.