Security compliance programs help your organization identify, implement, and maintain appropriate security controls to protect sensitive data, comply with laws and contractual obligations, and adhere to the standards, regulatory requirements, and frameworks needed to protect customers and enable the business to succeed. ‍ In other words, with a security compliance program in place, companies are able to demonstrate that they meet designated security requirements and objectives.

The Cybersecurity Maturity Model Certification (CMMC) is a US Department of Defense (DoD) certification framework that aims to protect sensitive information handled by Defense Industrial Base (DIB) contractors by establishing a set of cybersecurity standards and best practices to follow. DIB partners often handle critical DoD information and other government data to operate, which typically has various levels of sensitivity and classification.

If you are using Microsoft 365 (M365) or SharePoint and need to comply with or learn more about US export control requirements, read our 6 W’s of ITAR and EAR Compliance to help you comply with these strict U.S. regulations.

The increasing number and sophistication of data breaches has led to increased concern among boards, regulators, and the public about threats to the data environment. That, in turn, has led to a desire for constant data protection – and a rise in the importance of continuous compliance monitoring to be sure that those data protection efforts are always sufficient and working.

As the industry’s first automated compliance platform, Vanta includes a wealth of pre-built content, which enables customers without existing compliance processes to quickly get up and running. ‍ But more mature organizations may already have a compliance program — from the processes they follow to the definitions of their compliance and security surface area — that is built to meet their unique compliance goals, auditor requirements, and tech stack.

TrustCloud teamed up with Dansa D’Arata Soucia on our Risk Rodeo webinar, to discuss everything you need to know to wrangle up risks with confidence. Our panelists weighed in on the four things that auditors look for in risk management processes.

Welcome to our guide on Security Questionnaires (SQs)! We’ll cover everything you need to know about SQs, including a complete breakdown of what they’re all about, what risk assessments look like from a prospective customer’s POV, and best practices for the vendors responding. Let’s get started!

There are five levels that make up the Cybersecurity Maturity Model Certification (CMMC) framework. These levels range from Level 1 (Basic Cyber Hygiene) to Level 5 (Advanced/Progressive). With each level of cybersecurity certification, the requirements of the previous level are built upon and new controls and practices are introduced.

Decree No. 2009-834 established ANSSI (Agence nationale de la sécurité des systèmes d’information) as the National Cybersecurity Agency of France in 2009. In 2013, Article 22 of the Military Programming Law defined ANSSI’s functions and responsibilities, giving the agency regulatory and enforcement powers. Further, ANSSI is France’s primary point of contact with the larger European Union (EU) Network and Information Systems (NIS) Directive, with Decree No.