Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Compliance

Ensuring Cybersecurity Compliance: Navigating CMMC Assessment and Affirmation Requirements

For defense contractors, cybersecurity is a non-negotiable priority. The Cybersecurity Maturity Model Certification (CMMC) program outlines rigorous assessment and affirmation requirements for contractors and subcontractors. Let’s dive into the key elements that shape this crucial aspect of CMMC compliance.

CMMC 2.0: Your Questions Answered

By now, you are likely aware that the Cybersecurity Maturity Model Certification (CMMC) Program Proposed Rule was published in the Federal Register on December 26, 2023. This set into motion a series of deadlines, which will culminate in the full implementation of CMMC 2.0. It also set into motion a flurry of activity within the Defense Industrial Base (DIB) and the realization that a deadline for compliance looms large.

The Role of Self-Attestation in Compliance: Benefits and Challenges

Self-attestations are an increasingly popular tool for cybersecurity compliance frameworks such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Cybersecurity and Infrastructure Security Agency (CISA) directives. The idea is that organizations attest to meeting specific security controls and requirements without third-party validation.

Making Sense of the SEC's New Rules for Cybersecurity Risk and Disclosure (Part I)

As the digital age unfolds, we continue to see seismic increases — decade-to-decade, year-to-year, and even month-to-month — in the amount of data we create as well as its value to us, both individually and collectively. From medical records, financial statements, and classified government documents to transactional processing systems, customer information, social media engagements, pictures of our pets, and so much more, data is the lifeblood of modern society.

Optimizing Compliance Management With the Best GRC Software

To optimize compliance management within an organization, it’s crucial to select the right governance, risk, and compliance (GRC) software for your business. This guide will review the importance of GRC software, how it helps with compliance management, what essential features to look for, and which GRC solutions are top-rated for 2024, with a special focus on ZenGRC as a leading option. GRC software plays a pivotal role helping businesses navigate the modern risk management landscape.

Navigating the EU compliance landscape: How Detectify helps support customers in their NIS2 Directive, CER, and DORA compliance challenges

Navigating the complex and ever-changing compliance landscape is difficult for many companies and organizations. With many regulations, selecting the appropriate security tooling that aligns with the compliance needs of your business becomes a significant challenge.

Planning with Purpose: 10 Tips to Develop Your Year-Long Security and Compliance Training Program

Our team at KnowBe4 recently got together to talk about planning for annual security and compliance training. You might be thinking, “Aren’t you a little late in planning for the year? It’s March already...” We are actually talking about 2025. Not everyone trains millions of learners all around the world like we do, so your planning for compliance and security training might be on a different timescale.

Meet EO 14028 requirements with Datadog Log Management, Cloud Workload Security, and Cloud SIEM

As of August 2023, only 3 out of 23 US government agencies were compliant with Office of Management and Budget (OMB) requirements for log management and security observability. These requirements are outlined in M-21-31, a 2021 memorandum that was issued following Executive Order 14028 on improving national cybersecurity. Until all of these agencies implement the new requirements, the federal government’s ability to fully detect, investigate, and remediate cybersecurity threats will be constrained.

FAQ: What Are the DoD Requirements for Wiping Data?

In today’s digital age, destroying data is not as easy as it once was. Before the advent of computers, if you needed to destroy sensitive government information to prevent it from falling into the wrong hands, all you often needed to do was light some papers on fire. With computers, you might think that it’s a simple matter. After all, if you’ve ever accidentally deleted a file or had a hard disk crash, you’ve probably lost data and haven’t been able to recover it.