NIST Cybersecurity Framework (CSF 2.0) NIST Cybersecurity Framework (CSF 2.0) The NIST (National Institute of Standards and Technology) Cybersecurity Framework (CSF) was established as a result of an executive order by former President Obama to improve critical infrastructure cybersecurity through partnership and collaboration. Compliance to this standard is voluntary...

NIST 800-218 (SSDF) Secure Software Development Framework NIST 800-218 SSDF NIST 800-218, also known as the Secure Software Development Framework (SSDF), provides guidelines and best practices for integrating security into the software development lifecycle (SDLC). Published by the National Institute of Standards and Technology (NIST), this framework is designed...

The Fundamentals of Football and Cybersecurity: A Playbook for Success Cybersecurity Could Use Football Practice In the world of football, victory is achieved through meticulous planning, discipline, and teamwork. The same principles apply to cybersecurity. At first glance, these two fields might seem worlds apart, but a closer look...

Payment Card Industry (PCI) Updated Regulation for PCI DSSv4.0 What is PCI DSS? The PCI Security Standards Council (PCI SSC) serves as a worldwide platform where stakeholders in the payments industry collaborate to establish and promote data security standards and resources, ensuring secure payments on a global scale.  Their...

California Privacy Rights Act (CPRA) CPRA The California Privacy Rights Act (CPRA) is a ballot measure approved by voters in November 2020. Who is a ‘consumer’? A consumer is natural person who is a California resident, as defined in the state’s tax regulations. What rights do consumers have? The...

California Consumer Privacy Act (CCPA) CCPA The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents (“Consumers”). It is a law that gives consumers more control over the...

General Data Protection Regulation (GDPR) GDPR The General Data Protection Regulation (GDPR) was passed by European Parliament in 2016 to establish data privacy and security standards for EU citizens. It is driven by fundamental privacy rights derived from the 1950 European Convention on Human Rights and introduces specific penalties;...

HIPAA HIPAA The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was designed for healthcare organizations to safeguard the privacy of electronic health information and was later supported by a Privacy Rule and a Security Rule. HHS published a final Privacy Rule in December 2000, which was later modified in...

SOC2 Certification SOC2 Certification Service Organization Control (SOC) is a trust-based cybersecurity framework and auditing standard designed by the American Institute of Certified Public Accountants (AICPA) to demonstrate a service provider’s operational controls. The Trust Services Criteria are grouped across the following: Security Availability Processing Integrity Confidentiality Privacy Who...

NIST 800-53 NIST 800-53 The National Institute of Standards and Technology (NIST) special publication 800-53 rev 5, Security and Privacy Controls for Information Systems and Organizations, is the latest version of security and privacy controls that can be used to manage risk for organizations of any sector and size,...

ISO 27001 / 27002 Information Security Framework ISO 27001 / 27002 Information Security Framework The International Organization for Standardization (ISO) created a standard for Information Security that is the basis for certifications to demonstrate effective cybersecurity programs for internal and external stakeholders. ISO27001:2022 is the latest iteration of the...

CMMC v2.0 CMMC v2.0 With this final rule, posted on 10/15/2024, the DoD establishes the Cybersecurity Maturity Model Certification (CMMC) Program in order to verify contractors have implemented required security measures necessary to safeguard Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). This rule is effective December 16,...