Payment Card Industry (PCI) Updated Regulation for PCI DSSv4.0 What is PCI DSS? The PCI Security Standards Council (PCI SSC) serves as a worldwide platform where stakeholders in the payments industry collaborate to establish and promote data security standards and resources, ensuring secure payments on a global scale.  Their...

California Privacy Rights Act (CPRA) CPRA The California Privacy Rights Act (CPRA) is a ballot measure approved by voters in November 2020. Who is a ‘consumer’? A consumer is natural person who is a California resident, as defined in the state’s tax regulations. What rights do consumers have? The...

California Consumer Privacy Act (CCPA) CCPA The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that regulates how businesses all over the world are allowed to handle the personal information (PI) of California residents (“Consumers”). It is a law that gives consumers more control over the...

General Data Protection Regulation (GDPR) GDPR The General Data Protection Regulation (GDPR) was passed by European Parliament in 2016 to establish data privacy and security standards for EU citizens. It is driven by fundamental privacy rights derived from the 1950 European Convention on Human Rights and introduces specific penalties;...

HIPAA HIPAA The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was designed for healthcare organizations to safeguard the privacy of electronic health information and was later supported by a Privacy Rule and a Security Rule. HHS published a final Privacy Rule in December 2000, which was later modified in...

SOC2 Certification SOC2 Certification Service Organization Control (SOC) is a trust-based cybersecurity framework and auditing standard designed by the American Institute of Certified Public Accountants (AICPA) to demonstrate a service provider’s operational controls. The Trust Services Criteria are grouped across the following: Security Availability Processing Integrity Confidentiality Privacy Who...

NIST 800-53 NIST 800-53 The National Institute of Standards and Technology (NIST) special publication 800-53 rev 5, Security and Privacy Controls for Information Systems and Organizations, is the latest version of security and privacy controls that can be used to manage risk for organizations of any sector and size,...

ISO 27001 / 27002 Information Security Framework ISO 27001 / 27002 Information Security Framework The International Organization for Standardization (ISO) created a standard for Information Security that is the basis for certifications to demonstrate effective cybersecurity programs for internal and external stakeholders. ISO27001:2022 is the latest iteration of the...

CMMC v2.0 (NIST 800-171) CMMC v2.0 (NIST 800-171) The Defense Federal Acquisition Regulation (DFARS) established a rule to implement a Cybersecurity Maturity Model Certification (CMMC) framework to assess contractor implementation of cybersecurity requirements to protect specific data types within the DoD supply chain. CMMC Model 2.0 is currently within...

Cybersecurity Framework Overview List of the most common cybersecurity frameworks Cybersecurity Framework Overview A cybersecurity framework provides a set of standard requirements for IT and security leaders to align their programs with to demonstrate a consistent way to establish, operate and measure security risk. The cybersecurity frameworks align to...

Governance, Risk, and Compliance GRC and the technologies that support it Governance, Risk, and Compliance (GRC) Management and Supporting Technologies The growing market for technology to support security programs is creating a more complex situation for many of our clients to navigate. Part of this is due to the...

NIST Cybersecurity Framework (CSF) NIST Cybersecurity Framework (CSF) The NIST (National Institute of Standards and Technology) Cybersecurity Framework (CSF) was established as a result of an executive order by former President Obama to improve critical infrastructure cybersecurity through partnership and collaboration. Compliance to this standard is voluntary but this...