Compliance Standards Archives | Page 29 of 80

DoD Compliance, Explained: NIST 800-53 Rev 4, 800-171, and CMMC

by RSI Security August 10, 2022October 11, 2022

To secure Department of Defense (DoD) and other government contracts, organizations must demonstrate compliance with specific frameworks that help protect federal contract information (FCI) and controlled unclassified information (CUI), such as CMMC 2.0 and NIST SP 800-171. NIST SP 800-53 Rev 4 provides a complementary framework, but it’s not mandatory like the other two. Still, SP 800-53 substantially informs and maps to SP 800-171 and CMMC 2.0.

August 10, 2022October 11, 2022 0 comment

PCI DSS

PCI DSS 4.0 Timeline: When Do You Need to Comply?

by RSI Security August 6, 2022August 24, 2022

written by RSI Security

PCI DSS Version 4.0 was released in March 2022, which means the clock has officially started ticking toward the deadline for complying with the new requirements. But what does this mean for your organization? How much time do you have to ensure you’re fully compliant?

August 6, 2022August 24, 2022 0 comment

SOC 2

What Are the SOC 2 Compliance Password Requirements?

by RSI Security August 2, 2022February 12, 2025

written by RSI Security

Service organizations looking to assure stakeholders about the effectiveness of their security controls can do so by reporting on SOC 2 compliance. When optimizing identity and access management (IAM) controls, the SOC 2 compliance password requirements will help you meet and surpass the standards necessary for maintaining data security. Read on to learn how.

August 2, 2022February 12, 2025 0 comment

HITECH

What is HITECH Act & Why is the HITECH Act Important?

by RSI Security July 23, 2022August 29, 2022

written by RSI Security

From 1996 to 2009, U.S. healthcare organizations operated under a strict regulatory act known as HIPAA. HIPAA, or the Health Insurance Portability and Accountability Act, intended to protect patient health data, make health insurance affordable, and to simplify hospital administrative procedures.

As the years progressed, loopholes arose, electronic systems (which were supposed to be incorporated) were ignored, and the U.S. healthcare infrastructure was in jeopardy of falling behind. Not to say that HIPAA was a failure, but after 13 years in operation, it was in desperate need of an update. In 2009, Congress passed the Health Information Technology for Economic and Clinical Health Act (HITECH) to give HIPAA the update it needed. HITECH closed loopholes and encouraged the adoption of electronic health records by enforcing stricter guidelines and increasingly high noncompliance fees.

Now, to avoid facing penalties, healthcare providers and subsidiary companies must be HITECH compliant. But what does that entail? Read ahead to find out.

July 23, 2022August 29, 2022 0 comment

PCI DSS

Network Data Flow Diagrams and PCI Compliance

by RSI Security July 19, 2022October 9, 2024

written by RSI Security

Network data flow diagrams are essential to understanding the flow of account data into, within, and outside of an organization’s data handling assets—and achieving PCI compliance. Beyond tracking the flow of account data within networks, network data flow diagrams also help secure cardholder data environments from potentially malicious traffic. Read on to learn more.

July 19, 2022October 9, 2024 0 comment

PCI DSS

What Are PCI Compliance Data Center Requirements?

by RSI Security July 15, 2022January 8, 2025

written by RSI Security

Compliance with the PCI DSS data center requirements is critical to safeguarding sensitive cardholder data (CHD) processed at data centers. Beyond protecting CHD from breach risks, the PCI compliance data center requirements help organizations optimize their PCI data safeguards to the standards required by the PCI DSS. Read on to learn more.

July 15, 2022January 8, 2025 0 comment

California Consumer Privacy Act (CCPA)

CCPA Lookback Period: 12 Month Requirement

by RSI Security July 7, 2022July 7, 2022

written by RSI Security

If your organization operates in California, or processes data from many California residents, you are likely subject to the California Consumer Privacy Act (CCPA). One component of the CCPA requirements is adhering to the new CCPA Lookback Period rules, which extend data subjects’ rights to their data into a retroactive period of 12 months. Following these rules means upholding data subjects’ rights in the present and future while accounting for the past, as well.

July 7, 2022July 7, 2022 1 comment

CMMC

Who Needs CMMC Certification? Do You Need It?

by RSI Security July 6, 2022September 26, 2025

written by RSI Security

In November 2021, the U.S. Department of Defense (DoD) introduced major updates to the Cybersecurity Maturity Model Certification(CMMC) program. These changes left many organizations in the Defense Industrial Base (DIB) wondering: Do we still need to comply with CMMC certification requirements?

The short answer is yes, but the more important question is which Level of CMMC certification applies to your organization. The required Level depends on the type of sensitive data you handle in your current or prospective DoD contracts. Understanding this distinction is critical, as it determines the cybersecurity controls you must implement—and how soon you need to meet them.

July 6, 2022September 26, 2025 0 comment

HITRUST

HITRUST: Beyond Healthcare Compliance Management Software

by RSI Security June 22, 2022December 20, 2022

written by RSI Security

Organizations trying to manage healthcare compliance can look to the healthcare compliance management software and frameworks offered by the HITRUST Alliance. Compliance with HITRUST CSF will strengthen your entire IT infrastructure and protect you from cybersecurity threats common to the healthcare industry and beyond. Read on to learn more.

June 22, 2022December 20, 2022 0 comment

HITRUST

How to Find HITRUST External Assessors

by RSI Security June 21, 2022February 22, 2023

written by RSI Security

When preparing for HITRUST certification, organizations rely on HITRUST external assessors for compliance assessments and vulnerability remediation guidance. It is critical that you find a HITRUST certification partner that helps meet your compliance and security needs. Read our guide to learn how and where to find HITRUST external assessors.

June 21, 2022February 22, 2023 0 comment