Compliance Standards Archives | Page 36 of 80

How and Why DoD Contractors Must Protect Covered Defense Information

by RSI Security November 23, 2021June 5, 2023

The federal government utilizes contractors to provide routine services and products to achieve the nation’s missions and conduct operations. During the course of business, the government shares sensitive information with federal contractors, which is then stored, processed, and transmitted via information systems. Department of Defense (DoD) contractors must abide by Defense Federal Acquisition Regulation Supplement (DFARS) requirements for protecting Covered Defense Information (CDI), which is directly related to national security.

November 23, 2021June 5, 2023 0 comment

California Consumer Privacy Act (CCPA)

Who Enforces CCPA Compliance?

by RSI Security November 19, 2021March 1, 2022

written by RSI Security

The California Consumer Privacy Act (CCPA) took effect on July 1, 2020, providing state residents with the most comprehensive data privacy protections in the US. Comparable to the EU’s GDPR, the CCPA specifies individuals’ rights regarding companies collecting, using, and storing their personal data.

November 19, 2021March 1, 2022 0 comment

PCI DSS

What Are the PCI Merchant Level Requirements?

by RSI Security November 18, 2021November 24, 2021

written by RSI Security

Companies that process credit card payments must comply with the Payment Card Industry (PCI) Data Security Standard (DSS). Two essential questions for all organizations seeking PCI compliance are what is merchant PCI compliance? and what does it require? Below, we answer these and other questions about PCI merchant level requirements applicable to your business.

November 18, 2021November 24, 2021 0 comment

HITRUST

What is the HITRUST Threat Catalogue?

by RSI Security November 17, 2021March 30, 2022

written by RSI Security

Organizations in any industry can benefit from threat intelligence, or information that helps identify, analyze, categorize, and ultimately mitigate cybersecurity threats. The HITRUST threat catalogue, a publication of the HITRUST Alliance, is designed with these aims in mind. It breaks down the most common and dangerous kinds of threats into manageable categories, so that an organization can swiftly determine how to address a given threat before it becomes a full event.

November 17, 2021March 30, 2022 0 comment

CMMC

CMMC 2.0 Update: Everything Your Organization Needs to Know

by RSI Security November 15, 2021December 22, 2021

written by RSI Security

The Cybersecurity Model Maturity Certification (CMMC) framework protects Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) processed by Department of Defense (DoD) contractors. On November 4, 2021, the DoD announced a massive overhaul of CMMC version 1.02 and the imminent release of CMMC 2.0. The new framework is not yet publicly available, leaving many organizations with questions about how they’ll need to adjust.

November 15, 2021December 22, 2021 0 comment

Network Vulnerability Assessments for Mid-market Businesses

PCI DSS

PCI Compliance Network Security Requirements

by RSI Security November 12, 2021November 25, 2021

written by RSI Security

It is critical for payment card industry (PCI) organizations to protect cardholder data (CHD) integrity throughout processing, storage, and transmission. Specifically, PCI compliance network security can help minimize the risks of CHD breaches during processing and transmission across web applications and networks. Recent data breaches highlight the need for PCI organizations to address the exploitable network security vulnerabilities that could potentially compromise CHD integrity. Read on to learn more about how to address these vulnerabilities via PCI compliance network requirements.

November 12, 2021November 25, 2021 0 comment

PCI DSS

Can You Dispute Fines for PCI Non-Compliance?

by RSI Security November 11, 2021November 25, 2021

written by RSI Security

Compliance with the Payment Card Industry Data Security Standards (PCI DSS) is critical to securing credit and debit card payment transactions. Organizations in the PCI industry deemed non-compliant with PCI DSS requirements may be subject to steep fines, ranging anywhere from $5,000 to $50,000 monthly, depending on the length of violation and compliance level. However, you can dispute fines for PCI non-compliance.

November 11, 2021November 25, 2021 0 comment

HITRUST

Changes Between HITRUST CSF v9.4 and v9.5

by RSI Security November 8, 2021November 16, 2021

written by RSI Security

The HITRUST Common Security Framework, or HITRUST CSF, is a global, certifiable framework developed to aid organizations’ regulatory compliance efforts. In 2020, HITRUST CSF v9. 4 introduced several updates specific to the Cybersecurity Maturity Model Certification (CMMC) for US Department of Defense contractors. In September 2021, HITRUST v9. 4 was updated to v9. 5. What are the most significant changes in this latest version?

November 8, 2021November 16, 2021 0 comment

HITRUST

HITRUST Corrective Action Plan Management Strategies

by RSI Security November 4, 2021November 16, 2021

written by RSI Security

The HITRUST Approach covers four key strategies to achieve your information security risk management and compliance goals: “Identify & Define,” “Specify,” “Implement & Manage,” and “Assess & Report.” Corrective action plans (CAPs) are categorized under Assess and Report. CAP management allows you to synthesize your collection of self-assessments, gaps in compliance, and other CAP data into a reliable, manageable, and distributable format that’s flexible for your organization’s security needs.

November 4, 2021November 16, 2021 0 comment