Home Compliance Standards
Category:

Compliance Standards

Staying informed about all of the cyber security compliance standards is essential to keeping your company safe from hackers. Read on to learn about the various steps you can take to stay up to date with your industry’s compliance standards.

CCPA vs. GDPR: What’s The Difference?
California Consumer Privacy Act (CCPA)GDPR

CCPA vs. GDPR: What’s The Difference?

by RSI Security
written by RSI Security

Consumer data privacy has become a hot topic these days with various legislations enacted to promote and strengthen the privacy rights of consumers. There is a global trend of forcing companies to be more accountable and responsible when it comes to protecting consumer data.

Consider the General Data Protection Regulation (GDPR), which was designed to protect the personal data of citizens of the European Union (EU).  It was passed into law in 2016 and took effect two years later.

A couple of months after the GDPR took into effect, then California Governor Jerry Brown signed into law the California Consumer Privacy Act (CCPA) which will be implemented in 2020. The CPPA is widely considered one of the toughest consumer privacy laws in the United States.

Because of the nature of these two legislations, a comparison between the GDPR and CCPA is unavoidable. This article will discuss briefly the two data privacy acts and enumerate the differences between GDPR and CCPA.

Continue Reading
0 comment
1 FacebookTwitterGoogle +LinkedinEmail
How to Become DFARS Compliant
NIST 800-171 / DFARS

How to Become DFARS Compliant

by RSI Security
written by RSI Security

Years ago, governments defended themselves through espionage and military engagement. Today, there are still plenty of both. However, the form they’ve taken has changed drastically. Physical spies have given way to higher levels of digital reconnaissance. To defend against these threats, the U.S government created the Defense Federal Acquisition Regulation Supplement (DFARS) in 2017.

Without getting too deep into how DFARS functions as an organization, and what countries need to be aware of DFARS compliance, here we’ll cover go through a complete step by step breakdown of how to become DFARS compliant.

Naturally, a government mandate tasked with protecting sensitive information is going to be extremely comprehensive and (at times) exhausting. The NIST SP 800-171 is essentially all the inputs, outputs, regulations and requirements for any businesses looking to complete their DFARS compliant statement.

Continue Reading
0 comment
0 FacebookTwitterGoogle +LinkedinEmail
What Does DFARS Stand For?
NIST 800-171 / DFARS

What Does DFARS Stand For?

by RSI Security
written by RSI Security

If you are a client or a business that supports clients that serve the Department of Defense (DoD) as a contractor or subcontractor you’ve likely heard of Defense Federal Acquisition Regulation Supplement (DFARS).  Protecting sensitive national defense information shared with and created and maintained by private organizations that support federal government contracts is vital to our national security. DoD contractors that process, disseminate, store or transmit Controlled Unclassified Information (CUI) are required to meet DFARS minimum security standards or risk losing existing DoD contracts and eligibility for future contracts.

Continue Reading
0 comment
0 FacebookTwitterGoogle +LinkedinEmail
Do I need an NYDFS Risk Assessment?
NY DFS - 23 NYCRR 500

Do I need an NYDFS Risk Assessment?

by RSI Security
written by RSI Security

Sensitive data breaches and data loss are major concerns for any organization. The prospect of a financial data breach, however, often results in public panic and can lead to media headlines that destroy a business’s good reputation. In March 2017, the New York State Department of Financial Services released a new cybersecurity regulation for financial service providers, considered to be some of the most rigorous and comprehensive regulatory guidelines for the financial sector. It is the first step toward greater security to protect critical financial data that affects the lives and financial accounts of all individuals and organizations.

Continue Reading
0 comment
0 FacebookTwitterGoogle +LinkedinEmail
What Are The Soc 2 Compliance Requirements?
SOC 2

What Are The Soc 2 Compliance Requirements?

by RSI Security
written by RSI Security

Many different auditing processes exist, and companies increasingly face the challenge of choosing which type to conduct. Consumers and business partners demand data protection, so it is vital that companies understand the differences of each auditing process available. Are you aware of the Soc 2 compliance requirements? Find out how to be compliant from the experts at RSI Security.

Continue Reading
2 comments
0 FacebookTwitterGoogle +LinkedinEmail
What Is the California Consumer Privacy Act (CCPA)?
California Consumer Privacy Act (CCPA)

What Is the California Consumer Privacy Act (CCPA)?

by Nicholas Giatrelis
written by Nicholas Giatrelis

In 2015 a man named Alastair Mactaggart had a conversation with a friend of his, a Google engineer, about the amount of data Google had on people. The more he thought about it, the more concerned he became. Through his efforts, the California Consumer Privacy Act, also known as the california privacy law, was signed into law by California Governor Jerry Brown in June of 2018.

Sec 2, (i) States:

Therefore, it is the intent of the Legislature to further Californians’ right to privacy by giving consumers an effective way to control their personal information, by ensuring the following rights:

(1) The right of Californians to know what personal information is being collected about them.

(2) The right of Californians to know whether their personal information is sold or disclosed and to whom.

(3) The right of Californians to say no to the sale of personal information.

(4) The right of Californians to access their personal information.

(5) The right of Californians to equal service and price, even if they exercise their privacy rights.

Continue Reading
0 comment
0 FacebookTwitterGoogle +LinkedinEmail
How to Achieve NYDFS Cybersecurity Compliance
NY DFS - 23 NYCRR 500

How to Achieve NYDFS Cybersecurity Compliance

by RSI Security
written by RSI Security

It is a landmark regulation that is seen to have ripple effects on the cybersecurity practices of financial institutions not only in the United States but also worldwide. The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation, commonly referred to as 23 NYCRR 500, is considered as one of the most comprehensive cybersecurity regulations in the financial sector.   

This regulation takes on cybersecurity issues for financial institutions head-on by establishing strict requirements for state-chartered banks, private bankers, licensed lenders, mortgage companies, insurance companies, service providers, and foreign banks operating in New York.

This post will detail the various aspects of this landmark regulation, from and more importantly, how concerned or covered entities can do in order to achieve NYDFS cybersecurity compliance.

Continue Reading
0 comment
0 FacebookTwitterGoogle +LinkedinEmail
DFARS Compliance Checklist
NIST 800-171 / DFARS

DFARS Compliance Checklist

by RSI Security
written by RSI Security

What is the DFARS Checklist?

DFARS stands for Defense Federal Acquisition Regulation Supplement. Despite its best intentions, the acronym doesn’t give the layman much of a hint to its actual purpose. In simpler terms, the DFARS checklist is a security standard set forth by the Department of Defense (DoD).

Any business or entity that holds Controlled Unclassified Information (CUI) is required to meet the DFARS minimum security standards or runs the risk of losing all of their DoD contracts. This supplemental regulation summary comes from NIST Handbook 162. A complete breakdown of cybersecurity requirements and a step-by-step guide is available for your perusal. Be forewarned that the NIST handbook 162 is not the easiest read. However, it is very useful.

Companies with defense contracts may be interested to know that within NIST Handbook 162 is also information regarding NIST SP 800-171. NIST SP 800-171 and DFARS compliance are closely related but have separate requirements that all must be met in order to maintain DoD contracts.

The most recent DFARS compliance update deadline was the last day of 2017. Due to the nature of digital security, continual updates of DFARS are to be expected every few years.

DFARS are complicated security requirements that involve following some confusing instructions. RSI Security has been helping businesses of all sizes with all types of security obligations. Read on to learn how you can cross off the DFARS checklist or contact us today for more personal help.

Continue Reading
0 comment
0 FacebookTwitterGoogle +LinkedinEmail
What Is the NYDFS Cybersecurity Regulation?
NY DFS - 23 NYCRR 500

What Is the NYDFS Cybersecurity Regulation?

by RSI Security
written by RSI Security

While breaches revealing public information (like pictures or emails) are concerning, the prospect of a financial breach tends to instill a higher level of panic. Additionally, accountability becomes even more important as more of these breaches occur. People want guarantees that their financial information is protected to the greatest extent possible.

Consequently, New York took a step toward greater security by enacting the 23 NYCRR 500 regulation, which focuses on cybersecurity for financial institutions. Do you know about the NYDFS cybersecurity regulations or how they affect you? Find out now with our comprehensive blog post.

Continue Reading
0 comment
1 FacebookTwitterGoogle +LinkedinEmail
Load More Posts

This website uses cookies to improve your experience. If you have any questions about our policy, we invite you to read more. Accept Read More