Category:

Compliance Standards

Staying informed about all of the cyber security compliance standards is essential to keeping your company safe from hackers. Read on to learn about the various steps you can take to stay up to date with your industry’s compliance standards.

NIST 800-171 / DFARS

DFARS Compliance Checklist

by RSI Security March 29, 2019August 13, 2019

written by RSI Security

What is the DFARS Checklist?

DFARS stands for Defense Federal Acquisition Regulation Supplement. Despite its best intentions, the acronym doesn’t give the layman much of a hint to its actual purpose. In simpler terms, the DFARS checklist is a security standard set forth by the Department of Defense (DoD).

Any business or entity that holds Controlled Unclassified Information (CUI) is required to meet the DFARS minimum security standards or runs the risk of losing all of their DoD contracts. This supplemental regulation summary comes from NIST Handbook 162. A complete breakdown of cybersecurity requirements and a step-by-step guide is available for your perusal. Be forewarned that the NIST handbook 162 is not the easiest read. However, it is very useful.

Companies with defense contracts may be interested to know that within NIST Handbook 162 is also information regarding NIST SP 800-171. NIST SP 800-171 and DFARS compliance are closely related but have separate requirements that all must be met in order to maintain DoD contracts.

The most recent DFARS compliance update deadline was the last day of 2017. Due to the nature of digital security, continual updates of DFARS are to be expected every few years.

DFARS are complicated security requirements that involve following some confusing instructions. RSI Security has been helping businesses of all sizes with all types of security obligations. Read on to learn how you can cross off the DFARS checklist or contact us today for more personal help.

March 29, 2019August 13, 2019 0 comment

NY DFS - 23 NYCRR 500

What Is the NYDFS Cybersecurity Regulation?

by RSI Security March 22, 2019April 12, 2019

written by RSI Security

While breaches revealing public information (like pictures or emails) are concerning, the prospect of a financial breach tends to instill a higher level of panic. Additionally, accountability becomes even more important as more of these breaches occur. People want guarantees that their financial information is protected to the greatest extent possible.

Consequently, New York took a step toward greater security by enacting the 23 NYCRR 500 regulation, which focuses on cybersecurity for financial institutions. Do you know about the NYDFS cybersecurity regulations or how they affect you? Find out now with our comprehensive blog post.

March 22, 2019April 12, 2019 0 comment

Data Protection Officer

Do I Need To Appoint A Data Protection Officer?

by RSI Security March 15, 2019January 6, 2025

written by RSI Security

Breaches in the confidentiality of personal information gathered in the regular course of commercial or business activities have been in the news for many years with little to no compliance action until recently.

The implementation of the General Data Protection Regulation (GDPR) on May 4th, 2016 was put into motion on May 25th, 2018 and has since been an integral part in keeping personal and sensitive data safe from those who wish to use it maliciously.

GDPR has evolved through the first full year of application, making it much more difficult for many companies to stay compliant and stave off colossal fines within GDPR regulations (Google included).

Many American-based companies feel that since the original terms of GDPR were drawn up for the European data market that they do not apply to their company. Unfortunately, many organizations’ digital operations exist in a globally manufactured web of platforms that fall under the jurisdiction of this data protection regulation, GDPR.

A plethora of global companies are searching high and low for sustainable solutions, to realize that the key to data protection compliance has been baked into GDPR all along. That solution lies with a company’s Data Protection Officer (DPO). This article will serve as a high-level understanding of a DPO’s role as it pertains to a data protection officer GDPR requirements and responsibilities, how to hire a good DPO, and which organizations and legal entities are required to appoint a DPO.

March 15, 2019January 6, 2025 0 comment

PCI DSS

What is PCI P2PE?

by Nicholas Giatrelis February 15, 2019January 14, 2020

written by Nicholas Giatrelis

Need for Payment Cardholder Data Protection

There have been 2,216 confirmed data breaches in 2018. 76% of breaches were financially motivated. Cybercriminals are increasingly becoming more sophisticated. Data breach preparedness among the companies are at an alltime high. 324 data breaches involved stealing credit card data at the Point of Sale (POS) where card-present retail transactions are conducted. 414 credit card data breaches involved targeting payment web applications.

There’s one common security vulnerability leading to these payment cardholder data breaches at the POS and within web applications: Lack of payment cardholder data encryption.

PCI Point to Point Data Encryption (P2PE) to the rescue!

February 15, 2019January 14, 2020 0 comment

Cloud Security PCI DSS

Navigating PCI DSS and the Cloud

by RSI Security February 1, 2019January 14, 2020

written by RSI Security

Cloud computing is an important resource for organizations of any size and has seen increasing use in recent years for payment processing. Despite the prevalence of moving cyberinfrastructure to a cloud environment, many organizations fail to properly assess how if and how they will be able to maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS) when their cardholder data environment (CDE) exists entirely in the cloud. Understanding how to maintain PCI DSS compliance when utilizing cloud services is essential for the numerous modern organizations that rely on the scale and convenience that cloud services provide.

In this article, we’ll break down some important considerations for organizations that are looking to maintain pci compliance storing credit card data in the cloud. In order to provide some context, we’ll outline what is cloud computing, what some of the advantages of cloud computing are, and explore some of the challenges of meeting the requirements of pci dss regulations when your CDE has either partially or fully cloud-based services.

February 1, 2019January 14, 2020 0 comment

PCI DSS

What is a Token Service Provider?

by Nicholas Giatrelis February 1, 2019January 14, 2020

written by Nicholas Giatrelis

When it comes to ensuring that only authorized personnel are allowed into systems remotely, one of the best ways is to use a token. When it comes to keeping Credit Card Holder Data protected, one of the best solutions is tokenization. Many options exist for token use as well as for tokenization. We will discuss the basics of tokens, tokenization, and token service providers (TSPs) below.

February 1, 2019January 14, 2020 0 comment

PCI DSS

Upcoming PCI Programs And Changes

by RSI Security February 1, 2019January 14, 2020

written by RSI Security

The Payment Card Industry Security Standards Council (PCI SSC) releases regular updates to existing programs and creates new programs on an ongoing basis as security needs change. Staying abreast of the changes to PCI programs is essential to maintaining PCI compliance over time. Understanding what new programs are being created and how those programs might affect your operations is also important, as the creation of new PCI programs can impact security implementations in a variety of ways.

February 1, 2019January 14, 2020 0 comment

California's Cybersecurity Regulations

California’s New Cybersecurity Regulations: Internet Of Things Law

by RSI Security January 25, 2019January 28, 2019

written by RSI Security

What do smart fridges, helpful robots, and Amazon’s Alexa all have in common? — the Internet of Things (IoT). Even if you aren’t already well acquainted with the IoT, you have most likely heard it in passing. The IoT’s elusive and ever-changing manner makes the concept difficult to define. Likewise, many cyber experts explain it in a different way, a fact that slows legislation regarding IoT security. Yet, with Gartner Inc. estimating society will utilize 20.4 billion connected devices by 2020, it’s imperative that IoT security awareness increases. Did you know that California just passed an Internet of Things legislation to improve cybersecurity? Find out more with this helpful article.

January 25, 2019January 28, 2019 0 comment

PCI DSS

Protecting Telephone-Based Payment Card Data

by RSI Security January 25, 2019January 14, 2020

written by RSI Security

Protecting payment card data is essential in all environments, including when card data is taken over the telephone. Areas of organizations that interact with sensitive data in a telephone-based environment are particularly susceptible to fraud or theft of cardholder data. As such, protecting telephone-based payment card data is essential for all businesses that conduct transactions over the phone.

January 25, 2019January 14, 2020 0 comment

PCI DSS

What Is PAN Data And Why Is It Important?

by RSI Security January 25, 2019January 14, 2020

written by RSI Security

The act of storing primary account numbers (PANs) has already had a profound effect on network security for a plethora of organizations. Massive data breaches have ensued over the years based on companies choosing to store PANs on their servers for ease of access.

Many companies who have been inflicted by a data breach use this excuse of consumer convenience in their choice to store PAN data on their network. These companies who use this excuse also are not Payment Card Industry Data Security Standard (PCI DSS) compliant as the PCI DSS requires that merchants never store track data, for any reason.

January 25, 2019January 14, 2020 0 comment

Load More Posts