If you are a client or a business that supports clients that serve the Department of Defense (DoD) as a contractor or subcontractor you’ve likely heard of Defense Federal Acquisition Regulation Supplement (DFARS). Protecting sensitive national defense information shared with and created and maintained by private organizations that support federal government contracts is vital to our national security. DoD contractors that process, disseminate, store or transmit Controlled Unclassified Information (CUI) are required to meet DFARS minimum security standards or risk losing existing DoD contracts and eligibility for future contracts.
Category: Compliance Standards
Staying informed about all of the cyber security compliance standards is essential to keeping your company safe from hackers. Read on to learn about the various steps you can take to stay up to date with your industry’s compliance standards.
-
Do I need an NYDFS Risk Assessment?
Sensitive data breaches and data loss are major concerns for any organization. The prospect of a financial data breach, however, often results in public panic and can lead to media headlines that destroy a business’s good reputation. In March 2017, the New York State Department of Financial Services released a new cybersecurity regulation for financial service providers, considered to be some of the most rigorous and comprehensive regulatory guidelines for the financial sector. It is the first step toward greater security to protect critical financial data that affects the lives and financial accounts of all individuals and organizations.
-
What Are The Soc 2 Compliance Requirements?
Many different auditing processes exist, and companies increasingly face the challenge of choosing which type to conduct. Consumers and business partners demand data protection, so it is vital that companies understand the differences of each auditing process available. Are you aware of the Soc 2 compliance requirements? Find out how to be compliant from the experts at RSI Security.
-
What Is the California Consumer Privacy Act (CCPA)?
In 2015 a man named Alastair Mactaggart had a conversation with a friend of his, a Google engineer, about the amount of data Google had on people. The more he thought about it, the more concerned he became. Through his efforts, the California Consumer Privacy Act, also known as the california privacy law, was signed into law by California Governor Jerry Brown in June of 2018.
Sec 2, (i) States:
Therefore, it is the intent of the Legislature to further Californians’ right to privacy by giving consumers an effective way to control their personal information, by ensuring the following rights:
(1) The right of Californians to know what personal information is being collected about them.
(2) The right of Californians to know whether their personal information is sold or disclosed and to whom.
(3) The right of Californians to say no to the sale of personal information.
(4) The right of Californians to access their personal information.
(5) The right of Californians to equal service and price, even if they exercise their privacy rights.
-
How to Achieve NYDFS Cybersecurity Compliance
It is a landmark regulation that is seen to have ripple effects on the cybersecurity practices of financial institutions not only in the United States but also worldwide. The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation, commonly referred to as 23 NYCRR 500, is considered as one of the most comprehensive cybersecurity regulations in the financial sector.
This regulation takes on cybersecurity issues for financial institutions head-on by establishing strict requirements for state-chartered banks, private bankers, licensed lenders, mortgage companies, insurance companies, service providers, and foreign banks operating in New York.
This post will detail the various aspects of this landmark regulation, from and more importantly, how concerned or covered entities can do in order to achieve NYDFS cybersecurity compliance.
-
DFARS Compliance Checklist
What is the DFARS Checklist?
DFARS stands for Defense Federal Acquisition Regulation Supplement. Despite its best intentions, the acronym doesn’t give the layman much of a hint to its actual purpose. In simpler terms, the DFARS checklist is a security standard set forth by the Department of Defense (DoD).
Any business or entity that holds Controlled Unclassified Information (CUI) is required to meet the DFARS minimum security standards or runs the risk of losing all of their DoD contracts. This supplemental regulation summary comes from NIST Handbook 162. A complete breakdown of cybersecurity requirements and a step-by-step guide is available for your perusal. Be forewarned that the NIST handbook 162 is not the easiest read. However, it is very useful.
Companies with defense contracts may be interested to know that within NIST Handbook 162 is also information regarding NIST SP 800-171. NIST SP 800-171 and DFARS compliance are closely related but have separate requirements that all must be met in order to maintain DoD contracts.
The most recent DFARS compliance update deadline was the last day of 2017. Due to the nature of digital security, continual updates of DFARS are to be expected every few years.
DFARS are complicated security requirements that involve following some confusing instructions. RSI Security has been helping businesses of all sizes with all types of security obligations. Read on to learn how you can cross off the DFARS checklist or contact us today for more personal help.
-
What Is the NYDFS Cybersecurity Regulation?
While breaches revealing public information (like pictures or emails) are concerning, the prospect of a financial breach tends to instill a higher level of panic. Additionally, accountability becomes even more important as more of these breaches occur. People want guarantees that their financial information is protected to the greatest extent possible.
Consequently, New York took a step toward greater security by enacting the 23 NYCRR 500 regulation, which focuses on cybersecurity for financial institutions. Do you know about the NYDFS cybersecurity regulations or how they affect you? Find out now with our comprehensive blog post.
-
Do I Need To Appoint A Data Protection Officer?
Breaches in the confidentiality of personal information gathered in the regular course of commercial or business activities have been in the news for many years with little to no compliance action until recently.
The implementation of the General Data Protection Regulation (GDPR) on May 4th, 2016 was put into motion on May 25th, 2018 and has since been an integral part in keeping personal and sensitive data safe from those who wish to use it maliciously.
GDPR has evolved through the first full year of application, making it much more difficult for many companies to stay compliant and stave off colossal fines within GDPR regulations (Google included).
Many American-based companies feel that since the original terms of GDPR were drawn up for the European data market that they do not apply to their company. Unfortunately, many organizations’ digital operations exist in a globally manufactured web of platforms that fall under the jurisdiction of this data protection regulation, GDPR.
A plethora of global companies are searching high and low for sustainable solutions, to realize that the key to data protection compliance has been baked into GDPR all along. That solution lies with a company’s Data Protection Officer (DPO). This article will serve as a high-level understanding of a DPO’s role as it pertains to a data protection officer GDPR requirements and responsibilities, how to hire a good DPO, and which organizations and legal entities are required to appoint a DPO.
-
What is PCI P2PE?
Need for Payment Cardholder Data Protection
There have been 2,216 confirmed data breaches in 2018. 76% of breaches were financially motivated. Cybercriminals are increasingly becoming more sophisticated. Data breach preparedness among the companies are at an alltime high. 324 data breaches involved stealing credit card data at the Point of Sale (POS) where card-present retail transactions are conducted. 414 credit card data breaches involved targeting payment web applications.
There’s one common security vulnerability leading to these payment cardholder data breaches at the POS and within web applications: Lack of payment cardholder data encryption.
PCI Point to Point Data Encryption (P2PE) to the rescue!
