RSI Security

Blog

  • What Your HR Team Needs to Know About HIPAA?

    What Your HR Team Needs to Know About HIPAA?

    The Health Insurance Portability and Accountability Act (HIPAA) was created to protect patients’ protected health information (PHI). Over time, HIPAA rules have expanded, requiring both covered entities and business associates to comply. Even companies outside these categories often handle employee PHI, making awareness and proper HIPAA training for HR teams essential to ensure compliance and safeguard sensitive information.

    Why this matters: Violations can result in serious legal consequences for your business and staff. HR teams must be trained in HIPAA compliance procedures, ensuring your organization meets regulatory standards and protects sensitive information. (more…)

  • Overview of CMMC Level 3 Requirements

    Overview of CMMC Level 3 Requirements

    If your organization handles Controlled Unclassified Information (CUI) for the U.S. Department of Defense (DoD), understanding CMMC Level 3 requirements is essential.

    Level 3 represents advanced cybersecurity maturity and focuses on protecting sensitive defense information from advanced persistent threats (APTs). In this guide, we break down:

    • What CMMC Level 3 is

    • The total number of practices required

    • Domain-by-domain control breakdown

    • How to meet Level 3 requirements

    • What assessors look for

    Let’s start with a quick framework overview.
    (more…)

  • Will PCI 4.0 Changes Impact Physical Storage Device Security?

    Will PCI 4.0 Changes Impact Physical Storage Device Security?

    Physical storage devices are among the most widespread forms of technology, used by nearly every company, regardless of a business’ size and scope. They encompass not only hard drives, but any physical device on which data is stored, including laptops, thumb drives, smartphones, or even credit cards. It’s important to protect them, and the Payment Card Industry Data Security Standard (PCI DSS) sets the standard for how to do that. Thus, PCI DSS 4.0 changes may impact them in profound ways.

    (more…)

  • Main Goals of HITECH: Everything You Need to Know

    Main Goals of HITECH: Everything You Need to Know

    Understanding HITECH Act Goals starts with looking back at 2009. That year, the Obama administration passed the American Recovery and Reinvestment Act (ARRA) to stimulate the U.S. economy following the Great Recession.

    As part of that legislation, lawmakers introduced the Health Information Technology for Economic and Clinical Health (HITECH) Act to modernize healthcare data systems and strengthen patient privacy protections under HIPAA.

    The primary goals of the HITECH Act were twofold:

    • Accelerate the adoption of electronic health records (EHRs)
    • Strengthen the privacy and security of protected health information (PHI)

    However, the HITECH Act goals extend far beyond digitization. The law reshaped healthcare compliance, increased enforcement penalties, and expanded HIPAA requirements for business associates.

    Below, we break down the main goals of the HITECH Act and what they mean for healthcare organizations today. (more…)

  • What is an Approved Scanning Vendor (ASV)?

    What is an Approved Scanning Vendor (ASV)?

    An Approved Scanning Vendor (ASV) is a PCI-certified company that performs external network vulnerability scans to help organizations identify security weaknesses. Merchants of all sizes are required by the PCI Security Standards Council to conduct these scans regularly to detect vulnerabilities before attackers can exploit them.

    In the sections below, we’ll explain how an Approved Scanning Vendor works and how ASVs help businesses maintain PCI compliance.

    (more…)

  • Navigating the EU AI Act: How ISO 42001 Can Prepare Your Organization

    Navigating the EU AI Act: How ISO 42001 Can Prepare Your Organization

    The EU AI Act is one of the most significant regulations shaping the safe and ethical use of artificial intelligence. This comprehensive legislation sets clear rules for the development, deployment, and governance of AI within the European Union. To prepare for compliance, organizations can leverage ISO 42001, the international standard for AI governance and risk management. By aligning with both the EU AI Act and ISO 42001, businesses can strengthen security, ensure ethical practices, and stay ahead in an evolving regulatory landscape. (more…)

  • Security Risks of AI, and How Does ISO 42001 Help?

    Security Risks of AI, and How Does ISO 42001 Help?

    AI security risks are a growing concern as businesses adopt artificial intelligence across operations. From data breaches and system vulnerabilities to regulatory and ethical challenges, organizations face multiple threats when implementing AI. The ISO 42001 standard helps mitigate these risks, providing a framework for stronger security, compliance, and responsible AI governance. (more…)

  • How to Prepare for CMMC and NIST Assessments

    How to Prepare for CMMC and NIST Assessments

     

    If your organization works with U.S. government agencies, including the Department of Defense, you may be required to undergo CMMC assessments and NIST assessments. Preparing for these assessments starts with identifying the standards relevant to your contracts, conducting a readiness review, implementing the necessary controls, and collaborating with an accredited assessor to ensure compliance.

    Not sure if your organization is ready? Schedule a consultation today to evaluate your CMMC assessment readiness and streamline your compliance process.

    (more…)

  • PCI DSS Requirement 10: Logging & Monitoring for Threat Detection

    PCI DSS Requirement 10: Logging & Monitoring for Threat Detection

    In today’s evolving threat landscape, cybercriminals continuously target sensitive payment data. To combat these risks, PCI DSS Requirement 10 emphasizes the importance of audit logging and security monitoring. This requirement mandates detailed tracking of user activities and system events, helping organizations detect threats early and prevent potential breaches.

    (more…)

  • Creating a PCI DSS Account Lockout Policy

    Creating a PCI DSS Account Lockout Policy

    Organizations that process credit card payments must follow the Payment Card Industry Data Security Standard (PCI DSS)a global framework designed to protect cardholder data from breaches and fraud. One of the key requirements is implementing a strong account lockout policy. This security control helps prevent unauthorized access, reduces the risk of brute-force attacks, and strengthens overall system integrity.

    In this article, we explain how to create an effective PCI DSS account lockout policy, how it aligns with PCI DSS v4.0 requirements, and why it is essential for a PCI-compliant information security program. (more…)