In recent decades, public health agencies and public schools have worked hand in glove, sharing health information about students in order to better understand the broader picture of teens’ overall health. In addition, schools have increasingly sought to give their students more and better health services. Seeing as schools may keep or request sensitive health information from the students or parents, it’s natural to wonder what laws cover the security and privacy of these documents. These days, there are two major privacy laws – HIPAA and FERPA – that may or may not cover a student’s health records. Naturally, whether they do or don’t depends on your particular situation. That said, this article will attempt to wade the convoluted mire, illuminating you as to the differences between HIPAA vs FERPA. Keep reading to discover more!
Blog
-
How Do You Achieve Compliance with ISO 42001?
ISO 42001 compliance is essential for organizations aiming to manage artificial intelligence systems securely and ethically. As AI expands across industries, adhering to ISO 42001’s standards for AI Management Systems (AIMS) helps ensure robust governance, risk management, and ethical practices.
This guide outlines the key steps to achieve ISO 42001 compliance and highlights the benefits it brings to your organization.
-
What Are the Different Levels of Cybersecurity Maturity Model Certification?
In 2020, Department of Defense (DoD) contractors were required to implement robust cybersecurity protocols in response to increasing security breaches. One of the most significant incidents occurred on October 4, 2018, affecting over 30,000 civilian and military contractors. To prevent future breaches, companies that handle Controlled Unclassified Information (CUI) must demonstrate that their networks and systems meet stringent security standards. Achieving this requires compliance with the applicable Cybersecurity Maturity Model Certification (CMMC) levels for the type of data they manage. Before contractors and their partners can obtain certification, they need a clear understanding of the CMMC framework and its five distinct levels.
-
How to Conduct CMMC Employee Training
Cybersecurity is a crucial concern for every business in the world. No matter the kind or size of organization, it’s always imperative to safeguard against cybercrime to prevent loss of sensitive information and other related risks, such as theft and extortion. The threats posed by hackers and other bad actors are even more significant when it comes to matters of national security.
-
What are the Stages of PCI DSS Compliance?
Every organization faces unique cybersecurity challenges, which is why the PCI Compliance Levels framework is designed to provide flexibility while ensuring strong protection of cardholder data. Regardless of size or transaction volume, businesses must follow defined stages of PCI DSS compliance to validate their security posture. These stages outline the key steps every entity must take to achieve and maintain compliance across all PCI compliance levels.
-
Overview of CMMC Level 1 Requirements
If your organization works with the US Department of Defense (DoD), understanding the CMMC Level 1 Requirements is essential for meeting basic cybersecurity standards. In this guide, we’ll provide a clear overview of what Level 1 entails and what your team needs to do to stay compliant. This is the first part of our series on the Cybersecurity Maturity Model Certification (CMMC). For details on higher levels, check out our upcoming guides covering Levels 2, 3, 4, and 5. (more…)
-
When will CMMC 2.0 be required for DoD contracts?
CMMC 2.0 provides a robust cybersecurity framework mandated for DoD contractors, consolidating controls from key regulatory texts such as NIST SP 800-171 and SP 800-172. As organizations prepare for its implementation, understanding the distinct requirements of Levels 1 to 3 is crucial.
While Level 1 targets Federal Contract Information (FCI), Levels 2 and 3 focus on protecting Controlled Unclassified Information (CUI) and advanced threats. Certification, facilitated by Certified Third Party Assessment Organizations (C3PAOs), will be essential for maintaining compliance and bidding on future DoD contracts.
-
Weekly Threat Report: CISA’s Latest KEV Updates Signal Elevated Risk for Infrastructure, Office, and Legacy Systems
In the first week of 2026, cybersecurity teams received a clear warning: attackers aren’t waiting. Threat actors continue to exploit outdated and overlooked systems, while critical infrastructure grows into an even higher-value target. CISA KEV Known Exploited Vulnerabilities (KEV) catalog expanded by nearly 20 percent in 2025, and the latest additions highlight a troubling trend. Several newly listed vulnerabilities demonstrate how quickly unpatched systems are being weaponized, including:
- A maximum-severity remote code execution (RCE) vulnerability in HPE OneView that is now confirmed as actively exploited
- A Microsoft Office PowerPoint flaw from 2009 that is still delivering successful attack payloads
- 139 GB of stolen engineering and utility project data reportedly offered for sale on underground marketplaces
Each of these entries in the CISA KEV catalog targets technologies that support infrastructure operations, and they succeed for one primary reason: patching continues to lag behind exploitation.
Below, we break down what these CISA KEV updates mean and what security leaders need to prioritize now. (more…)
-
Do Dispensaries Share Information With The Government?
Ever since California passed Proposition 64, legalizing recreational marijuana, the market has grown rapidly. More dispensaries and farmers are entering the industry, contributing to what Statista forecasts as a steady increase in sales, from $5.62 billion in 2020 to an estimated $6.59 billion by 2025. California’s projected sales account for a large portion of the national growth, which is expected to reach $8.22 billion in 2020. Despite entering the market later than states like Washington, Oregon, and Colorado, California has already surpassed them in annual sales with data privacy protection .
With a robust medical marijuana market and a rapidly expanding recreational market, many customers are now asking: “Do dispensaries share my personal information with the government?” Understanding data privacy in the legal cannabis industry has never been more important.
-
What a vCISO Brings to Small Security Teams
Almost every enterprise has a CISO, but most small and growing businesses do not. That’s where a vCISO comes in. Acting as a virtual security leader, a vCISO provides governance, strategic direction, and decision-making support, helping organizations build and mature their security programs without the cost of a full-time executive. For growing teams, a vCISO fills a critical leadership gap and ensures security initiatives align with business goals. (more…)