RSI Security

Blog

  • What are the 20 CIS Critical Security Controls?

    What are the 20 CIS Critical Security Controls?

    In 2008, the U.S. defense industry experienced one of the largest cyber intrusions in its history. That breach sparked a collaborative effort to define a prioritized, actionable cybersecurity framework. That effort eventually evolved into the CIS Critical Security Controls, now maintained by the Center for Internet Security (CIS).

    Today, the CIS Critical Security Controls (formerly known as the CIS Top 20) provide organizations with a proven roadmap for defending against the most common and damaging cyber threats.

    In this guide, we’ll break down all 20 CIS Critical Security Controls, explain why they matter, and outline how organizations can implement them effectively. (more…)

  • SSAE 18 type 2 vs SOC 2 Type 2 – What’s the Difference?

    SSAE 18 type 2 vs SOC 2 Type 2 – What’s the Difference?

    If you’re comparing SSAE 18 SOC 2 Type 2, you’re not alone. These terms are often used interchangeably, but they are not the same thing.

    Here’s the short answer:

    • SSAE 18 is an auditing standard issued by the AICPA.

    • SOC 2 Type 2 is a specific report performed under SSAE 18 that evaluates how controls operate over time.

    Understanding the difference is critical for service organizations that handle customer data and need to demonstrate trust.

    Let’s break it down clearly. (more…)

  • What is the NIST Cloud Computing Reference Architecture?

    What is the NIST Cloud Computing Reference Architecture?

    In September 2011, the National Institute of Standards and Technology (NIST) published Special Publication (SP) 500-292, titled NIST Cloud Computing Reference Architecture. This framework establishes a baseline for cloud computing architecture by defining services, stakeholders, and their interactions.

    Whether you’re implementing or reviewing your cloud infrastructure, understanding the NIST cloud architecture is essential to optimize your cloud security architecture and align with industry best practices. (more…)

  • How to Fill Out a PCI Compliance Questionnaire

    How to Fill Out a PCI Compliance Questionnaire

    Completing your PCI compliance questionnaire marks a necessary step in your efforts to demonstrate adherence to regulations overseeing credit card payments. According to the Payment Card Industry’s (PCI) Data Security Standards (DSS), businesses that process fewer than 6 million transactions annually must fill out and submit their yearly Self-Assessment Questionnaire (SAQ). With the right knowledge, anyone can learn how to fill out PCI compliance questionnaires. (more…)

  • DFARS Compliant Countries

    DFARS Compliant Countries

    Organizations working with the U.S. Department of Defense (DoD) must ensure they are DFARS compliant. One critical requirement many contractors overlook is sourcing products from approved DFARS compliant countries, also known as qualifying countries.

    Failure to comply can result in contract termination, financial penalties, and reputational damage.

    In this guide, we’ll cover:

    (more…)

  • Why Your Team Needs Cyber Security Education

    Why Your Team Needs Cyber Security Education

    Cybersecurity education is no longer optional for modern organizations. As cyberattacks grow more sophisticated and frequent, businesses are realizing that technology alone isn’t enough to prevent data breaches. In fact, human error remains one of the leading causes of security incidents.

    The average organization takes 191 days to identify a breach, and with the global cost of a single incident reaching $3.86 million, the financial and reputational consequences are significant. Implementing structured cybersecurity education and security awareness training programs empowers employees to recognize phishing attempts, avoid social engineering scams, and follow best practices that dramatically reduce risk.

    Without proper cybersecurity training for employees, even the most advanced security infrastructure can fail.

    (more…)

  • What is a PCI Compliance Scan?

    What is a PCI Compliance Scan?

    A PCI compliance scan is a required external vulnerability scan used to verify that systems handling payment card data meet the security requirements of the Payment Card Industry Data Security Standard (PCI DSS). These scans must be completed quarterly by an Approved Scanning Vendor (ASV) for any organization that processes, stores, or transmits cardholder data.

    PCI compliance scans assess whether security controls are properly implemented to identify and remediate vulnerabilities that could expose sensitive payment information. Below is a clear walkthrough of how PCI compliance scans work and how organizations can prepare to pass ASV testing with confidence.  (more…)

  • Top Challenges for CMMC Compliance

    Top Challenges for CMMC Compliance

    Organizations that want to contract with the Department of Defense (DoD) must achieve CMMC compliance. The Cybersecurity Maturity Model Certification (CMMC), governed by the Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)), establishes strict cybersecurity requirements for the Defense Industrial Base (DIB).

    However, achieving CMMC compliance is not simple. The framework is comprehensive, structured, and maturity-driven — meaning organizations must implement both technical controls and institutionalized processes.

    In this guide, we break down the top five challenges for CMMC compliance and how contractors can overcome them. (more…)

  • PCI DSS and Cloud Security: Ensuring Compliance in the Cloud

    PCI DSS and Cloud Security: Ensuring Compliance in the Cloud

    PCI DSS Cloud compliance has become a critical challenge as more organizations adopt cloud environments to store and process payment data. While cloud computing delivers scalability, flexibility, and efficiency, it also introduces unique security risks when handling sensitive cardholder information.

    To address these challenges, businesses must understand how PCI DSS Cloud requirements apply across different service models. Doing so is essential for maintaining compliance, reducing risk, and preventing costly data breaches.

    In this blog, we’ll explore how PCI DSS Cloud standards impact organizations, outline key considerations for compliance, and share best practices for securing payment systems in the cloud.

    (more…)

  • How to Prepare for a PCI DSS Audit

    How to Prepare for a PCI DSS Audit

    Ensuring compliance with the Payment Card Industry Data Security Standard (PCI DSS) is critical for any organization that processes or stores cardholder data. Preparing for a PCI audit can feel challenging, but with the right strategy, you can simplify the process and strengthen your payment security. In this guide, we’ll walk through the key steps to prepare for a PCI DSS audit, helping your organization achieve compliance and protect sensitive data.

    (more…)