There is a new deadline that Department of Defense (DOD) contractors and vendors need to be aware of. The deadline concerns Cybersecurity Maturity Model Certification (CMMC).
WHAT IS CMMC? CMMC which stands for ‘Cybersecurity Maturity Model Certification’ is the upcoming required standard for all contractors and suppliers that work with the Department of Defense (DoD). WHY IS THIS NEEDED? The new framework is to ensure contractors and suppliers have appropriate cybersecurity frameworks in place to protect data such as Controlled Unclassified […]
NIST Cyber Security Risk Management Conference – Reasonable Risk. Our partner, Chris Cronin will be speaking with Phyllis Lee of the CIS (Center for Internet Security).
As part of its enduring interest in LifeLock, Inc., the Federal Trade Commission issued the following statement on December 17, 2015, “PCI DSS certification is insufficient in and of itself to establish the existence of reasonable security protections … the existence of a PCI DSS certification is an important consideration in, but by no means […]
REDUCING RISKS THROUGH COMPENSATION. Has your organization been struggling to achieve its compliance goals? Whether your organization is new to risk management or you’ve been struggling with compliance for some time, making compliance a part of every employee’s compensation plan is a smart strategy. This can get everyone in your organization thinking about information security […]
SSL No Longer Considered Strong Cryptography Author: Viviana Wesley, PCI QSA In a recent bulletin the Payment Card Industry Security Standards Council (PCI SSC) stated that updates will be forthcoming to the Data Security Standard (DSS) version 3.0 – and very soon. The change is related to vulnerabilities seen with Secure Socket Layer (SSL) cryptography.
The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management (TPRM). After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant third party that didn’t seem to have direct […]
Darrell Issa’s House Committee on Oversight and Government Reform has been busy looking into the security of the healthcare.gov website and its connected systems.
Guidance from NIST for Cloud Computing. With the rapid trend towards leveraging Cloud/SaaS services to outsource aspects of information technology, guidance for how to do so in a secure manner has been somewhat lacking. That has changed with NIST’s release of the following draft guidance: