Compliance

Compliance | News, how-tos, features, reviews, and videos

Ransomware > An encrypted system, held ransom with lock + chain, displays a dollar sign.
News Analysis

US cryptocurrency exchange sanctions over ransomware likely not the last

USA / United States of America stars + stripes and binary code superimposed over The White House
News Analysis

Software cybersecurity labels face practical, cost challenges

Unitd States cybersecurity > U.S. flag with a digital network of locks instead of stars
News Analysis

Federal agencies face new zero-trust cybersecurity requirements

The OMB and CISA issue guidance to move all federal agencies to a shared zero-trust maturity model for FY22-24. The catch: No new funding.

iot security startups hot highlights planets rocket lock security
Feature

18 cybersecurity startups to watch

Security startups are often innovation leaders that attempt to solve critical and persistent problems. These are some of the most interesting ones to watch as they tackle issues around multicloud security, identity management,...

Stack of legal documents with compliance and regulatory stamp
Opinion

Lack of C3PAO assessors jeopardizes DoD CMMC certification goal

Only 100 approved assessors are available to certify that 300,000 US DoD providers are in compliance with the Cybersecurity Maturity Model Certification by the 2023 deadline.

A gavel rests on open law book. [law / regulation / compliance / legal liability]
Feature

Security and privacy laws, regulations, and compliance: The complete guide

This handy directory provides summaries and links to the full text of each security or privacy law and regulation.

A laptop displays binary code and the flag of China.
News Analysis

China's PIPL privacy law imposes new data handling requirements

The Personal Information Protection Law will force global companies doing business in China to be more careful with cross-border flow of personal information.

cso security global breach networking hack invasion infiltrate 5g connected gettyimages 1211443622
Opinion

Data sovereignty laws place new burdens on CISOs

More than 100 countries now require data on their citizens be stored or processed within their boundaries, presenting new data protection challenges.

Unitd States cybersecurity > U.S. flag with a digital network of locks instead of stars
News Analysis

NIST’s EO-mandated software security guidelines could be a game-changer

While experts applaud the new security guidance, it's unclear whether software vendors will completely embrace and implement the needed security practices.

A binary eye sits within the center of a targeted virtual framework.
News Analysis

Proposed bill would create a new federal agency to protect consumer data

The Data Protection Act of 2021 has wide-ranging definitions of high-risk data practices and privacy harm.

USA / United States of America stars + stripes and binary code superimposed over The White House
News Analysis

NIST defines "critical software" with a broad range of security functions

The goal is to enable stronger security practices for government-purchased software mandated by President Biden's cybersecurity executive order.

Ransomware > A masked criminal ransoms data for payment.
News Analysis

Four states propose laws to ban ransomware payments

Some state legislatures are debating bills that could limit or ban ransom payments. A better option, experts say, is mandatory reporting of ransomware attacks.

API security alerts displayed on monitors amid binary code / application security
News Analysis

Government-mandated SBOMs to throw light on software supply chain security

The US government will soon require vendors to provide a software bill of materials to help ensure integrity of an application's components.

hsm shredder
Opinion

IT asset disposal is a security risk CISOs need to take seriously

Sensitive company and personal data often leaves organizations on disposed devices. An auditable chain of custody that shows data destruction is essential for any ITAD program.

United States Capitol building / United States Congress / abstract security concept
News Analysis

US Congress tees up ambitious cybersecurity agenda in the wake of supply chain, ransomware attacks

Roughly 115 cybersecurity-related bills are working their way through the legislative process, in many cases with bipartisan support.

supply chain management controls - ERP - Enterprise Resource Planning
Opinion

GAO calls out US government agencies: Get your supply chain security act together

The US Government Accounting Office tells Congress that federal agencies have largely ignored its supply chain risk management guidance for nearly ten years.

A virtual checkmark in digital system / standards / quality control / certification / certificates
Feature

HITRUST explained: One framework to rule them all

HITRUST is a cybersecurity framework that seeks to unify the rules for many other existing regulatory and industry frameworks, including HIPAA, GDPR, PCI-DSS, and more.

data pipeline primary
News Analysis

TSA’s pipeline cybersecurity directive is just a first step experts say

The new, hastily announced security directive requires US pipeline companies to appoint a cybersecurity coordinator and report possible breaches within 12 hours.

vcmar ppd
video

Aligning security, compliance and privacy across inventory tracking

Brad Wells, Executive Director, Information Security, and Kandice Samuelson, Senior Director, IT Governance at PPD lead a team enhancing PPD's inventory tracking system that identifies PPD’s most valuable assets. Join us to learn how...

President Joe Biden delivers remarks about the Colonial Pipeline hack. [Washington / 2021.05.13]
News Analysis

Biden administration releases ambitious cybersecurity executive order

Though lacking in definitional clarity, this new executive order might be more effective than past federal efforts, especially in the wake of the Colonial Pipeline attack.

Load More