Compliance
Compliance | News, how-tos, features, reviews, and videos
Resolving conflicts between security best practices and compliance mandates
Sometimes the latest security best practices don't align with an organization's compliance templates. These are some of the areas where you might need an exception.
Spate of pending U.S. privacy initiatives could significantly impact businesses
Bolstered by the overturned Roe v. Wade decision, several privacy initiatives could force businesses to review how they process, store, and protect data.
Exostar launches CMMC 2.0-compliant Microsoft 365, other solutions for SMBs
Updates aim to help small- and medium-sized business comply with the U.S. Department of Defense cybersecurity requirements.
U.S. NDAA heads into the home stretch with significant cybersecurity amendments pending
The main defense spending bill might enact the most significant pieces of U.S. cybersecurity legislation this year.
An updated pipeline security directive is underway, reflecting TSA struggles
The TSA directives issued after the Colonial Pipeline attack have been widely criticized, but the agency is working with the industry to improve them.
U.S. data privacy and security solutions emerging at the federal level
The American Data Privacy and Protection Act bill faces a tough battle for passage, but the Biden administration is considering actions of its own.
How Microsoft Purview can help with ransomware regulatory compliance
Microsoft's renamed compliance portal provides guidance and rule-setting capability to help comply with ransomware and other security and privacy requirements.
U.S. cybersecurity congressional outlook for the rest of 2022
The U.S. federal government has enacted important cybersecurity laws in 2022 and will likely move forward with many of these bills before the year's end.
How the Russia-Ukraine war makes ransomware payments harder
The war in Ukraine has increased sanctions against paying ransom demands to cybercriminal groups and cryptocurrency intermediaries based in Russia.
![A gavel rests on open law book. [law / regulation / compliance / legal liability]](https://images.idgesg.net/images/article/2020/09/gavel_mallett_rests_on_open_law_book_legal_liability_risk_regulations_compliance_by_andreypopov_gettyimages-1021544574_2400x1600-100860121-small.3x2.jpg?auto=webp&quality=85,70)
Security and privacy laws, regulations, and compliance: The complete guide
This handy directory provides summaries and links to the full text of each security or privacy law and regulation.
PCI DSS explained: Requirements, fines, and steps to compliance
PCI DSS (Payment Card Industry Data Security Standard) is a cybersecurity standard backed by all the major credit card and payment processing companies that aims to keep credit and debit card numbers safe.
A year later, Biden’s cybersecurity executive order driving positive change
Notable experts say the cybersecurity executive order has improved the nation's security posture, but more work is to be done.
NIST Cybersecurity Framework update comments highlight a gamut of needed changes
Better metrics, implementation guidance, and alignment with other frameworks are high on the list of suggested improvements to the NIST CSF.
LightBeam launches data privacy automation platform to streamline compliance
New identity-centric platform designed to help businesses automate compliance against a patchwork of existing and emerging privacy regulations such as GDPR, CPRA, HIPAA and PCI DSS.
Meta fined €17 million by Irish regulator for GDPR violations
In the wake of 12 data breaches reported in 2018, Facebook’s parent company hit with hefty fine for failing to follow GDPR regulations related to its ability to demonstrate data privacy protection practices.
SEC plans four-day cybersecurity breach notification requirement
The US stock market regulator wants to tighten reporting requirements for security breaches at publicly traded firms.
NIST releases software, IoT, and consumer cybersecurity labeling guidance
The new guidance aims to tighten security requirements for federally purchased software and give consumers better insight into the security of software and devices they buy.
Crazy quilt of state privacy laws could cost businesses $1 trillion
A new study shows that state privacy laws could create significant compliance costs for both in- and out-of-state businesses.
European nations issue record €1.1 billion in GDPR fines
Authorities across Europe issued huge amounts in GDPR fines during 2021. Luxembourg and Ireland took up the top spots, replacing Italy and Germany.
OMB issues zero-trust strategy for federal agencies
All federal agencies must meet zero-trust goals that the U.S. Office of Management and Budget has set by 2024, building on earlier federal cybersecurity initiatives.