The CSA (Cloud Security Alliance) established the STAR program as a solution for cybersecurity compliance throughout the widespread adoption of cloud services. STAR stands for Security, Transparency, Assurance, and Risk. The overall goal of the CSA STAR Program is to bring in the key principles of
HITRUST 2023 Update Blog
Perhaps you’re learning about HITRUST and wondering ‘what is HITRUST certification’? Or, ‘what does HITRUST stand for’? This blog offers everything you need to know about the HITRUST framework, HITRUST certification requirements, and the 2023 updates.
Why PCI DSS 4.0 Should Be on Your Radar?
With the release of PCI 4.0, the countdown has started for organizations already PCI DSS Certified to transition from PCI DSS v3.2.1 to the new PCI DSS v4.0 standard. With the timelines of one year to prepare for v4.0 and two years to fully ready for v4.0 future dated requirements, it is time to
Data Protection by Design
The data protection by design approach assists in an organization’s ability to implement Defense in Depth methodology, which aims to provide deep and continuous data protection to all layers of a system. Defense in Depth methodology works at each stage through controls that ensure in-depth defense
DFARS, NIST 800-171, SPRS, and CMMC 2.0 Explainer for DIB Contractors
If you’d like to know more about how DFARS, NIST 800-171, SPRS, and CMMC all work together, you’ve come to the right place. In this blog, we’ll discuss how these regulations, standards and tools all work together for thorough DoD compliance.
Updates and Changes to ISO 27001:2022
ISO 27001:2022 was recently announced to update and replace ISO 27001:2013. The modernized 2022 replacement features a few adjustments. This blog details a number of the changes and updates made to the standard.
SOC 2 Type 2 – Conformité et certification
Aide-Mémoire PCI DSS v4.0
La norme de sécurité des données PCI (PCI DSS) a été établie en 2004 par les principaux émetteurs de cartes de paiement. Elle est maintenue par le Conseil des normes de sécurité PCI. Il fournit des exigences opérationnelles et techniques pour protéger les données des titulaires de cartes.