FINRA
November 25, 2021
Standards
Manage multiple regulatory compliance frameworks
and standards in one platform
Centraleyes enables cyber risk teams to easily create and define frameworks to fit their specific needs, or choose from tens of pre-populated integrated risk and compliance frameworks. By mapping shared controls across frameworks, Centraleyes allows for a quicker, automated compliance process
Security
NIST 800-207 (Zero Trust)
What is the Zero Trust Model? Zero trust is a growing security model that is based on the principle of enforcing strict access controls. The Zero Trust concept focuses on the notion that organizations shouldn’t give immediate trust to any internal or external source, and must always examine and uphold…
COSO
What is the COSO Framework? The Committee of Sponsoring Organizations of the Treadway Commission (COSO), a voluntary private-sector initiative, was established in 1985 to improve business performance and governance through effective internal control, enterprise risk management (ERM) and fraud deterrence. In 1992, COSO developed the Internal Control-Integrated Framework, a model…
NIST 800-46
What is the NIST 800-46 Framework? The US Commerce Department’s National Institute of Standards and Technology (NIST) is a non-regulatory body responsible for investigating and developing standards for all federal agencies. The NIST 800-46 framework assists companies of all sizes, sectors and industries in safeguarding their IT systems and data…
MITRE ATT&CK
MITRE ATT&CK is a framework that organizes and categorizes the different approaches, strategies and procedures utilized by threat actors in the digital environment, assisting organizations in identifying cyber-defense gaps. The basis for MITRE ATT&CK came from Lockheed Martin’s Cyber Kill Chain. ​ The framework aims to compile a detailed list…
Privacy
Nevada Privacy Law
What is the Nevada privacy law? The Nevada Revised Statutes on Security and Privacy of Personal Information (‘NRS’) include the state’s privacy rules, which are contained in Chapter 603A. Recently, Nevada has approved an update to their privacy law. The passage of Senate Bill (‘SB’) 538 for an Act Relating…
POPIA
What is POPIA? South Africa’s new data privacy framework is the Protection Of Personal Information Act. It establishes a minimal baseline for privacy regulation in all industries. It applies to those who are based in South Africa as well as those who are only processing data there. POPIA regulates the…
GDPR
What is the GDPR? The General Data Protection Regulation (GDPR) is a European Union law that went into effect on May 25, 2018. It demands companies to protect personal data and enforce the privacy rights of anyone on EU State’s territory. The regulation includes seven data protection principles that must…
Compliance
ISO 22301
What is the ISO 22301 standard? ISO 22301 is an international standard for Business Continuity Management. It offers a step-by-step guide to establishing and maintaining an efficient business continuity management system. This helps to protect a company from a variety of possible threats and disturbances. According to studies, almost one…
DOD CMMC
What is the DOD CMMC Standard? The Department of Defense (DoD) created the DOD CMMC certification protocol to ensure that contractors have the safeguards in place to protect confidential data such as Federal Contract Information and Controlled Unclassified Information (CUI). The Cybersecurity Maturity Model Certification (CMMC), which replaces the self-attestation…
FFIEC
What is the FFIEC Compliance Framework? The Federal Financial Institutions Inspection Council (FFIEC) is a structured interagency body made up of five banking regulators who are in charge of the US federal government’s audits of financial institutions. It makes proposals to keep financial institutions governed uniformly at the federal level.…
HIPAA
What is HIPAA compliance? The Health Insurance Portability and Transparency Act of 1996 (HIPAA), is a collection of regulations that ensure the lawful use and disclosure of protected health information (PHI). The Department of Health and Human Services (HHS) controls HIPAA compliance, which is implemented by the Office for Civil…
- Recent Frameworks