Standards

Manage multiple regulatory compliance frameworks
and standards in one platform

Centraleyes enables cyber risk teams to easily create and define frameworks to fit their specific needs, or choose from tens of pre-populated integrated risk and compliance frameworks. By mapping shared controls across frameworks, Centraleyes allows for a quicker, automated compliance process

Security

NIST 800-207 (Zero Trust)

What is the Zero Trust Model? Zero trust is a growing security model that is based on the principle of enforcing strict access controls. The Zero Trust concept focuses on the notion that organizations shouldn’t give immediate trust to any internal or external source, and must always examine and uphold…

COSO

What is the COSO Framework? The Committee of Sponsoring Organizations of the Treadway Commission (COSO), a voluntary private-sector initiative, was established in 1985 to improve business performance and governance through effective internal control, enterprise risk management (ERM) and fraud deterrence. In 1992, COSO developed the Internal Control-Integrated Framework, a model…

NIST 800-46

What is the NIST 800-46 Framework? The US Commerce Department’s National Institute of Standards and Technology (NIST) is a non-regulatory body responsible for investigating and developing standards for all federal agencies. The NIST 800-46 framework assists companies of all sizes, sectors and industries in safeguarding their IT systems and data…

MITRE ATT&CK

MITRE ATT&CK is a framework that organizes and categorizes the different approaches, strategies and procedures utilized by threat actors in the digital environment, assisting organizations in identifying cyber-defense gaps. The basis for MITRE ATT&CK came from Lockheed Martin’s Cyber Kill Chain. ​ The framework aims to compile a detailed list…

Privacy

Nevada Privacy Law

What is the Nevada privacy law? The Nevada Revised Statutes on Security and Privacy of Personal Information (‘NRS’) include the state’s privacy rules, which are contained in Chapter 603A. Recently, Nevada has approved an update to their privacy law. The passage of Senate Bill (‘SB’) 538 for an Act Relating…

POPIA

What is POPIA? South Africa’s new data privacy framework is the Protection Of Personal Information Act. It establishes a minimal baseline for privacy regulation in all industries. It applies to those who are based in South Africa as well as those who are only processing data there. POPIA regulates the…

GDPR

What is the GDPR? The General Data Protection Regulation (GDPR) is a European Union law that went into effect on May 25, 2018. It demands companies to protect personal data and enforce the privacy rights of anyone on EU State’s territory. The regulation includes seven data protection principles that must…

CCPA

What is the CCPA Act? The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that governs how businesses all over the world may handle California residents’ personal information (PI). The CCPA went into effect on January 1, 2020. It is the first law of its kind in…

Compliance

ISO 22301

What is the ISO 22301 standard? ISO 22301 is an international standard for Business Continuity Management. It offers a step-by-step guide to establishing and maintaining an efficient business continuity management system. This helps to protect a company from a variety of possible threats and disturbances. According to studies, almost one…

DOD CMMC

What is the DOD CMMC Standard? The Department of Defense (DoD) created the DOD CMMC certification protocol to ensure that contractors have the safeguards in place to protect confidential data such as Federal Contract Information and Controlled Unclassified Information (CUI). The Cybersecurity Maturity Model Certification (CMMC), which replaces the self-attestation…

FFIEC

What is the FFIEC Compliance Framework? The Federal Financial Institutions Inspection Council (FFIEC) is a structured interagency body made up of five banking regulators who are in charge of the US federal government’s audits of financial institutions. It makes proposals to keep financial institutions governed uniformly at the federal level.…

HIPAA

What is HIPAA compliance? The Health Insurance Portability and Transparency Act of 1996 (HIPAA), is a collection of regulations that ensure the lawful use and disclosure of protected health information (PHI). The Department of Health and Human Services (HHS) controls HIPAA compliance, which is implemented by the Office for Civil…