Standards

Manage multiple regulatory compliance frameworks
and standards in one platform

Centraleyes enables cyber risk teams to easily create and define frameworks to fit their specific needs, or choose from tens of pre-populated integrated risk and compliance frameworks. By mapping shared controls across frameworks, Centraleyes allows for a quicker, automated compliance process

Security

NIST 800-207 (Zero Trust)

What is the Zero Trust Model? Zero trust is a growing security model that is based on the principle of enforcing strict access controls. The Zero Trust concept focuses on the notion that organizations shouldn’t give immediate trust to any internal or external source, and must always examine and uphold…

COSO

What is the COSO Framework? The Committee of Sponsoring Organizations of the Treadway Commission (COSO), a voluntary private-sector initiative, was established in 1985 to improve business performance and governance through effective internal control, enterprise risk management (ERM) and fraud deterrence. In 1992, COSO developed the Internal Control-Integrated Framework, a model…

NIST 800-46

What is the NIST 800-46 Framework? The US Commerce Department’s National Institute of Standards and Technology (NIST) is a non-regulatory body responsible for investigating and developing standards for all federal agencies. ​ The NIST 800-46 framework assists companies of all sizes, sectors and industries in safeguarding their IT systems and…

MITRE ATT&CK

MITRE ATT&CK is a framework that organizes and categorizes the different approaches, strategies and procedures utilized by threat actors in the digital environment, assisting organizations in identifying cyber-defense gaps. The basis for MITRE ATT&CK came from Lockheed Martin’s Cyber Kill Chain. ​ The framework aims to compile a detailed list…

Privacy

7 Security Challenges Most SaaS Business Comes Across

Placing data on the cloud always sounds like a great idea – many big companies are doing it and there seems to be endless space. However, like any other online platform, there are security issues to be addressed for a SaaS business. SaaS security issues could range anywhere from data…

GDPR

What is the GDPR? The General Data Protection Regulation (GDPR) is a European Union law that went into effect on May 25, 2018. It demands companies to protect personal data and enforce the privacy rights of anyone on EU State’s territory. The regulation includes seven data protection principles that must…

CCPA

What is the CCPA Act? The California Consumer Privacy Act (CCPA) is a state-wide data privacy law that governs how businesses all over the world may handle California residents’ personal information (PI). The CCPA went into effect on January 1, 2020. It is the first law of its kind in…

NIST Privacy

What is the NIST Privacy Framework? The National Institute of Standards and Technology (NIST) recently released The Privacy Framework, which assists organizations in prioritizing privacy threats and outcomes, and achieving privacy goals regardless of company size, market, or industry. ​ Although organizations might have implemented the NIST Cybersecurity Framework (CSF),…

Compliance

DOD CMMC

What is the DOD CMMC Standard? The Department of Defense (DoD) created the DOD CMMC certification protocol to ensure that contractors have the safeguards in place to protect confidential data such as Federal Contract Information and Controlled Unclassified Information (CUI). The Cybersecurity Maturity Model Certification (CMMC), which replaces the self-attestation…

FFIEC

What is the FFIEC Compliance Framework? The Federal Financial Institutions Inspection Council (FFIEC) is a structured interagency body made up of five banking regulators who are in charge of the US federal government’s audits of financial institutions. It makes proposals to keep financial institutions governed uniformly at the federal level.…

HIPAA

What is HIPAA compliance? The Health Insurance Portability and Transparency Act of 1996 (HIPAA), is a collection of regulations that ensure the lawful use and disclosure of protected health information (PHI). The Department of Health and Human Services (HHS) controls HIPAA compliance, which is implemented by the Office for Civil…

NIST 800-82

What is the NIST SP 800-82 Framework? The National Institute of Standards and Technology (NIST) Special Publication 800-82 offers detailed assistance regarding how to protect Industrial Control Systems (ICS), that are commonly used in the electric, water and wastewater, oil and natural gas, pulp and paper, pharmaceutical, chemical, food and…