Key Takeaways NIST SP 800-171 vs. CMMC 2.0 NIST SP 800-171 lists the security controls contractors need to protect Controlled Unclassified Information, or CUI. CMMC 2.0 is the Department...

Key Takeaways 2026 Update: Proposed Maine Online Data Privacy Act In March 2026, Maine lawmakers moved forward with a new proposal that could significantly expand privacy protections in the...

A short time ago, we announced our integration of OWASP ASVS into our cyber risk management platform. At a high level, this allows organizations to run more structured, repeatable...

Key Takeaways December 2025 Update As of January 1, 2026, Indiana officially joins the growing group of states with active consumer data privacy laws. While the original passage of...

October 2025 Update Since the New Jersey Data Protection Act (NJDPA) took effect on January 15, 2025, the state has continued shaping the practical rules that will guide enforcement....

Key Takeaways Maryland Takes the Lead in Privacy Legislation with Comprehensive MODPA The Maryland legislature enacted two comprehensive privacy bills to limit how big tech platforms can acquire and...

2025 Updates: A New Era for Privacy in Massachusetts Massachusetts is on the cusp of passing one of the most robust privacy laws in the United States. In 2025,...

Key Takeaways Where Does NIST Privacy Framework 1.1 Stand in Mid-2025? As of July 2025, stakeholders are still awaiting the official release of NIST Privacy Framework 1.1. However, the...

Key Takeaways Artificial intelligence (AI) has rapidly embedded itself into every corner of our lives, promising unparalleled advances across industries while raising concerns about its ethical implications and potential...

Tennessee Privacy Law at a Glance July 2025 Update: Tennessee’s Privacy Law Is Now in Effect Initially passed in 2023, TIPA places new obligations on businesses and grants a...

Key Takeaways June 2025 Legislative Update: New York  New York continues to be one of the most active battlegrounds for state privacy legislation in the U.S., and 2025 is...

2025 Update: We’re almost halfway through 2025, and if you’re part of the Defense Industrial Base (DIB), you’re probably already knee-deep in NIST SP 800-171 and CMMC requirements. As...

On May 25, 2018, Germany entered a new era of data protection. On that day, the GDPR as well as the German BDSG-new went into effect. This marked a...

The NIST 800-53 Revision 5 provides a catalog of security and privacy controls for information systems and organizations to protect organizations and ultimately, the US from a diverse set...

New York’s Privacy Laws: A Legacy and a Challenge New York is a leader in finance, culture, and technology. Less than a decade ago, it was also a forerunner...

The global cost of cybercrime is projected to reach $10.5 trillion annually by 2025, up from $3 trillion in 2015.. Financial institutions, government agencies, and energy companies are among...

10 NYCRR 405.46: NY’s New Hospital Cyber Regulation  Hospitals are no strangers to health data privacy laws like HIPAA. But New York’s new cybersecurity regulations take things to the...

What is OSCAL? OSCAL provides a traceable and machine-readable data format for capturing and sharing security information. A standardized, continuous representation of an organization’s security controls helps prove compliance...

Two Foundational Frameworks: ISO 27001 and HIPAA With the growing number of risks in the information security space, a standardized approach is crucial to protecting an organization’s operations. Two...

Partnering with the US Department of Defense (DoD) as a contractor offers lucrative prospects for your company, but it comes with the responsibility of adhering to multiple cybersecurity frameworks....

Florida Senate Bill 262 has passed in the Republican-led Florida legislature. The Florida Privacy Act attempts to give consumers the right to opt out of sharing their data for...

Updated September 2024 Here’s an interesting fact about the Hawaii bill of rights: The Hawaii constitution lists the word “privacy” several times. Compare that to the U.S. Bill of...

What is the CJIS? The Criminal Justice Information Services was established by the FBI in 1992 as an intelligence hub that connected the criminal justice community, including law enforcement,...

Few documents carry as much weight as the NIST Special Publication (SP) 800-171. Designed to safeguard sensitive information within non-federal systems and organizations, NIST 800-171 provides a framework of...

When the guys at the National Institute of Standards and Technology (NIST) released the inaugural Cybersecurity Framework in February 2014, it did not include a batch of questions that...

Unlike general cybersecurity concerns, whose primary focus is thwarting threats and vulnerabilities, AI risk management introduces a unique interplay of potential benefits and risks. Implementing AI technologies opens avenues...

With the introduction of NIS2, the European Union has moved beyond the GDPR’s focus on data protection measures to strengthen the entirety of the digital infrastructure that underpins critical...

The purpose of PCI DSS is simply to ensure that all companies that accept, process, store or transmit credit card information, are careful to actively maintain a secure environment....

The Federal Risk and Authorization Management Program (FedRAMP) is a cornerstone of cloud security, deeply rooted in the NIST 800-53 rev. 5 changes. These guidelines provide a framework for...