What is the CMMC Standard? The CMMC certification methodology was developed by the Department of Defense (DoD) to guarantee that contractors have safeguards in place to secure sensitive data...
What is the FFIEC Compliance Framework? The Federal Financial Institutions Inspection Council (FFIEC) is a structured interagency body made up of five banking regulators who are in charge of...
What is HIPAA? The Health Insurance Portability and Transparency Act of 1996 (HIPAA), is a collection of regulations that ensure the lawful use and disclosure of protected health information...
What is the NIST SP 800-82 framework? The National Institute of Standards and Technology (NIST) Special Publication 800-82 offers detailed assistance regarding how to protect Industrial Control Systems (ICS),...
What is PCI DSS? The Payment Card Industry Security Standards Council establishes technical and operational requirements to secure payment information. All retailers and organizations that process, handle, or distribute...
What is the Sarbanes-Oxley Act? Sarbanes-Oxley Act (SOX), is a regulation that was signed into law on July 30, 2002. For compliance, all institutional investors are expected to install...
What is the Zero Trust Model? Zero trust is a growing security model that is based on the principle of enforcing strict access controls. The Zero Trust concept focuses...
What is NERC CIP compliance? The North American Electric Reliability Corporation (NERC) is a global regulatory authority that operates to reduce the risks associated with power grid infrastructure. This...
What is the NYDFS Cybersecurity Regulation? The New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR 500) is a set of rules issued by the New York...
What is the NIST Privacy Framework? The National Institute of Standards and Technology (NIST) recently released the Privacy Framework, which assists organizations in prioritizing privacy threats and outcomes, and...
What is SOC 2 Type II compliance? SOC 2 (System and Organization Controls 2) is an auditing process developed by the American Institute of CPAs (AICPA). Its primary initiative...
What is NIST SP 800-171? The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the U.S. Commerce Department, responsible for conducting research and establishing standards...
What is the NIST SP 800-53 framework? NIST SP 800-53 was created to provide federal agencies with standards and guidelines for protecting and managing their information security systems, as...
What is the ISA/IEC 62443 framework? The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) joined forces to develop the 62443 series. ISA/IEC 62443 is a...
What is the NIST SP 800-46 framework? The US Commerce Department’s National Institute of Standards and Technology (NIST) is a non-regulatory body responsible for investigating and developing standards for...
What is the NY SHIELD Act? On March 21, 2020, the data security provisions of New York’s Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) came into...
What is PSD2? The Payment Services Directive (PSD) of 2007, was replaced by the Revised Payment Services Directive (PSD2) in 2015. PSD2 is a European Union (EU) Directive, administered...
What is the OWASP ASVS? The Open Web Application Security Project (OWASP), is a non-profit international organization dedicated to improving the security of web applications. All of OWASP’s resources...
What is FedRAMP? The Federal Risk and Authorization Management Program (FedRAMP) is a US government-wide framework that created a standardized process for assessing, authorizing and continuously monitoring cloud services...
What is the MITRE ATT&CK Framework? MITRE ATT&CK is a framework that organizes and categorizes the different approaches, strategies and procedures utilized by threat actors in the digital environment,...
What is ISO/IEC 27001? ISO/IEC 27001 is a member of the ISO 27000 family of standards. The ISO 27001 standard is internationally accepted as a specification for an Information...
What are the CIS Controls? The CIS Critical Security Controls (CSC) are published by the Center for Internet Security (CIS) to assist organizations in better defending against well-known threats...
What is the GLBA Act? The Gramm-Leach-Bliley Act (GLBA), also recognized as the Financial Modernization Act of 1999, is a federal law in the United States that requires the...