Our team has been hard at work creating updates and new features just for you, see what we’ve been up to over the last month. Free up your workflow with programmatic vendor assessments Now in Beta Release, TrustCloud Third Party Risk Assessments help you verify that your vendors meet your control requirements without bogging down your workflow. Learn more.

The first deadline for compliance with the Payment Card Industry Data Security Standard (PCI DSS) Version 4.0 is March 31, 2024. If your v4.0 compliance initiative is not already underway, it should be a major priority over the next 2–3 quarters.

When a business works with the general public, there’s a certain level of risk inherent in the process. We see it time and time again, with companies subject to data breaches and the loss of public information, like what happened to Target in 2013, Equifax in 2017, 23andMe in 2023, and many, many more. While there are security standards in place for private corporations, enforcement is slim, and violations tend to be retroactively applied.

Compliance is something that developers dislike. Traditionally led by risk and information security teams, compliance standard enforcement in organizations is not something software engineers are trained to do. So when the words “PCI compliance” are tossed around, for many developers it mentally translates to limitations, guardrails, bottlenecks, and drastic changes to their workflows that impact productivity. But that doesn’t have to be the case.

In this series, you’ll hear directly from Vanta’s own Security, Enterprise Engineering, and Privacy, Risk, & Compliance Teams to learn about the team’s approach to keeping Vanta secure. We’ll also share some guidance for teams of all sizes—whether you’re just getting started or looking to uplevel your operations. ‍ In this post, you’ll hear from Janiece Caldwell, Senior Operations Engineer on Vanta’s Enterprise Engineering Team. ‍

NIST SP 800-171 details requirements that all Department of Defense (DoD) contractors have been required to follow for years. The guidelines were updated in 2020, and Revision 3 was published in May 2023. Netwrix is ready to help organizations achieve, maintain and prove NIST 800-171 compliance. Below, we summarize its key requirements and share recommendations for getting started with the regulation.

When complying with regulations and frameworks, it’s hard to keep up when the rules keep evolving. Auditors are no longer just seeking reports on what your identities can access – they now require proof that you have controls for securing those identities (like a math assignment, you have to show your work). And if a framework or regulation’s requirements previously focused on highly privileged IT users’ access … that’s evolving too.

In the world of government operations, information changes hands on a daily basis. Some of that information is public, readily available, and completely open.

From compliance with more rigorous cybersecurity regulations to navigating the shifting complexities of cyber liability insurance, CISOs and other cybersecurity leaders are gaining a growing number of non-technical responsibilities.

In the ever-evolving landscape of cloud computing, ensuring robust security measures has never been more important. In the new ISO 27001:2022 standard, there is a new requirement for organisations to establish control of their Cloud services, which includes every flavor of cloud from Software as a Service (SaaS) to Platform as a Service (PaaS). Amazon Web Services (AWS) is a leading cloud services provider.

Step into a future where your business isn’t just operating in the cloud – it’s thriving there, bulletproofing customer trust and data like a fortress in the sky. It sounds like something from a sci-fi novel, but guess what? With the magic of cloud compliance, this futuristic vision is already coming to life. The cloud is home to 83% across the globe.

This past month, we announced the single destination to showcase your security posture, Vanta Trust Center, 19 new integrations, Private Links for Vendor Risk Management, and more: ‍ ‍

The National Institute of Standards and Technology has introduced a new revision of the Special Publication 800-53, revision 5. As with any document change of this scope there are minor and major changes. This paper will provide a high level overview of the significant changes, addressing a redefined focus in control families, accountability, governance, as well as a discussion of new control families, privacy transparency and supply chain risk management.

When it comes to conducting vendor security reviews, the two most time-consuming tasks are gathering the relevant information from your vendor and analyzing it thoroughly. Last month, we announced AI-powered security document analysis to drastically simplify the process of extracting insights from SOC 2 reports, DPAs, and other sources that document a vendor’s security posture.

In the world of digital transactions, businesses handling payment cards must demonstrate their data security measures through the Payment Card Industry Self-Assessment Questionnaire (PCI SAQ). Completing the SAQ is a key step in the PCI DSS assessment process, followed by an Attestation of Compliance (AoC) to confirm accuracy. Level 1 merchants and service providers, mandated by PCI SSC or customers, must complete a Report on Compliance (RoC), while others use an SAQ.

The need for robust cyber defenses has never been more prevalent. We live in a world where remote access to data is the norm, opening up additional vulnerabilities when protecting digital assets. Additionally, organizations need to comply with data privacy requirements including understanding Digital Personal Data Protection. Mutli-Factor Authentication (MFA) isn’t a new concept. However, despite this, there is still confusion surrounding the mechanism and how it adds to cyber defense.

Today we’re thrilled to introduce Vanta Trust Center, a centralized source of truth for companies to showcase their security posture confidently. ‍ Following Vanta’s acquisition of Trustpage earlier this year, Trust Center combines the capabilities of Trustpage Trust Centers and Vanta Trust Reports, making it easier than ever for customers to automatically manage their workflows and accelerate the security review process — all from within Vanta. ‍

Do you need to secure high-risk access to the back end of your customer-facing apps? Yes, you do – assuming you care about cybersecurity risk, uptime or compliance with SOC II and NIST and AWS, Azure and GCP architecture frameworks. To meet compliance requirements and grow your business, you must properly secure access to the cloud services and workloads powering your SaaS app.

In this series, you’ll hear directly from Vanta’s own Security, Enterprise Engineering, and Privacy, Risk, & Compliance Teams to learn about our approach to keeping Vanta secure. We’ll also share some guidance for teams of all sizes — whether you’re just getting started or looking to uplevel your operations.

In an increasingly digital world, the importance of quality and security cannot be overstated. Sentrium Security Ltd is excited to share our recent achievement – obtaining ISO 9001 and ISO 27001 certifications. These certifications showcase our unwavering commitment to enhancing quality and security for our valued clients.

FedRAMP JAB ATO, P-ATO, and Certification can be a tricky set of requirements to navigate, and the confusion starts early. For example, what are any of those terms, and what do they mean? While some of you already know, everyone has to learn somewhere, so let’s go through and define them, what they mean, and what you need to do to adhere to them. Beyond that, we’ll help you navigate the process and find the best way to get the accreditation status you need.

Just a little over a year ago, Vanta went global with the opening of a European headquarters in Dublin as well as an office in Sydney. And over the past several quarters, we’ve accelerated international momentum by scaling investments across the product and business, from opening our EU data centre to rolling out localised product capabilities, in-region technical support, and more.

The Cybersecurity Maturity Model Certification (CMMC) 2.0 is a compliance requirement that all Department of Defense (DoD) Contractors (aka, the Defense Industrial Base) will soon have to meet. See my blog Why is CMMC a Big Deal? for more information about the legal implications of CMMC. The CMMC official mandate is expected to be released from rulemaking in the first quarter of 2024 and be in full implementation in the first quarter of 2026.

Forward Networks was recently honored as the Top InfoSec Innovator by Cyber Defense Magazine. Commenting on the win, Yan Ross, editor of Cyber Defense Magazine said, “We scoured the globe looking for cybersecurity innovators that could make a huge difference and potentially help turn the tide against the exponential growth in cyber-crime. Forward Networks is worthy of being named a winner in these coveted awards and consideration for deployment in your environment.”