Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How US federal agencies can better meet advanced event logging requirements For the past four years or so, US federal agencies have been working to comply with the requirements set out in OMB M-21-31. Released in 2021, the Office of Management and Budget (OMB)’s M-21-31 memorandum provided guidance and requirements for federal agencies in order to improve centralized visibility into logging data before, during, and after cybersecurity incidents.

At Vanta, we’re always looking to experiment, learn, and stay at the forefront of AI. Recently, we built a proof of concept to explore how auditors could interact more effectively with audits and the data within them. Our experiment used Anthropic’s Claude, the open source MCP (Model Context Protocol), and Vanta’s API to enable users to ask deeper questions of Vanta’s compliance data. ‍ ‍

The evolution of artificial intelligence has been rapid thus far. By 2030 the AI market is projected to reach $1.81 trillion. Technology supported by AI has been useful in many areas of life such as education, healthcare, or finance. That is reflected by the rate of AI adoption by organizations being 72% (2024). Even if you just look around you – many people use tools like ChatGPT for daily life or work, AI helps with email management or studying. What do these advancements in AI bring to DevOps?

Throughout this blog, we often write about both FedRAMP and CMMC as cybersecurity frameworks applied to the federal government and its contractors. These frameworks share a lot of the same DNA stemming from the same resources, and they share the same goal of making the federal government more secure. One significant question you may have, though, is one of practicality. Do CMMC and FedRAMP have reciprocity?

The long-anticipated CMMC rule (CFR 32) is now live, marking a crucial turning point for defense contractors. The Compliance Team at CISO Global recently passed our CMMC Audit and are well on the way to becoming a CMMC Certified Third-Party Assessor Organization, or C3PAO. Although CMMC’s arrival brings new challenges, there’s a practical solution that can make compliance more manageable: enclaves. Before we explore this approach, let’s understand where we are in the CMMC journey.

Organizations face an increasingly complex landscape of risks in a business environment. From cybersecurity threats to regulatory challenges, the need for robust risk management and effective controls remediation has never been more critical. This article explores the vital process of control remediation planning, offering a strategic roadmap for mitigating risks, enhancing compliance, and safeguarding organizational success.

As cyber threats evolve in scale and sophistication, governments and regulatory bodies are tightening cybersecurity and data protection regulations. Compliance is not only about avoiding fines but also about building trust, enhancing operational resilience, and safeguarding long-term business success. Data breaches and cyberattacks can disrupt operations and as such, organisations should prioritise compliance to mitigate financial and legal risks whilst fostering customer confidence.