For the next installment in our series of interviews asking leading security and compliance specialists about their achievements in their field, we’ve welcomed Rhia Dancel, Lead Auditor and CMMC Registered Practitioner with the NSF. Rhia Dancel is an ISO/IEC 27001 and 9001 Lead Auditor for NSF-ISR as well as a CMMC Registered Practitioner and has previously held several auditing and technical positions in information security and pharma quality sectors.

Achieving CMMC compliance is no easy feat. CMMC requirements are stricter than most, and focus heavily on documentation. This certification is also still relatively new, so it’s constantly undergoing changes.

Authorities that lay down compliance regulations often update them in order to keep them relevant. However, for organizations that fall under the purview of these regulations, it can be a challenge to keep up with the updates and ensure that they stay compliant.

The General Data Protection Regulation (GDPR) is one of the world’s most popular regulations. Though the European Union designed the GDPR to protect European citizens, its compliance transcends European borders, impacting most businesses collecting personal data via their websites - because you can’t control whether a European citizen accesses your website. Third-party vendors often require access to sensitive personal data to deliver their services.

A study recently shared with Ignyte posed a question that has been and is currently on many minds. How are organizations that have to adhere to CMMC level 2 handling personal devices? In other words, how do various device policies such as bring your own device (BYOD), choose your own device (CYOD), company owned personally enabled (COPE), and company owned business only (COBO) work with CMMC requirements.

Cybersecurity has become an important topic for the defense supply chain. The ever-increasing number of digital channels that data can be exchanged through, has exponentially increased the risk of data breaches and leaks. This puts a lot of pressure on these organizations to ensure that the risks associated with the handling of sensitive data are as low as possible.

Businesses that incorporate Internet of Things (IoT) into their daily operations have rarely, if ever, had access to so many resources to help improve your customer reach, collect more personal data and reduce your internal operational expenses due to IoT automation. IoT devices are ubiquitous, and as technology advances, so does the invention and use of connected devices within workplaces and our homes.

2022 has brought in tighter cybersecurity restrictions and privacy regulations around the world. With the escalation of cyber threats due to the accelerated digital transformation and the Russian invasion of Ukraine, governments globally have made decisions to step up their cybersecurity defense and introduce new measures to protect businesses or national security.

The term “ITAR compliance” is a misnomer. Unlike FedRAMP and other compliance frameworks, there is no formal “ITAR Compliance” or “ITAR Certification” process. Organizations that fall under ITAR need to understand how the regulations apply to them and set up internal policies and controls to protect ITAR technical data. Let’s examine what ITAR is all about, and how Keeper’s cybersecurity suite can help you comply with it.