Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Keeping track of who is accessing your systems and data is a critical part of any security program. Requirement 10 of the PCI DSS covers logging and monitoring controls that allow organizations to detect unauthorized access attempts and track user activities. In the newly released PCI DSS 4.0, Requirement 10 has seen some notable updates that expand logging capabilities and provide more flexibility for merchants and service providers.

In the ever-evolving landscape of data security, staying updated with the latest standards and regulations is crucial. The Payment Card Industry Data Security Standard (PCI DSS) is no exception. With the recent release of PCI DSS v4.0, there have been significant updates and changes that organizations need to be aware of. This blog post will delve into one such critical area – Requirement 9: Restrict Physical Access to Cardholder Data.

For defense contractors, cybersecurity is a non-negotiable priority. The Cybersecurity Maturity Model Certification (CMMC) program outlines rigorous assessment and affirmation requirements for contractors and subcontractors. Let’s dive into the key elements that shape this crucial aspect of CMMC compliance.

By now, you are likely aware that the Cybersecurity Maturity Model Certification (CMMC) Program Proposed Rule was published in the Federal Register on December 26, 2023. This set into motion a series of deadlines, which will culminate in the full implementation of CMMC 2.0. It also set into motion a flurry of activity within the Defense Industrial Base (DIB) and the realization that a deadline for compliance looms large.

As the digital age unfolds, we continue to see seismic increases — decade-to-decade, year-to-year, and even month-to-month — in the amount of data we create as well as its value to us, both individually and collectively. From medical records, financial statements, and classified government documents to transactional processing systems, customer information, social media engagements, pictures of our pets, and so much more, data is the lifeblood of modern society.

As of August 2023, only 3 out of 23 US government agencies were compliant with Office of Management and Budget (OMB) requirements for log management and security observability. These requirements are outlined in M-21-31, a 2021 memorandum that was issued following Executive Order 14028 on improving national cybersecurity. Until all of these agencies implement the new requirements, the federal government’s ability to fully detect, investigate, and remediate cybersecurity threats will be constrained.

In today’s digital age, destroying data is not as easy as it once was. Before the advent of computers, if you needed to destroy sensitive government information to prevent it from falling into the wrong hands, all you often needed to do was light some papers on fire. With computers, you might think that it’s a simple matter. After all, if you’ve ever accidentally deleted a file or had a hard disk crash, you’ve probably lost data and haven’t been able to recover it.