Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Compliance

Introducing AI Data Import for Access Reviews

Conducting regular user access reviews is an effective way to make sure your organization is securing access to critical systems and third-party vendors. Frameworks like SOC 2 and ISO 27001 even require proof of regular access reviews to demonstrate compliance. ‍ Without automation, access reviews are tedious and time-consuming, requiring IT and security teams to manually record user access information in a spreadsheet and take countless screenshots of access permissions screens. ‍

Introducing NIST AI RMF: Monitor and mitigate AI risk

The pace and complexity of AI technologies is increasing every day. In this rapidly changing environment, it’s critical for companies to adopt a rigorous approach to safely and responsibly incorporating AI into their products and processes. ‍ That’s why we’re excited to announce that the NIST AI Risk Management Framework (RMF) is now available in beta.

What Are the Similarities and Differences Between FISMA vs. FedRAMP Certification?

The U.S. federal government has many laws and regulations intended to assure strong cybersecurity for government agencies. Two of the most important are the Federal Information Security Management Act (FISMA) and the Federal Risk and Authorization Management Program (FedRAMP). Both FISMA and FedRAMP have the same fundamental goal: to assure that federal agencies and their vendors protect government data. That said, they also differ in many ways.

PCI DSS Requirement 5 - Changes from v3.2.1 to v4.0 Explained

Welcome back to our ongoing series on the Payment Card Industry Data Security Standard (PCI DSS). We’ve been journeying through the various requirements of this critical security standard, and today, we’re moving forward to explore Requirement 5 of PCI DSS v4.0.

Manual GRC: Why Spreadsheets Are Not the Solution

In today’s rapidly evolving business environment, the stakes for maintaining robust governance, risk management, and compliance (GRC) practices have never been higher. Regulators and auditors are scrutinizing areas such as risk management, regulatory mandates, cybersecurity, vendor management, and more with unprecedented rigor.

What Are Compliance Automation Tools?

Staying compliant with ever-changing regulatory and risk management standards can be a daunting task. Compliance automation tools have emerged as a vital solution, simplifying and streamlining your work to meet legal and industry standards. This blog explores the intricacies of compliance automation, the tools involved, and how they revolutionize the way organizations approach regulatory compliance.

How to Comply with NIST SP 800-171 Revision 3

The National Institute of Standards and Technology (NIST) developed the NIST 800-171 framework to set guidelines and security requirements for protecting controlled unclassified information (CUI). NIST first created the framework in June 2015 but has since revised the publication several times, most recently in November 2023.

Cybersecurity Standards vs Procedures vs Controls vs Policies

Cybersecurity is a vast and complex field, and it’s made more complicated as technology – both infrastructure and in terms of cyberattacks – grows more and more sophisticated. Any large and complex industry grows terminology and jargon like leaves on a tree, and cybersecurity is no different. There are dozens, if not hundreds, of specialized terms that are used in narrow and specific ways throughout the industry.

Expedite CMMC With Keeper Security

The U.S. Department of Defense (DoD) introduced its Cybersecurity Maturity Model Certification (CMMC) program in early 2020. CMMC is a security framework and assessor certification program designed to ensure that all Defense Industrial Base (DIB) contractors meet at least basic cybersecurity requirements for handling Controlled Unclassified Information (CUI), which includes compliance with a variety of standards published by the National Institute of Standards and Technology (NIST).