At TrustCloud, we’re on a mission to democratize compliance, so we’re kicking off GRC Newsflash – a series where our experts give you a quick rundown on the latest buzz happening in the GRC, security, and privacy world. Today’s edition features our Compliance Specialist Frank Kyazze, and covers updates of the NIST Cybersecurity Framework 2.0, announced on August 8, 2023.

Whether you’re a large or small business, the cybersecurity framework by the National Institute of Standards and Technology (a federal agency of the U.S. Department of Commerce) offers an efficient roadmap to an improved cybersecurity posture. Compared to other popular cyber frameworks, like ISO 27001, NIST CSF is more effective at mitigating data breaches, especially during the initial stages of implementing a cyber risk management program.

Digital transactions and personal data sharing have become the norm, and protecting sensitive financial information is now more important than ever before. This is where a PCI-Qualified Security Assessor (QSA) comes in.

In today's interconnected and digital world, businesses face increasing risks, particularly in the realm of cybersecurity. To address these risks and ensure the operational resilience of financial institutions, industries and governments push for regulatory frameworks. Two prominent examples are the EU's Digital Operational Resilience Act (“DORA”) and the UK's Prudential Standard PS21/3 (“PS21/3”).

As technology advances and the use of biometric data becomes more prevalent, it is crucial to address the privacy concerns and regulatory compliance associated with this sensitive data. The General Data Protection Regulation (GDPR) plays a key role in safeguarding individuals’ privacy rights and ensuring the responsible handling of biometric data. Artificial Intelligence (AI) can also be utilized to ensure compliance and responsible handling of biometric data.

Germany is widely acknowledged as one of the most technologically advanced nations. However, this prominence also implies a significant reliance on its critical infrastructures (KRITIS), which are essential to the smooth operation of the state and society. To safeguard these infrastructures, Germany has enacted new laws, IT Security Act 2.0 and KRITIS Regulation 2.0, that aim to improve the security of IT systems.

TrustCloud is proud to present the 2023 Security SaaS Leaderboard – a list of the most popular vendors for security- and trust-related programs, based on analysis of the software platforms our customers are connecting to on the path to trust assurance.

Customers come to us for many reasons: to spend less time preparing for audits and answering security questionnaires, to prove their impact to their boss and board, to log into fewer systems, to save money, to strengthen their security posture, to make it easier for their colleagues to support compliance efforts – to name a few.

In the dynamic and ever-shifting realm of cybersecurity, the Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) has emerged as a cornerstone framework, designed to ensure the safety of critical network and information systems across the European Union. This recent directive, which has entered into force, holds considerable significance, casting far-reaching implications for diverse sectors and entities operating within the EU.