The Health Insurance Portability and Accountability Act, best known as HIPAA, is one of the most well-known healthcare privacy laws in the United States. The primary objective of HIPAA is to safeguard patients' Personal Health Information (PHI). HIPAA's Security and Privacy rules establish guidelines for protecting Electronically Protected Health Information (EPHI), and Trustwave DbProtect is a powerful tool to help achieve this goal.

Coming soon TrustCloud’s New Platform Experience Get ready for a new and improved homepage that gives you a high-level snapshot of your compliance program, risks, employee compliance, automation status, and audit preparedness—all without toggling between apps. See a sneak peek. Coming soon Ask questions, get answers in TrustCloud Forums We created FlightSchool to help you learn about our products, GRC, and trust. Now, you can join the conversation with FlightSchool Forums!

The Department of Defense (DoD) introduced the Cybersecurity Maturity Model Certification (CMMC) in 2019. This framework outlined a series of security standards contractors must meet to win DoD contracts, so it’s a big concern for many companies. However, four years later, the Cybersecurity Maturity Model Certification rollout has yet to take effect. Part of this delay comes from the fact that the DoD has revamped the CMMC.

In today’s ever-evolving digital landscape, organizations operating in regulated industries face the challenge of meeting stringent regulatory requirements to ensure the security and privacy of their systems and data. NIST compliance, guided by key NIST publications, plays a vital role in helping organizations navigate these complex regulatory landscapes effectively.

Say you’re a medium-sized financial organization. Your clients trust you to not only provide excellent financial services, but to keep their money, financial data, and personal data safe. Unfortunately, the amount of money you store and move attracts a wide array of cybercriminals. Staying safe can become complicated, but no bank, trust, or credit union wants to gain headlines and lose customers over a breach. That’s where SOC2 (System and Organization Controls), can make a major difference.

We are thrilled to announce that ARMO, the makers of Kubescape and ARMO Platform, has successfully obtained the SOC 2 certification. This achievement underscores ARMO’s unwavering commitment to maintaining the highest standards of security, privacy, and operational excellence for its customers and users. With the SOC 2 certification, ARMO demonstrates its dedication to safeguarding customer data and fortifying trust in its platform.

Whether it is reporting a phishing email or something that might be illegal that a coworker is doing, your employees should be a strong last line of defense for security and compliance. According to Gartner, almost 60 percent of all misconduct that is observed in the workplace never gets reported. For decades both compliance officers and security leaders have known that the earlier employees report incidents, the lower the risk. Yet low reporting rates continue to be a problem.

The Gramm-Leach Bliley Act (GLBA or GLB Act), or financial modernization act, is a bi-partisan federal regulation passed in 1999 to modernize the financial industry. It repealed vast swathes of the Glass-Steagall Act of 1933 and the Bank Holding Act of 1956, allowing commercial banks to offer financial services such as investments or insurance. It also controls how financial institutions deal with their customer's private information.

In March 2022, the U.S. Securities and Exchange Commission (SEC) issued a proposed rule, the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, that, if adopted, would require companies to disclose their cybersecurity governance capabilities and the role of the board concerning oversight of cyber risk.

Businesses in all industries face a constant barrage of threats and attacks. For government contractors (GovCons) handling sensitive information, ensuring robust security measures is paramount. A Managed Security Services Provider (MSSP) can be a valuable partner in safeguarding your organization’s critical assets. In this section, we will explore what an MSSP is, why GovCons need one, how to choose the right MSSP, and the essential questions to ask before hiring one.