Compliance & Regulation

“Take the CISO job,” they said. “It’ll be great,” they said. The role of the Chief Information Security Officer has always been a dynamic one. From securing endpoints and networks...

The Risk Management Framework (RMF) is a set of criteria that dictate how the United States government IT systems must be architected, secured, and monitored. Originally developed by the Department...

The United States Department of Defense is implementing the Cybersecurity Maturity Model Certification (CMMC) to normalize and standardize cybersecurity preparedness across the federal government’s defense industrial base (DIB). This piece...

No. That’s the answer in their FAQ. Out-of-the-box Office 365 is not HIPAA compliant, and you need to take the appropriate steps to ensure your organization stays compliant. As the...

HIPAA fines cost ten companies $28.7 million in 2018, which broke the previous 2016 record for HIPAA fines by 22%! That’s only 10 HIPAA cases resolved out of 25,912 complaints...

It’s 2020, do you know where your data is?  If you answered yes to that rhetorical question, you have a decent grasp of data governance. If not, it’s time to...

Happy 2020!  The New Year brings Californians under the California Consumer Privacy Act (CCPA). CA consumers can ask state-based companies for all relevant data, and to request that companies delete...

Contrary to conventional wisdom, the US does indeed have data privacy laws. True, there isn’t a central federal level privacy law, like the EU’s GDPR. There are instead several vertically-focused...

For anyone who’s spent time looking at data security laws and regulations, you can’t help but come across the words “reasonable security”, or its close cousin “appropriate security”.  You can...

The California Consumer Privacy Act (CCPA) is “the first consumer privacy act in the country,” as one California legislator put it.  No other US state has provided its citizens with  GDPR-like...