CMMC Compliance: NIST 800-171
In November 2021, the US Department of Defense (DoD) announced Version 2.0 of the Cybersecurity Maturity Model Certification (CMMC) information security framework and audit program. Driven by internal review and public comment, CMMC 2.0 updates the requirements for CMMC Version 1.02, released in January 2020 and now suspended. CMMC 2.0 [...]
NYDFS Cybersecurity Regulation Compliance Tips
The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation requires New York insurance companies, banks, and other regulated financial services institutions—including agencies and branches of non-US banks licensed in the state of New York—to assess their cybersecurity risk profile. The NYDFS Cybersecurity regulation is designed to protect consumers [...]
FAQs on SOC 1 Certification
The cornerstone of trust in financial reporting is achieved through SOC 1 Reports. Organizations can effectively communicate information about their risk management and control framework to multiple stakeholders. SOC 1 reports are ideally suited for businesses that handle financial or non-financial information for their clients that impact the customer financial [...]
A Primer on SOC 1 Audit
If your organization handles, processes, stores, or transmits financial information, or information that can impact the financial statements of your customers, then a SOC 1 audit can help evaluate the internal controls of your organization and review how your organization protects client data. An organization may be required to obtain [...]
FedRAMP and NIST 800-53
The United States Federal Risk and Authorization Management Program, known as FedRAMP, is one of the federal government’s most rigorous security compliance frameworks. It enables the federal government to accelerate the adoption of cloud computing by creating transparent standards and processes for security authorizations. FedRAMP provides a standardized approach to [...]