Sal Marino

Preparing for NIST Cybersecurity Framework Compliance

Preparing for NIST Cybersecurity Framework Compliance

The NIST Cybersecurity Framework is a set of guidelines and best practices for organizations seeking to improve their information security posture. While originally intended for the critical infrastructure sector, it has been widely adopted around the world across all industries as one of the most recognized standards.

NIST CSF Cloud Security: 5 Ways It Helps

NIST CSF Cloud Security: 5 Ways It Helps

There is no denying the benefits of cloud computing in today’s hyper connected age. But at the same time, this relatively new computing model presents some unique security concerns. After all, the ability to access business-critical apps and data from anywhere and on any device can also mean it is easier for malicious actors to do the same.

NIST CSF FAQs: Is It Right Option for Your Organization?

NIST CSF FAQs: Is It Right Option for Your Organization?

Every business in existence has valuable and sensitive data at its disposal, and protecting it from the myriad threats out there has become a top priority. The National Institute of Standards and Technology (NIST) Cybersecurity Framework is thus top of mind for many organizations.

Why Following NIST CSF Requirements is More Important Than Ever

Why Following NIST CSF Requirements is More Important Than Ever

Far too many business leaders still consider the needs of information security to be a burden, and a costly and time-consuming one at that. But as the threat landscape continues to evolve alongside technological advancement, the need for achieving the highest possible standards of cybersecurity is clearer than ever. It’s not just about protecting information systems either. It’s also about adding ...

CMMC Compliance Checklist: 4 Things Not To Overlook

CMMC Compliance Checklist: 4 Things Not To Overlook

The Cybersecurity Maturity Model Certification (CMMC) replaces the current DFARS 252.204-7012 clause that defense contractors currently have to when entering into a contract with the Department of Defense. Based on the NIST SP 800-171 framework, albeit with the addition of various other processes and practices, CMMC compliance spans five levels, with the third one being the minimum requirement ...

How Does the CMMC Accreditation Body Qualify Assessors?

How Does the CMMC Accreditation Body Qualify Assessors?

Although there have been several delays since the Cybersecurity Maturity Model Certification was first announced, 101 experienced professionals have now been chosen to become future CMMC auditors. Most have now completed their training, thus providing valuable insights that will influence the training of registered provider organizations (RPOs).

DFARS 252.204-7012: How do your accountability standards measure up?

DFARS 252.204-7012: How do your accountability standards measure up?

When a data breach occurs, one of the first things business leaders tend to think about is who or what to blame. This can be a difficult question to answer, in which case the blame will likely shift throughout the organization as leaders, employees, and departments point the finger at one another, often without any solid evidence. If that situation sounds familiar, then you might have a serious ...

What the new HIPAA compliance requirements mean for your business

What the new HIPAA compliance requirements mean for your business

Every organization within the healthcare sector, including their suppliers, is legally obliged to take every reasonable step to safeguard the confidentiality, security, and integrity of protected health information (PHI) according to the health insurance portability and accountability act. A failure to comply with HIPAA regulations can result in civil action and substantial fines, as well as ...

5 ways to evaluate HIPAA-compliant storage services

5 ways to evaluate HIPAA-compliant storage services

The health insurance portability and accountability act (HIPAA) was introduced in 1996, when the information technology landscape looked very different to how it does today. As such, it is often difficult to interpret in the context of a modern IT environment, which typically makes use of a wide range of hosted services and mobile technologies. Neither of these things existed in any significant ...

Examples of Unintentional HIPAA Violations: Ensure You Don’t Make Them

Examples of Unintentional HIPAA Violations: Ensure You Don’t Make Them

Every healthcare organization wants to avoid violating regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). According to HIPAA, only staff involved in patient care, healthcare billing, and other critical processes should have access to patient health information (PHI). Additionally, these people should have only minimal access to private data. In other ...