The Charles IT Blog

Identification and authentication is one of the central pillars of any cybersecurity strategy, and it is essential to achieving compliance with the DFARS 252.204-7012 clause. Based on NIST SP 800 171, compliance requires adherence to all the primary domains of information security. This also includes measures like mandatory security awareness training, encryption of data at rest or in transit, ...

Configuration management is one of the 14 control families covered under the NIST SP 800 171 cybersecurity framework. Adherence to the globally recognized standard is an essential part of achieving compliance with the DFARS 252.204-7012 clause. This is mandatory for any organization that makes up part of the 200,000-strong Defense Industrial Base (DIB), or any business that hopes to win requests ...

When a data breach occurs, one of the first things business leaders tend to think about is who or what to blame. This can be a difficult question to answer, in which case the blame will likely shift throughout the organization as leaders, employees, and departments point the finger at one another, often without any solid evidence. If that situation sounds familiar, then you might have a serious ...

Most people still think of cybersecurity as a technical challenge and that only the IT department needs to worry about it. This widespread misconception is exactly the reason why employees are often the weakest link in an organization’s security posture. After all, cybercriminals have a far easier time exploiting human ignorance and unpreparedness than trying to break through encryption ...

Access control is one of the fourteen groups of information security requirements specified by the NIST 800-171 standard. The standard aims to set a baseline for controlling access to any sensitive data, and adherence to it is a requirement for any organization that forms part of the Defense Industrial Base (DIB). This is according to the DFARS 252.204-7012 clause, which has been included in DoD ...

Any Department of Defense (DoD) contractor must comply with the security standards of the Defense Federal Acquisition Regulation Supplement (DFARS) before it can be given access to controlled unclassified information (CUI). 

Every organization within the healthcare sector, including their suppliers, is legally obliged to take every reasonable step to safeguard the confidentiality, security, and integrity of protected health information (PHI) according to the health insurance portability and accountability act. A failure to comply with HIPAA regulations can result in civil action and substantial fines, as well as ...

It's been several years since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was last updated, with the most recent changes being those pertaining to the Omnibus Rule in 2013. This revision saw the introduction of new requirements mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act.

As the digital transformation of healthcare continues to gain ground, adherence to the health insurance portability and accountability act (HIPAA) is more important than ever. The threats are real, and healthcare is a top target for attackers, so it’s never too soon to reevaluate your compliance posture.

The health insurance portability and accountability act (HIPAA) was introduced in 1996, when the information technology landscape looked very different to how it does today. As such, it is often difficult to interpret in the context of a modern IT environment, which typically makes use of a wide range of hosted services and mobile technologies. Neither of these things existed in any significant ...