Back in August 2022—while rulemaking for the Cybersecurity Maturity Model Certification (CMMC) was ongoing (as it still is)—the Joint Surveillance Program (JSP) was sanctioned by the DoD and CyberAB as an interim step in the CMMC program that allowed organizations to pursue a formal DIBCAC High (NIST 800-171) assessment.
To accommodate the ever-evolving cybersecurity threat landscape, HITRUST has released HITRUST CSF v11.2.0, updating its framework to include more pertinent concepts—one of the most notable additions is artificial intelligence (AI) risk management content.
The regulation and responsible use of artificial intelligence (AI) has been a hot topic of 2023, prompting the release of NIST’s AI Risk Management Framework to help organizations secure this emerging tech. More standards are on the way that will address the need to implement safeguards addressing the security, safety, privacy, fairness, transparency, and data quality of AI systems throughout their life cycle—including ISO/IEC 42001.
Comprised of both the PCI Secure Software Lifecycle (Secure SLC) Standard and PCI Secure Software Standard, the PCI Software Security Framework (SSF) is intended to help secure the design, development, and maintenance of software in payment environments. And while secure coding can be difficult, taking a conceptual approach to software development may make it—and PCI SSF compliance—a little easier.
If you’re in healthcare, you likely already know that maintaining HIPAA compliance requires a very thorough risk assessment. What you may not know is that HIPAA risk assessments are also an aspect of the law that is too often overlooked.
President Biden has issued a groundbreaking Executive Order to steer America toward leadership in harnessing the potential of artificial intelligence (AI) while managing its associated risks.
To address some of the past confusion regarding the dating of PCI reports, the PCI Security Standards Council (SSC) has altered the report date methodology for PCI DSS v4.0 to provide more clarity and consistency to this process.
The Cybersecurity Maturity Model Certification (CMMC) is a new framework that aims to better secure federal contract information (FCI) and controlled unclassified information (CUI) that is stored, processed, or transmitted by defense contractors and the entire defense industrial base (DIB).