The California Consumer Privacy Act (CCPA) is reminiscent of Michael Meyers, Freddie Krueger, or Ghostface in that no matter how many times you think its presence is done, it keeps coming back with more. While privacy professionals have been tracking the slow rulemaking process for some time, the newly approved regulations may have startled others, fittingly just in time for spooky season.

As organizations continue to transition to PCI DSS v.4.x, they encounter updated requirements for authentication, especially considering the emerging phishing-resistant technologies like passkeys. To help clarify these changes, the PCI Security Standards Council has released two key FAQs: FAQ 1595 and FAQ 1596, offering valuable insights into the use of passkeys, FIDO2-based authentication, and their alignment with multi-factor authentication (MFA) and phishing-resistant protocols.

If you thought developing and implementing your AI system was a challenge, just wait until you attempt to ensure your AI system complies with conflicting international laws simultaneously.

Since the beginning of 2024, FedRAMP Revision 5 has mandated that organizations not only perform traditional penetration tests, but also undergo comprehensive red team engagements. This new requirement reflects a broader emphasis on assessing not just technical vulnerabilities, but also the effectiveness of an organization’s overall security posture, including it’s response to sophisticated and realistic threats. Over the past year, we’ve conducted many red team exercises, each tailored to different organizational environments and threat landscapes. These engagements have varied significantly in scope and complexity, offering us a wealth of insights into both our successes and the challenges we’ve faced.

As artificial intelligence continues to become widely embedded in critical business decisions, strategies, and processes, it increasingly faces growing scrutiny from regulators, customers, and the public. While AI offers unprecedented opportunities for operational enhancements and innovation, it also introduces new risks.

Colorado is leading the charge of U.S. AI policy with the Consumer Protections for Artificial Intelligence (SB24-205) law. This law, commonly referred to as the Colorado AI Act (CO AI Act), is the first enacted comprehensive state law regulating high-risk AI systems. Signed in May 2024, it sets a precedent for balancing innovation with consumer protection through requirements on transparency, accountability, and fairness.

Though servers have typically been the norm among organizations since the inception of the computer, there’s been a slow transition through different architecture since then. Though going serverless has been the latest trend within the last decade, many still have plenty of questions regarding this potential option.

Effective May 16, 2024, Version 2 of the Health Data Host (HDS) Referential went into force with a two-year transition period. This means if you are currently HDS certified, you’ll have to transition to the new version before May 16, 2026. This transition brings many positive changes, including a clarification of the applicable hosting activities, removal of distinction between physical hosting and IT managed services providers, removal of references to controls within the ISO 20000-1 and ISO 27018 standards, requirement for data localization within the European Economic Area (EEA), and more. However, we have noticed particular challenges that companies pursuing HDS certification tend to struggle with. In this article, we’ll break down those trends faced by organizations within the new HDS framework so that you can focus on those areas that may take more time for implementation or remediation in your own compliance journey.