By:
Chad Goubeaux
August 27th, 2025
If you’re considering a SOC 2 audit, be it due to a customer request or to strengthen your security posture, you may already understand that this examination will include an evaluation of your product or service on a more operational and security-oriented level. You may even already grasp that during a SOC 2, your scope will be evaluated against a set of trust services criteria (TSC) that provide the backbone of the assessment. But what are the trust services categories, the criteria that make up each category, and which ones will you actually need for your SOC 2 audit? At Schellman, we have over two decades of experience in SOC 2 examinations, and we want to help you navigate what can be a complex process. Read on to discover what inclusion of each category will mean for your SOC 2 examination. From there, we’ll give you some guidelines for your internal conversations when making your choice. Afterwards, you’ll be that much closer to pinning down what you need from your upcoming SOC 2 report.
By:
Josh Tomkiel
August 26th, 2025
After nearly a decade of leading penetration testing engagements and growing our team from one tester to 43 professionals, we've learned that the questions you ask during vendor selection can determine whether you'll receive genuine security value and a successful engagement, or just frustrating checkbox exercises.
Cybersecurity Assessments | Compliance and Certification | Crypto and Digital Trust
By:
Avani Desai
August 20th, 2025
On July 18, 2025, President Trump signed the GENIUS Act into law, marking a major milestone for the U.S. digital asset ecosystem. For the first time, there is a federal framework that governs how payment stablecoins are issued, secured, and monitored.
FedRAMP | Federal Assessments | CMMC
By:
Matt Hungate
August 19th, 2025
If you develop or sell commercial-off-the-shelf (COTS) technology that ends up in Department of Defense (DoD) environments, there’s a new bar you have to clear. Katie Arrington, the acting DoD CIO has issued a new memo that directly impacts how you manage your software supply chain, and it’s going to change how COTS vendors prepare for procurement.
Artificial Intelligence | ISO 42001
By:
Danny Manimbo
August 18th, 2025
As the need for innovative artificial intelligence grows, regulatory bodies are working quickly to create frameworks that balance acceleration with safety, accountability, and trust. Notably, the European Union’s AI Act is poised to reshape how organizations approach AI governance, especially when it comes to general-purpose AI (GPAI) models.
Cybersecurity Assessments | Federal Assessments
By:
Douglas Barbin
August 13th, 2025
This signals document reviews the current state of software security initiatives in the federal government and the Department of Defense (DoD), highlighting key programs and policies aimed at enhancing cybersecurity. This includes the recent Executive Order 14306 (signed on June 6th), the DoD’s new Software Fast Track (SWFT), and SSDF and associated CISA attestations under the Biden Administration, part of which were rescinded via Executive Order 14144.
Artificial Intelligence | ISO 42001
By:
Danny Manimbo
August 11th, 2025
The global push to both regulate and strategically accelerate the development of artificial intelligence (AI) has gained momentum over the past year, resulting in a diverse landscape of evolving frameworks, policies, and executive directives. In the United States, this dual focus on oversight and innovation has translated into a series of executive orders and formal federal AI governance initiatives.
By:
Matt Hungate
August 7th, 2025
The FedRAMP 20x pilot marks the most significant shift in federal cloud security in over a decade. Launched in May 2025, the program aims to modernize the authorization process by emphasizing speed, automation, and real-time security validation. For organizations pursuing Low Baseline authorization, the 20x path offers a faster, more efficient entry point into the federal market.