For as long as the concept of cybersecurity has been around, much of the focus has centered on sophisticated technical controls—firewalls, password strength, network segmentation, endpoint protection, encryption, etc. And while implementation and regular testing of all these measures does better safeguard your organization, you also need to secure your people. In that, a social engineering campaign can help immensely.

Looking back, December 2023 was a big month for the Department of Defense (DoD). Not only did they release the 32 CFR Part 170 - Cybersecurity Maturity Model Certification (CMMC) Proposed Rule, but they also published a memorandum titled Federal Risk and Authorization Management Program (FedRAMP) Moderate Equivalency for Cloud Service Provider’s (CSP) Cloud Service Offerings (CSOs). The latter, in a huge development, clarified requirements for CSOs that are currently (or will be) storing, processing, or transmitting Covered Defense Information (CDI)—more commonly referred to as Controlled Unclassified Information (CUI)—although there are some nuances that must be understood.

Whether you’ve already completed your first audit or you’re planning your compliance calendar for the new year, you know that compliance is more than a bullet point on a strategy slide deck—it’s a serious investment and a process that will recur year-over-year, so you can’t drop the ball in between assessments, especially amidst an ever-evolving cyberthreat landscape. To help your organization remain safeguarded between your audit cycles, you should seek to strengthen and streamline your compliance—the good news is, there are ways to do that.

Did you recently implement a new artificial intelligence (AI) feature within your application and now your customers are starting to ask for AI-specific penetration tests? Are you curious as to how an assessment like that would work? As with all these exercises, it starts with scoping.

Back in March 2022, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) was signed into law as yet another regulation aiming to enhance federal cybersecurity by requiring critical infrastructure entities to report cyber incidents to the Cybersecurity and Infrastructure Security Agency (CISA). Two years later, on April 4, 2024, CISA published its proposed rule to codify CIRCIA’s specific mandates, which are expected to take effect in 2026.

Now that the DoD Cloud Computing Security Requirements Guide (SRG) v1r4 has been officially retired, cloud service providers (CSPs) will need to familiarize themselves with the two new documents that have replaced those requirements—the latest DoD CSP SRG v1r1 and DoD Mission Owner (MO) SRG—to maintain compliance with applicable mandates.

TAMPA, Fla. – August 21, 2024 – Schellman, a leading provider of attestation and compliance services and a top 50 CPA firm, is excited to welcome six distinguished leaders to its inaugural Advisory Board, marking a significant move to bolster leadership.

Ever been to a water park and gone down one of those enormous slides? If so, you likely remember there being a park lifeguard at the top of the slide and near the bottom to ensure your continued safety. But imagine if those employees weren’t trained in safety and first aid—of course, the ride was likely designed well and with other safeguards, but it would make for a serious oversight by the park to do all that while not also ensuring their employees keep guests safe.