Apr

17

US civilian federal agencies to impose CMMC-like rules on contractors

Apr 17, 2023

The Department of Defense is working with civilian government departments to impose a new Federal Acquisition Regulation (FAR) rule that requires contractors supporting these agencies to meet new cybersecurity requirements, along the lines of the DoD’s Cybersecurity Maturity Model Certification (CMMC) program. Plans for greater alignment were shared by the chief of defense industrial base cybersecurity at the Office of the DoD CIO, Stacy Bostjanick, at a virtual event early this month.

SHARE

Apr

13

Less than one year until the current PCI DSS standard is retired. How prepared are you for PCI DSS v4.0?

Apr 13, 2023

March 2022 saw the release of PCI DSS v4.0, the most significant change to the standard since 2004. We are currently in the transition period between v3.2.1 and v4.0 and now is the time for organizations to begin implementing controls in preparation for meeting the updated requirements.

SHARE

Mar

29

Titania Report Reveals Less Than 40% of Senior Cybersecurity Decision Makers Effectively Prioritize Risks to Payment Card Industry Data Security Standard (PCI DSS) 4.0 Compliance

Mar 29, 2023

New Research Suggests Current Approach to Misconfiguration Detection in Commercial Critical National Infrastructure (CNI) Networks Results in Unquantifiable Levels of Compliance Risk

SHARE

Mar

15

New SEC Rules for Public Companies Reporting Cybersecurity Incidents to be Finalized in April

Mar 15, 2023

The U.S. Securities and Exchange Commission (SEC) recently announced their intentions to finalize new rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and cybersecurity incident reporting by companies. Public companies need to familiarize themselves with the proposed changes and make the necessary preparations to ensure compliance.

SHARE

Jan

18

log4j vulnerability

Log4j vulnerability: The threat persists one year on

Jan 18, 2023

In December 2021 news of a critical vulnerability in the Apache Log4j software made the headlines. While it has now been more than one year since the initial alert, and despite patches being released, the vulnerability persists.

SHARE

In Association With