Apr
17
US civilian federal agencies to impose CMMC-like rules on contractors
Apr 17, 2023
The Department of Defense is working with civilian government departments to impose a new Federal Acquisition Regulation (FAR) rule that requires contractors supporting these agencies to meet new cybersecurity requirements, along the lines of the DoD’s Cybersecurity Maturity Model Certification (CMMC) program. Plans for greater alignment were shared by the chief of defense industrial base cybersecurity at the Office of the DoD CIO, Stacy Bostjanick, at a virtual event early this month.
Apr
13
Less than one year until the current PCI DSS standard is retired. How prepared are you for PCI DSS v4.0?
Apr 13, 2023
March 2022 saw the release of PCI DSS v4.0, the most significant change to the standard since 2004. We are currently in the transition period between v3.2.1 and v4.0 and now is the time for organizations to begin implementing controls in preparation for meeting the updated requirements.
Mar
29
Titania Report Reveals Less Than 40% of Senior Cybersecurity Decision Makers Effectively Prioritize Risks to Payment Card Industry Data Security Standard (PCI DSS) 4.0 Compliance
Mar 29, 2023
New Research Suggests Current Approach to Misconfiguration Detection in Commercial Critical National Infrastructure (CNI) Networks Results in Unquantifiable Levels of Compliance Risk
Mar
15
New SEC Rules for Public Companies Reporting Cybersecurity Incidents to be Finalized in April
Mar 15, 2023
The U.S. Securities and Exchange Commission (SEC) recently announced their intentions to finalize new rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and cybersecurity incident reporting by companies. Public companies need to familiarize themselves with the proposed changes and make the necessary preparations to ensure compliance.
Jan
18
Log4j vulnerability: The threat persists one year on
Jan 18, 2023
In December 2021 news of a critical vulnerability in the Apache Log4j software made the headlines. While it has now been more than one year since the initial alert, and despite patches being released, the vulnerability persists.