We are big believers in packaging your compliance needs into a single, effective standard within your organization. It doesn’t make any sense to double up on work, and streamlining compliance across multiple standards makes your efforts better and faster.  In light of that, we’re discussing how you can streamline some of your existing ISO compliance… Read More

In today’s digital age, cybersecurity is not just a technical necessity but a critical compliance requirement. Organizations worldwide face rigorous regulations to safeguard sensitive data and maintain public trust.  The Common Criteria certification is a pivotal standard in cybersecurity compliance among these regulatory frameworks.  This article will discuss how CC plays a role in other,… Read More

We use “the digital supply chain” regularly because enterprise and government businesses rely heavily on it. The relationships between vendors, cloud providers, software, and customers are so deeply intertwined that it’s impossible to avoid the big picture–that security is a complex activity that can span dozens of entities.  A recently discovered flaw in the R… Read More

We’ve previously written about the importance of NVLAP Common Criteria accreditation for lab testing and validating products for use in high-risk industries. It’s probably unsurprising that we are markedly interested in cybersecurity labs’ requirements.  Here, we’re discussing NVLAP Common Criteria accreditation for cybersecurity labs–what it is, how it is unique for assessed labs, and some… Read More

Unfortunately, HIPAA data breaches are increasingly common. Kaiser Permanente, one of the largest healthcare insurance providers in the U.S., recently reported a massive exposure of millions of patient records (Protected Health Information, or PHI).  This unfortunate event also serves as a learning moment for companies who may not understand how to avoid such unintended consequences.… Read More

Government agencies (and their vendors and partners) are increasingly entrusted with sensitive data. Accordingly, protecting critical infrastructure and cybersecurity are both top priorities. The tools they use must come from time-tested and verified protocols to ensure they are secure and not tampered with. In turn, this means that these tools must come from labs that… Read More

Streamline Compliance and Documentation with Continuum GRC AI Automate reporting with machine learning and AI. The Necessity of Accurate Reporting in Compliance Documentation and reports are the end product and backbone of your compliance efforts. They are how your organization demonstrates compliance with relevant regulatory and governing bodies.

We’ve written extensively about CMMC and NIST Special Publication 800-171, which cover the handling and protection of Controlled Unclassified Information (CUI). But what is CUI? How is it created, and why is it so important to protect? Here, we’re digging into CUI and why it’s integral to significant cybersecurity frameworks in the federal marketplace.   

Our previous articles on CMMC Level 1 certification focused on what organizations need to know when conducting self-assessments. These documents relied primarily on the fact that the contractor would do their assessments and reporting.  With Level 2 certification, the game changes. Not only are nearly all assessments performed by C3PAOs, but their requirements expand nearly… Read More

Our previous article discussed what it meant to scope your self-assessment while pursuing Level 1 Maturity under CMMC. This approach included identifying the boundaries of FCI-holding systems and comprehensively cataloging technology, people, and processes that play a part in that system.  Here, we take the next step and cover CIO guidelines for performing your self-assessment. … Read More

Most security standards, including government standards, require cryptography. We are generally familiar with implementing a cryptographic algorithm that meets these requirements and calling it a day. However, to ensure security, NIST also publishes standards for validating encryption modules to ensure they serve their purpose under federal standards.  Here, we’re discussing the Cryptographic Algorithm Validation Program… Read More

One of the more significant changes in the new CMMC 2.0 guidelines was the move from third-party to self-assessment at Level 1 maturity. At Level 1, contractors can perform a self-assessment rather than engage with a C3PAO, significantly reshaping their obligations and the associated costs and effort for compliance.  Here, we’re covering the CIO’s guidance… Read More