What Is CJIS Compliance?

We’ve covered several areas regarding data privacy and security. These discussions have covered private security frameworks, government-enforced regulations, and guidelines shoring up IT security for federal and national defense agencies and contractors.  Another area of security and data privacy is law enforcement. It’s perhaps unsurprising that law enforcement and other national security agencies would handle… Read More

What Are GDPR Penalties?

Have you noticed the increasingly-complex cookie disclosure forms popping up on even the most unassuming website? These expanded forms aren’t present because digital businesses have suddenly decided informing customers about their data collection practices is an ethical imperative. Instead, these companies are most likely working with customers in both the U.S. and the EU, and… Read More

What Are Carve-Out and Inclusive Auditing Methods for SOC Reporting?

SOC audits are some of the most common non-regulatory audits in the U.S. These attestations provide companies with a way to demonstrate their dedication to transparent and secure financial reporting and protecting consumer information. Accordingly, SOC reporting can become an in-depth and complicated task that is rendered even more complicated when factoring in subservice providers. … Read More

What is the Difference Between DFARS and CMMC?

Security and compliance are paramount in the defense industry–even for unclassified information, like Controlled Unclassified Information (CUI). The operations of these particular industries call for the utmost discretion, and all stakeholders must be on the same page.  As modern digital infrastructure makes its way into the defense supply chain, it’s equally crucial for contractors and… Read More

IRS 1075 and NIST | How Do NIST Guidelines Affect IRS 1075 Regulations?

The Internal Revenue Service is one of the largest and most essential federal government agencies… which means that there is a lot of opportunity for third-party contractors and managed service providers to offer products to support its mission. It also means that these contractors will be expected to adhere to security standards, specifically those outlined… Read More

NIST SP 800-171 vs. 800-172: What’s the Difference?

The unveiling of CMMC 2.0 last November raised a lot of questions, but also brought a lot of relief. The streamlining of security around Controlled Unclassified Information (CUI) will help defense agencies and contractors better secure their systems without burdening them with operational overhead. This is crucial for organizations who want to support these agencies… Read More