CMMC is a complex undertaking. Depending on where you are in your certification journey, you could require consulting, assessment, or both. Fortunately, the CMMC program includes training and authorization for two distinct types of organizations: Registered Provider Organizations (RPOs) and Certified Third-Party Assessment Organizations (C3PAOs), each offering different services. 

We’re discussing these organizations and which one you might want to engage with when preparing for CMMC certification. 

Read More

HIPAA is a core cybersecurity framework for patients and healthcare providers in the U.S. Unfortunately, a new report from the OCR shows an increase in significant events and a lack of resources to follow up on critical compliance issues. 

We’re covering some of this report and the underlying HIPAA requirements reflected in it. 

Read More

While typically not mandatory outside financial sectors, SOC 2 is a reliable security compliance model that any organization can follow. This can be seen in its security assessments, which include a robust list of “Common Criteria,” or broad areas of focus that any secure organization should follow. The recent revision of these criteria in 2023 serves businesses and their security partners to have a handle on what they are and what they mean for security. 

This article will cover the SOC 2 Security Common Criteria in detail and discuss what they mean for your organization and attestation.

Read More