The Service Organization Control (SOC) standard is a well-known, but often misunderstood, approach to cybersecurity. It’s not mandatory, it has several methods, and some attestations involve different types of reports and assessments.
Sometimes, the most difficult challenge is understanding the breakdown between reports. While SOC 2 is the most well-known and deployed assessment on the market, many organizations opt to get a SOC 3 report.
January 26, 2022–The White House is expected to release a new strategy related to cybersecurity to address modern threats and vulnerabilities. Stemming from Executive Order 14028 on Improving National Cybersecurity, this strategy is expected to implement new standards and requirements for federal agencies built around the concept of zero-trust security.
What is zero trust, and how does it shape cyber defense? It will be the new paradigm around which IT, cloud systems, and information governance will revolve for government agencies.
The Federal Information Security Act, or FISMA, is a comprehensive cybersecurity law that has a widespread impact on federal agencies, state agencies handling federal programs and contractors and service providers working with these agencies. As such, its effect is wide-ranging, and FISMA requirements often overlap or inform other, more specific compliance frameworks.
However, at its core, FISMA dictates some of the basic and most fundamental cybersecurity practices that governed organizations must adhere to. Learn more about what it means to meet FISMA compliance.