Three Examples of PCI DSS Non-Compliance and What You Can Learn from Them

PCI DSS feaured

The public and private sectors have been increasingly under assault by hackers looking to take information–whether for espionage, blackmail, or profit. And while some of the past few years’ high-profile government and industrial attacks have been at the center of many cybersecurity stories, the reality is that hacks in the retail and consumer spaces have been incredibly impactful.

In fact, some of the largest data breaches have been due, in part, to a lack of compliance with PCI DSS standards… and this presents a major challenge for merchants and payment processors who want to protect their customers’ information. 

Here, we’ll cover three major security breaches related to PCI DSS compliance and what you can learn from them.

 

Read More

Encryption and NIST FIPS 140 (FIPS 140-2)

FIPS featured

In April 2022, NIST stopped accepting applications for validation certificates for the FIPS 140-2 standard of security in lieu of the updated FIPS 140-3. While many companies are still waiting for their FIPS 140-2 certification (if they got their application in before the April deadline), many are now considering adopting the new 140-3 standard. 

But, to understand the new standard, it’s important to understand the old. FIPS 140-2 has been the NIST standard for cryptography for almost two decades, and its impact will still be felt for years to come. 

 

Read More

What is NIST 800-66?

nist 800-66 featured

Securing protected health information (PHI) is one of the paramount cybersecurity concerns of many organizations, both inside and outside the healthcare industry. This information, if released to unauthorized parties, could lead to significant personal harm to patients that organizations must avoid at all costs. 

The Healthcare Insurance Portability and Accessibility Act (HIPAA) governs the protection of PHI, and in doing so, provides the framework by which healthcare organizations must act toward that mission. However, HIPAA isn’t the only source of truth for securing PHI. For additional guidance, compliance and security officers and technical managers will look to another document, NIST 800-66. 

 

Read More