What Are SOC 3 Reports?

Feb 2, 2022 Continuum GRC 0 Comment

The Service Organization Control (SOC) standard is a well-known, but often misunderstood, approach to cybersecurity. It’s not mandatory, it has several methods, and some attestations involve different types of reports and assessments.

Sometimes, the most difficult challenge is understanding the breakdown between reports. While SOC 2 is the most well-known and deployed assessment on the market, many organizations opt to get a SOC 3 report.

CMMC 2.0 Maturity Levels and NIST 800-171

Jan 1, 2022 Continuum GRC 0 Comment

The original CMMC (version 1.0) was based on several cybersecurity guidelines, most prominently NIST 800-171. With the announcement of CMMC version 2.0 in early November 2021, however, the alignment between the frameworks and the NIST document has changed a bit. Fortunately, this change seems to be for the better, or at least more intuitive, for assessors and contractors.

Here, we’ll discuss how the new CMMC 2.0 assessment levels align with NIST 800-171 and how this can help contractors more readily meet their security obligations once the new framework goes into effect.

Continuum GRC Assessment, Audit and Risk SaaS Achieves FedRAMP Authorization

Dec 6, 2021 Michael Peters 0 Comment

Scottsdale, Arizona, November 15, 2021 (Continuumgrc.com) – Continuum GRC, Inc. has been granted its FedRAMP Authorization by the Federal Risk and Authorization Management Program (FedRAMP) program.