Security, Log Management, and CMMC

Apr 24, 2025 Continuum GRC 0 Comment

Effective log management is critical to CMMC. It ensures organizations can monitor, analyze, and respond appropriately to security incidents. Properly implemented, log management supports compliance, enhances security posture, and provides a foundation for forensic analysis.

Here, we’ll discuss some of the particulars of log management under CMMC, covering the technical aspects of log management within the framework and referencing official documentation to guide organizations toward compliance.

Awareness Continuum GRC

Strengthening HIPAA with New Rule Proposal (March 2025)

Apr 17, 2025 Continuum GRC 0 Comment

In January 2025, the U.S. Department of Health and Human Services (HHS) proposed significant amendments to the HIPAA Security Rule. These proposed changes aim to strengthen cybersecurity measures protecting electronically protected health information (ePHI) in response to the escalating frequency and sophistication of cyberattacks targeting the healthcare sector.

Audit Machine Awareness Continuum GRC

FedRAMP and Encryption

Mar 27, 2025 Continuum GRC 0 Comment

A critical component of the FedRAMP framework is its adherence to cryptographic standards, specifically the Federal Information Processing Standard (FIPS) 140-3. Data privacy is essential to compliance, and the National Institute of Standards and Technology has clearly defined the requirements for just how a FedRAMP-compliance organization encrypts its data.

This article will cover those requirements and how to approach them in your organization.