The Federal Information Security Act, or FISMA, is a comprehensive cybersecurity law that has a widespread impact on federal agencies, state agencies handling federal programs and contractors and service providers working with these agencies. As such, its effect is wide-ranging, and FISMA requirements often overlap or inform other, more specific compliance frameworks.

However, at its core, FISMA dictates some of the basic and most fundamental cybersecurity practices that governed organizations must adhere to. Learn more about what it means to meet FISMA compliance. 

Read More

In November 2020, California voters approved Proposition 24, including the California Privacy Rights Act, or CPRA. This law amends and expands regulations under the original California Consumer Privacy Act (CCPA). 

One question that affected businesses asks is, “how can I prepare for CPRA compliance?” With the law taking effect on January 1, 2022, the clock is ticking, and many organizations are looking for ways to complete final compliance preparations. 

Here, we will talk about some of the basic steps for CRPA compliance. 

Read More

In cybersecurity and compliance, terms like “framework” and “regulations” are often used interchangeably. As such, non-specialists might struggle to understand how different guidelines and regulatory bodies fit together to support cybersecurity. For example, the National Institute for Standards and Technology (NIST) provides several documents outlining guidelines and compliance requirements. However, in terms of larger frameworks, it provides two major examples: the Risk Management Framework (RMF) and the Cybersecurity Framework (CSF).

This article will cover the latter of these two, how they fit into government-sponsored cybersecurity concerns and what that means for your organization. 

Read More