An In-Depth Guide to SOC 2 Security Common Criteria

Mar 13, 2024 Continuum GRC 0 Comment

While typically not mandatory outside financial sectors, SOC 2 is a reliable security compliance model that any organization can follow. This can be seen in its security assessments, which include a robust list of “Common Criteria,” or broad areas of focus that any secure organization should follow. The recent revision of these criteria in 2023 serves businesses and their security partners to have a handle on what they are and what they mean for security.

This article will cover the SOC 2 Security Common Criteria in detail and discuss what they mean for your organization and attestation.

What Is NIST 800-172 and Advanced Security Structures

Mar 7, 2024 Continuum GRC 0 Comment

The ongoing rise of state-sponsored Advanced Persistent Threats (APTs) has increased scrutiny of federal and state IT systems security systems. The latest version of CMMC includes a high-maturity level specifically designed to address these threats, which relies primarily on advanced security controls listed in NIST Special Publication 800-172.

What Is the European Cybersecurity Certification Scheme for Cloud Services (EUCS)

Jan 31, 2024 Continuum GRC 0 Comment

The European Cybersecurity Certification Scheme for Cloud Services (EUCS) is an initiative to establish a unified certification process for cloud services across the EU. Cloud services and associated managed services are critical to most government and business functions, and the EU follows the example of other jurisdictions in focusing explicitly on this area of cybersecurity with the EUCS framework.

This article aims to discuss the framework of EUCS and explore the practical implications of this scheme for cloud service providers and their users.