What Is In-Transit Cryptography?

Sep 1, 2022 Continuum GRC 0 Comment

Data encryption is a crucial part of cybersecurity. The standard data states (at rest, in transit, and use) all present unique and challenging vulnerabilities that can expose that data to unauthorized parties. No vulnerability is more apparent than having that data stolen and viewed by people who shouldn’t be looking.

That’s where in-transit encryption comes into play. With in-transit encryption, you can meet your compliance requirements and ensure that your data, and the data of your patients and customers, remain confidential.

Protecting PAN According to PCI DSS Rules

Aug 24, 2022 Continuum GRC 0 Comment

It’s crucial that any company handling consumer cardholder information, including card numbers, protect that information from any and every unauthorized user. The PCI Security Standards Council has determined that to promote security and usability, it’s not enough to secure a system perimeter and encrypt data. Instead, companies have to approach data obfuscation through a series of requirements that protect it from theft while allowing the company to utilize it for regular commercial purposes.

Here, we’ll discuss Primary Account Numbers (PAN) and how you must protect them under PCI DSS.

Encryption and NIST FIPS 140 (FIPS 140-2)

Jun 30, 2022 Continuum GRC 0 Comment

In April 2022, NIST stopped accepting applications for validation certificates for the FIPS 140-2 standard of security in lieu of the updated FIPS 140-3. While many companies are still waiting for their FIPS 140-2 certification (if they got their application in before the April deadline), many are now considering adopting the new 140-3 standard.

But, to understand the new standard, it’s important to understand the old. FIPS 140-2 has been the NIST standard for cryptography for almost two decades, and its impact will still be felt for years to come.