Compliance

Federal Risk and Authorization Management Program (FedRAMP)
Compliance

Federal Risk and Authorization Management Program (FedRAMP)

What is Federal Risk and Authorization Management Program (FedRAMP)? The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRamp Governance The governing bodies of FedRAMP include: The Office of Management and Budget (OMB): The governing body that issued the FedRAMP policy memo which defines the key requirements and capabilities of the program.The Joint Authorization Board (JAB): The primary governance and decision-making body for FedRAMP comprises the chief information officers (CIOs) from the Department of Homeland Security (DHS), General Services Administration (GSA), and Department of Defense (D...
Sarbanes-Oxley Act (SOX)
Compliance

Sarbanes-Oxley Act (SOX)

What is Sarbanes-Oxley Act (SOX)? The Sarbanes-Oxley Act (SOX) is a federal act passed in 2002 with bipartisan congressional support to improve auditing and public disclosure in response to several accounting scandals in the early-2000s. The act was named after the bill sponsors, Senator Paul Sarbanes and Representative Michael Oxley, and is also commonly referred to as SOX. What is the History behind SOX? In the early-2000s, accounting scandals at major firms shook financial markets, calling on Congress to increase investor protection. Enron was one of the major firms embroiled in such accounting scandals, as the firm’s stock price dropped from $90.75 at its peak in the fall of 2000 to $0.26 by the time it filed for bankruptcy in 2002. The drastic drop i...
Health Insurance Portability and Accountability Act (HIPAA)
Compliance

Health Insurance Portability and Accountability Act (HIPAA)

What is the Health Insurance Portability and Accountability Act (HIPAA)? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule. What are the 5 titles of HIPPA? HIPAA five sections, or titles: Title I: HIPAA Health Insurance Reform. Title I protects health insurance coverage for individuals who lose or change jobs. It also prohibits group health plans from denying cove...
National Institute of Standards and Technology (NIST)
Compliance

National Institute of Standards and Technology (NIST)

What is the National Institute of Standards and Technology (NIST)? The National Institute of Standards and Technology is a non-regulatory government agency that develops technology, metrics, and standards to drive innovation and economic competitiveness at U.S.-based organizations in the science and technology industry. As part of this effort, NIST produces standards and guidelines to help federal agencies meet the requirements of the Federal Information Security Management Act (FISMA). NIST also assists those agencies in protecting their information and information systems through cost-effective programs. NIST 800 Series Compliance The 800 series is the set of NIST documents that are relevant to the computer security community. Over 200 NIST Special Publication (SP) 800 se...
Payment Card Industry Data Security Standard (PCI DSS)
Compliance

Payment Card Industry Data Security Standard (PCI DSS)

What is the Payment Card Industry Data Security Standard (PCI DSS)? The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards formed in 2004 by Visa, MasterCard, Discover Financial Services, JCB International, and American Express. Governed by the Payment Card Industry Security Standards Council (PCI SSC), the compliance scheme aims to secure credit and debit card transactions against data theft and fraud. While the PCI SSC has no legal authority to compel compliance, it is a requirement for any business that processes credit or debit card transactions. PCI certification is also considered the best way to safeguard sensitive data and information, thereby helping businesses build long-lasting and trusting relationships with their customers. What a...
General Data Protection Regulation (GDPR)
Compliance

General Data Protection Regulation (GDPR)

What Is the General Data Protection Regulation (GDP)? The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). In the European Union (EU), privacy and data protection are fundamental human rights enforced through law. The GDPR supersedes existing national data protection laws across the EU, bringing uniformity by introducing just one main data protection law for organizations to comply with. Significant and wide-reaching in scope, the Regulation brings a 21st-century approach to data protection. It expands the rights of EU residents to have more control over how their personal data is collected and processed and places a range of new obl...