Using NIST 800-53 vs NIST 800-171 in a FISMA Audit

Using NIST 800-53 vs. NIST 800-171 in a FISMA Audit

When any organization engages in a FISMA audit, their information systems are organized according to FIPS 199 and FIPS 200 to determine security categories and impact levels. Then, those systems are tested against a tailored set of baseline security controls. Depending on whether an organization is a federal agency or a private sector entity, different […]

FISMA vs FedRAMP

FISMA vs. FedRAMP

FISMA and FedRAMP audits are often confused because both involve compliance around government data. But, when you dive into the details of each audit, you’ll recognize the differences are stark. Let’s talk through each of these compliance audits and how you can tell them apart from one another. What is FISMA? The Federal Information Security […]

Learning from Twitter's Privacy Mistakes

Learning from Twitter’s Privacy Mistakes

Because of the ever-changing landscape of privacy laws, standards, and guidelines, it has become difficult for businesses to know what their obligations are, and even harder to determine what could constitute non-compliance. Fortunately, Twitter’s mistakes now provide us with an example of what a violation looks like. Twitter has been in the spotlight for a […]

What's Going On With the EU US Privacy Shield Agreement

What’s Going On With the EU-US Privacy Shield Agreement?

The Latest With Privacy Shield On July 16, the Court of Justice for the European Union made a landmark decision to invalidate the EU-US Privacy Shield arrangement for international data transfers. Prior to this announcement, Privacy Shield was one of several mechanisms for meeting GDPR data protection requirements for data leaving the EU for the […]

Guide to Industry Accepted Hardening Standards

Guide to Industry-Accepted Hardening Standards

The goal of systems hardening is to further protect your organization by reducing vulnerabilities in your applications, systems, and information technology infrastructure. By doing so, you’re creating less opportunity for malicious attacks and operational malfunctions because you are removing unnecessary programs, applications, and access points that increase the security of your system. Just as removing […]