PCI Requirement 8: Identify and Authenticate Access to System Components

by Randy Bartels / May 31, 2023

What is PCI-DSS Requirement 8? PCI Requirement 8 focuses on two actions: identify and authenticate. These actions are critical to protecting your systems. When the PCI DSS describes system components in its requirements, it’s referring to internal and external networks, servers, and applications that are connected to cardholder data. This could be anything from firewalls to switches to databases. PCI Requirement 8 states, “Identify and authenticate access to system components.”…

Vendor Compliance Management: Carve-Out vs Inclusive Method

by Joseph Kirkpatrick / July 12, 2023

Vendor Compliance Management As you’re preparing your service organization for a SOC 1 audit, you want to identify who your third parties or vendors are, what services they provide to you, and whether they’ve gone through audits themselves. Any control that governs the vendors you utilize will be reviewed in a SOC 1 engagement. Your vendors might include a data center, an application service provider, a managed IT provider, or…

HITRUST Update: What’s New in HITRUST CSF v9

by Sarah Harvey / December 19, 2022

HITRUST released the HITRUST CSF v9 as more and more organizations look to the CSF as a way to ensure security and compliance with relevant laws. This new release displays HITRUST’s continuing “evolution of the HITRUST CSF in providing organizations with a comprehensive, common approach to managing information privacy and security risks, including cyber.” In an effort to ease the burden of overwhelming compliance demands with all of the requirements…

KRACK Security Flaw: What We Need to Know

by Sarah Harvey / December 19, 2022

Last month, researchers discovered a new weakness found in the WPA2 protocol (Wi-Fi Protected Access 2), the security method which protects all modern Wi-Fi networks, known as the KRACK security flaw. Although there is no evidence at this time that the KRACK vulnerability was maliciously exploited, this still raises many concerns for both personal and enterprise wireless devices. What is the KRACK Security Flaw? The KRACK security flaw, which stands…

Why an Information Security Program Is Important

by Sarah Harvey / June 15, 2023

Regardless of the size of your business or the industry you’re in, an information security program is a critical component of any organization. A good information security program consists of a comprehensive set of information security policies and procedures, which is the cornerstone to any security initiative in your organization. Whether you’re responsible for protected health information (PHI), personally identifiable information (PII), or any other proprietary information, having a fully…