BLOG Latest Blogs September 6, 2024What is the CMMC Assessment Process (CAP) Handbook and Why Should DIB Orgs Care?Last Updated on September 6, 2024 Organizations in the US defense industrial base (DIB) that handle controlled unclassified information (CUI) Learn More Search our Blogs Choose 1 or more topics below to expand your search: AI Application Security | Category - Pivot Point Security Business Continuity Management CCPA CISO Cloud Security | Category - Pivot Point Security Compliance | Category - Pivot Point Security Cybersecurity | Category - Pivot Point Security Cybersecurity Maturity Model Certification (CMMC) Data Privacy Devops Disaster Recovery Ethical Hacking FedRamp GDPR | Category - Pivot Point Security Government | Category - Pivot Point Security Information Security Industry Trends InfoSec Risk Assessment InfoSec Strategies | Category - Pivot Point Security IoT Security | Category - Pivot Point Security ISMS Consulting ISO 22301 ISO 27001 Certification | Category - Pivot Point Security ISO 27701 | Category - Pivot Point Security ISO 42001 Network Security NIST | Category - Pivot Point Security Penetration Testing Phishing | Category - Pivot Point Security Popup Testing Privacy Security Awareness Training | Category - Pivot Point Security SIEM | Category - Pivot Point Security SOC 2 | Category - Pivot Point Security Social Engineering Third Party Risk Management Uncategorized vCISO Vendor Due Diligence August 30, 2024ISO 27001 vs NIST 800-53: All You Need to KnowContinue Reading August 30, 2024ISO 27001 vs NIST Cybersecurity Framework: What’s the Difference?Continue Reading August 20, 2024The Primary Importance of CUI Scoping for CMMC CertificationContinue Reading August 20, 2024Know the Difference between ISO 27001 vs 27002 vs 27003Continue Reading August 13, 2024What is Content Disarm and Reconstruction and Why Should I (as a Recipient of Digital Documents) Care?Continue Reading August 6, 2024The Role of Leadership in ISO 27001 ComplianceContinue Reading August 6, 2024Why File-Based Malware Dominates CyberattacksContinue Reading July 26, 2024Data Detection and Response for Privacy and ComplianceContinue Reading July 18, 2024DIB SMBs Rate Their Cybersecurity as Much Better than It Actually Is – Why?Continue Reading July 15, 2024Top 5 Insights from Radicl’s DIB Cybersecurity Maturity Report 2024Continue Reading July 12, 2024How Should Crisis Management Connect with Incident Response?Continue Reading July 4, 2024CMMC Certification vs. CMMC Compliance: Which One Do You Need?Continue Reading July 4, 2024CMMC Certification: How Long Does It Take to Get Certified?Continue Reading June 27, 2024What Privacy Roles Does My Business Need?Continue Reading June 25, 2024What is a Secure Web Gateway and How Does It Support Zero Trust?Continue Reading June 21, 202418 US States Have Now Passed Privacy Laws – Time to Start Building TrustContinue Reading June 19, 202410 Most Important Steps to Build a Data Privacy ProgramContinue Reading June 13, 2024What are SaaS Providers Doing with Your Data?Continue Reading June 7, 2024The Problem with Zero Trust Network Access is Trusting the Service ProviderContinue Reading May 31, 2024Considering ISO 42001? Here are 5 Recommended Guidance SourcesContinue Reading May 24, 2024Top Ransomware Defenses You Probably Don’t Have in PlaceContinue Reading May 22, 2024What is Ransomware and How Has It Morphed in the Last Decade?Continue Reading May 14, 2024What is ISO 42001 and Why Should We (as an Org that Develops and/or Uses AI) Care?Continue Reading May 9, 2024The Crucial Role of Cybersecurity in IPO PreparationContinue Reading April 29, 2024ISO 42001: What are the Key Elements of an AI Management System?Continue Reading April 26, 2024ISO 42001, ISO 27001 and ISO 27701: Is This the New “Big 3” for Provably Secure and Compliant AI?Continue Reading April 17, 2024How Much Does ISO 27001 Certification Cost in 2024?Continue Reading April 17, 2024What is Distributed Ledger Technology (DLT) and How Can It Simplify Privacy Compliance?Continue Reading April 12, 2024Virtual CISOs and Community Banks—Perfect TogetherContinue Reading April 10, 2024What is Hedera Hashgraph and How Does It Solve Blockchain Privacy Issues?Continue Reading March 20, 2024Data Privacy Compliance in Higher Ed: Now is the TimeContinue Reading March 15, 2024What is a TISAX Simplified Group Assessment and Who Can Use It?Continue Reading March 14, 2024CMMC Proposed Rule Changes: What’s Changing and How to PrepareContinue Reading March 7, 2024What is Kubescape and Why Should We (as Cloud-Native Developers) Care?Continue Reading March 5, 2024Container and Kubernetes Security: A Nontechnical IntroductionContinue Reading March 1, 2024What is a Container and Why are They So Popular with Developers?Continue Reading February 27, 2024What is the New Jersey Data Privacy Law, and How Can We Streamline Compliance?Continue Reading February 23, 2024The EU AI Act: 9 Top Questions AnsweredContinue Reading February 22, 2024SOC 2 Reports – Which Trust Services Criteria Do You Need?Continue Reading February 21, 20246 Key Takeaways from the 2023 SOC Benchmark StudyContinue Reading February 16, 2024CMMC Proposed Rule: New Guidance on CMMC Level 3Continue Reading February 14, 2024The New CMMC Proposed Rule—Answers to Your Top 9 QuestionsContinue Reading February 9, 2024ISO 27001 Accreditation: Why It Matters for Cloud Service ProvidersContinue Reading February 6, 2024How to Measure the Value of Information SecurityContinue Reading February 1, 20242 Principles to Revolutionize Security Awareness TrainingContinue Reading January 26, 2024What is Cyversity and How Can It Improve Diversity on My Cybersecurity Team?Continue Reading January 22, 2024What is the Digital Operational Resilience Act (DORA) and How Will It Impact My Business?Continue Reading January 22, 2024Empowering Diversity in the Cybersecurity IndustryContinue Reading January 6, 2024ISO 27001 and Data Protection: The Crucial LinkContinue Reading January 4, 2024What are the 5 Key DevOps Research & Assessment (DORA) Metrics and Why Should I Care?Continue Reading January 3, 2024Cyber Essentials Plus: What is It and How Can It Help My Business?Continue Reading January 2, 2024Understanding the ISO 27001:2022 UpdateContinue Reading January 2, 2024Getting Certified to ISO 27001:2022? Your Transition Plan is Critical for the External Audit.Continue Reading January 2, 2024Here’s How to Make Sure Your Security Awareness Training is WorkingContinue Reading December 27, 2023CMMC Gets Posted to the Federal RegistryContinue Reading November 22, 2023Human-Level AI: What Can It Do, What Are the Risks, and When Will It Be Here?Continue Reading December 12, 2023ISO 27001 Security Policies: What They Are and Why They’re ImportantContinue Reading November 15, 2023The EU’s NIS2 Directive: Here’s What You Need to KnowContinue Reading December 6, 2023Top 10 Benefits of ISO 27001 Compliance for StartupsContinue Reading December 6, 2023NIST AI Risk Management Framework: What You Should Know and Why You Should CareContinue Reading November 22, 2023“Failure is Not an Option”—What Does That Mean for Recovery Planning?Continue Reading November 22, 2023Understanding the Basics: What is ISO 27001?Continue Reading November 2, 2023Understanding and Applying Risk Management Strategies for CMMC CertificationContinue Reading November 2, 20235 Common Mistakes When Pursuing ISO 27001 CertificationContinue Reading November 2, 2023How to Demonstrate Compliance with CMMC: An OverviewContinue Reading November 2, 2023The Difference between ISO 27001 and Other CertificationsContinue Reading October 18, 20233 Essential Tips for Maintaining CMMC ComplianceContinue Reading October 18, 20233 Questions to Consider before Pursuing ISO 27001 CertificationContinue Reading September 5, 2023The Importance of Maintaining an Up-to-Date ISO 27001 CertificationContinue Reading September 5, 2023How to Get CMMC Certified: 7 Steps to Take Before ApplyingContinue Reading September 1, 2023What is CMMC Certification and What Does it Mean for Your Business?Continue Reading August 31, 2023CMMC Rulemaking Update and TimelineContinue Reading August 29, 2023What is ISO 27001 Certification and Why Does It Matter?Continue Reading August 9, 2023Leaking Meta’s LLaMA AI – the Good, the Bad, and the Very BadContinue Reading August 9, 2023Public and/or Shared AI Models Cannot be Trusted Until an AI Bill of Materials Become the NormContinue Reading June 23, 2023Time and Cost Factors to Attain a FedRAMP ATOContinue Reading June 23, 2023FedRAMP ATO: 3 Tips to Minimize Cost, Complexity, and Time to TargetContinue Reading June 23, 2023Big Pros and Cons of an “Agency” Versus “JAB” Approach to a FedRAMP ATOContinue Reading June 23, 2023Getting Ready for Your FedRAMP Third-Party AssessmentContinue Reading June 23, 2023FedRAMP Requirements Can Change Your Solution ArchitectureContinue Reading June 23, 2023To FedRAMP or Not to FedRAMP: That is the (First) QuestionContinue Reading June 23, 2023Intro to FedRAMPContinue Reading June 23, 2023A FedRAMP ATO – The Good, The Bad, and the UglyContinue Reading June 6, 2023What is a Microservice Architecture and How Do I Secure It?Continue Reading June 6, 2023Security and Development Must Work Closely to Secure MicroservicesContinue Reading June 6, 2023How Do Microservices Change Software Security?Continue Reading June 6, 2023Microservices and APIs—How Do They Connect?Continue Reading June 6, 2023What is a Microservice Architecture?Continue Reading May 29, 2023How Poor Cyber Asset Management Enabled the Equifax BreachContinue Reading May 29, 20234 Ways a Strong Cyber Asset Management Program Can Help Block Ransomware AttacksContinue Reading May 29, 2023Active Asset Scanning in OT EnvironmentsContinue Reading May 29, 2023Why Vulnerability Management Tools Fall Short for Cyber Asset DiscoveryContinue Reading May 29, 20232 Biggest Challenges with Cyber Asset Management – PivotContinue Reading May 24, 2023How ISO 27001:2022 Attributes Might Impact Your Certification Audit (and Improve Your Security)Continue Reading May 24, 2023ISO 27001:2022—What is the Level of Transition Effort?Continue Reading May 24, 2023ISO 27001:2022—When Should My Org Make the Transition?Continue Reading May 24, 2023ISO 27001:2022—Insights into What’s NewContinue Reading May 12, 2023RSA Conference 2023 Takeaway—“Shifting Security Left” is Now in Full SwingContinue Reading May 12, 2023RSA Conference 2023 Takeaway—Privacy Will Drive Data GovernanceContinue Reading May 12, 2023RSA Conference 2023 Takeaway—AI is Coming But It’s Not Here YetContinue Reading May 12, 2023RSA Conference 2023 Takeaway—More Than Ever, a Product-Centric Security Strategy is DangerousContinue Reading May 9, 2023How Long Before Software Bill of Materials (SBOM) Moves from Buzzword to ExpectationContinue Reading May 9, 2023A Software Bill of Materials (SBOM) Benefits Both Vendors and UsersContinue Reading May 9, 2023What is an SBOM and Why Are My Customers Suddenly Asking for One?Continue Reading April 28, 2023When You’re Doing Cyber Asset Management… What’s An Asset?Continue Reading April 28, 2023If your asset management sucks, your security sucksContinue Reading April 17, 2023Beware the Latest Funds Transfer Fraud —Deepfake Voice CloningContinue Reading April 6, 2023Should We Implement DevSecOps? You May Not Have a Choice.Continue Reading April 5, 2023DevSecOps: Recommended Guidance and Standards to Help Get You StartedContinue Reading April 4, 2023Shifting DevSecOps LeftContinue Reading April 3, 2023DevSecOps Depends on Understanding Application-Specific RiskContinue Reading March 31, 2023Getting Started with DevSecOpsContinue Reading March 30, 2023DevSecOps DefinedContinue Reading March 29, 20234 Tactical Steps to Implementing DevSecOps in 2023Continue Reading March 27, 20237 Reasons Why You Should Get CMMC Certified Ahead of the May 2023 RulemakingContinue Reading March 24, 2023Pros and Cons to a “Hybrid Approach” to Microsoft 365 Commercial and GCC/GCC HighContinue Reading March 23, 2023Why is Microsoft 365 GCC High “So Expensive”?Continue Reading March 21, 2023The “Feature Factor” in Moving to Microsoft 365 GCC or GCC HighContinue Reading March 18, 2023How Long Does a Microsoft 365 “Government Cloud” Migration Take?Continue Reading March 17, 20233 Top Considerations for Migrating to a Microsoft 365 “Government Cloud”Continue Reading March 16, 2023Should My Org Be on a Microsoft 365 “Government Cloud”?Continue Reading March 15, 2023Should we be in Microsoft 365 GCC, GCC High, or Commercial?Continue Reading March 7, 2023Will Implementing the New ISO 27001:2022 Control Set Improve Your ISMS?Continue Reading March 8, 20232 “Gotchas” to Avoid on Move to ISO 27001:2022 – PivotContinue Reading March 6, 20233 Things Your ISO 27001:2022 Auditor Would Love to See in Your ISMSContinue Reading March 5, 2023Benefits of Moving to ISO 27001:2022 ASAPContinue Reading March 4, 2023ISO 27001:2022—How Does It Impact Related Standards?Continue Reading March 3, 2023We’re Working Towards Certification to ISO 27001:2013—How Does ISO 27001:2022 Impact Us?Continue Reading March 2, 2023When Will Auditors Be Ready to Certify ISO 27001:2022 Compliance?Continue Reading March 1, 2023When Should You Move to ISO 27001:2022?Continue Reading February 20, 2023Need to Align Your Web App Security Program with NIST’s SSDF or ISO 27001? OWASP SAMM Can Help.Continue Reading February 19, 2023Don’t Dump Application Security on Your DevelopersContinue Reading February 18, 2023Web Application Security—How Mature Are Most Orgs Today?Continue Reading February 17, 2023How (Not) Good is Your Web App Security? OWASP SAMM Can Tell You.Continue Reading February 16, 2023Getting to “Secure by Design” with OWASP SAMMContinue Reading February 15, 2023What is OWASP SAMM and How Can It Elevate Your Application Security?Continue Reading February 10, 2023The TISAX Audit Process: Here’s What to ExpectContinue Reading February 9, 2023TISAX and ISO 27001: How Do They Relate?Continue Reading February 8, 2023TISAX Assessment Objectives, Levels, and LabelsContinue Reading February 7, 2023What is TISAX and Why Should We (as an Auto Industry Supplier) Care?Continue Reading February 6, 2023Understanding TISAX (Trusted Information Security Assessment Exchange)Continue Reading February 3, 2023Emerging Use Cases for Cyber Threat IntelligenceContinue Reading February 3, 2023How Does Cyber Threat Intelligence Relate to Attack Surface Management or Digital Risk Management?Continue Reading February 2, 2023Still Think Your Org Has Nothing Hackers Want?Continue Reading February 2, 2023Cybercrime Business Models and Supply ChainsContinue Reading February 1, 2023How Financially Motivated Cybercriminals Really Operate, and Why You (as an Org with Exploitable Assets) Should CareContinue Reading February 1, 2023Understanding How Cybercriminals Operate Can Protect Your BusinessContinue Reading January 26, 2023What’s New and Exciting with AWS Security?Continue Reading January 25, 2023Public Cloud Consumers: Is Your Management Plane Secure?Continue Reading January 25, 2023What are the Most Important AWS Security Tools that Every Org Should Use?Continue Reading January 25, 2023Why Do So Many Orgs Stumble on Cloud Security?Continue Reading January 25, 2023Different Public Cloud Services Equal Different Shared Security Responsibilities with Your CSPContinue Reading January 25, 20232 Top Security Problems AWS Users Cause – Pivot PointContinue Reading January 25, 2023AWS Cybersecurity Best Practices—From Amazon’s Security Solutions ArchitectContinue Reading January 23, 2023Cyber Insurance Considerations for DIB OrgsContinue Reading January 23, 2023Export Controlled Data: What is It and Why Should We (as a US Government Contractor) Care?Continue Reading January 23, 2023DIB Orgs: Here’s How to Avoid False Claims Act SanctionContinue Reading January 23, 2023Should You Voluntarily Disclose a CUI Incident or Data Breach?Continue Reading January 23, 2023CUI Basic and CUI Specified—What’s the DifferenceContinue Reading January 23, 2023Understanding the Legalities around Controlled Unclassified Information (CUI)Continue Reading January 18, 2023Security Staffing Moves for a Down EconomyContinue Reading January 18, 2023Want to Work Smarter Not Harder in a Down Economy? Embrace Security Automation.Continue Reading January 18, 2023In a Down Economy, Ensure You’re Getting the Max from Security InvestmentsContinue Reading January 18, 2023Why You Should Keep Making Needed Security Investments in a Down EconomyContinue Reading January 18, 2023Why Aligning Cybersecurity with Trusted Frameworks is More Important than Ever in a Down EconomyContinue Reading January 17, 2023A Cybersecurity Strategy is More Critical Than Ever in a Slow EconomyContinue Reading January 17, 2023John Verry’s Top 10 Ideas to Advance Security and Compliance Even in a Tight EconomyContinue Reading April 13, 2024CMMC Rulemaking Changes Again—What’s the Timeline Now?Continue Reading January 5, 2023Leveraging OOTB “Policy as Code” for Cloud Security Posture ManagementContinue Reading January 5, 2023Addressing False Positives and Alert Fatigue across Enterprise Security ToolsContinue Reading January 5, 2023Your Cloud Security Posture Needs Both Preventive and Detective/Corrective ComponentsContinue Reading January 4, 2023Governance as Code—Is It the Answer to Cloud-Native Security?Continue Reading January 4, 2023Security, Compliance and Governance in the Cloud—How Do They Relate?Continue Reading January 4, 2023Dynamic Relationships between Governance, Security, and ComplianceContinue Reading December 28, 2022Is Your Board Prepared for the SEC’s New Cybersecurity Regulations?Continue Reading December 20, 2022Is Attack Surface Management Right for SMBs?Continue Reading December 20, 2022Factoring Third-Party Risk into Attack Surface ManagementContinue Reading December 19, 2022How Much of Your Attack Surface is Beyond Your Visibility?Continue Reading December 19, 2022Is It Still a Data Breach if the Data was Outside Your Infrastructure?Continue Reading December 19, 2022How Do Assets Relate to Attack Surface Management?Continue Reading December 15, 2022What is Digital Business Risk Management and Why is It So Valuable to Security Leaders?Continue Reading December 15, 2022Is Digital Business Risk Management the Future of Attack Surface Management?Continue Reading November 23, 2022Monitoring Security of Your Deployed Public Cloud ApplicationContinue Reading November 22, 2022Validating Security Within Your DevOps PipelineContinue Reading November 10, 2022Time’s (Almost) Up for California Privacy ComplianceContinue Reading November 21, 2022Skills to Look for in Developers to Move Your Applications to the CloudContinue Reading November 18, 2022Should We Containerize Our Cloud-Based Application?Continue Reading November 17, 2022Should You Outsource Managing Your App Along with Building It?Continue Reading November 16, 2022Are There Any Simple Templates to Help Manage a Secure Web App in the Public Cloud?Continue Reading November 15, 2022The Complexities of Deploying a Secure Application in the CloudContinue Reading November 14, 2022What are a New Privacy Lead’s Biggest Challenges? (From a Fortune 500 CPO)Continue Reading November 11, 2022Tips from a Fortune 500 CPO on Automating Your Privacy ProgramContinue Reading November 10, 2022Tackling the Legal Side of Privacy without Becoming a LawyerContinue Reading November 9, 2022How Does Physical Security Tie into Privacy?Continue Reading November 7, 2022The New Intersection of Privacy and Security (from a Fortune 500 CPO)Continue Reading November 7, 2022The Intersection of Privacy & SecurityContinue Reading October 26, 2022What Will It Take to Survive a Third-Party CMMC Level 2 Assessment?Continue Reading October 26, 2022DIB Orgs: Here’s What’s Up with CMMC “Flowdown” and New Pressures from PrimesContinue Reading October 25, 2022We Don’t Think We Need CMMC Level 2 but the Government Says We Do…Continue Reading October 25, 2022Should We Pursue a Voluntary CMMC Assessment?Continue Reading October 24, 2022Is There a Path for Non-US Companies to be CMMC Certified?Continue Reading October 24, 2022ISO 27001 Certified Orgs—Here’s the Latest on CMMC ReciprocityContinue Reading October 24, 2022House Approves Updated FedRAMP Authorization ActContinue Reading October 21, 2022Can SMBs Afford CMMC Level 2 Certification?Continue Reading October 21, 2022When Do We Need to Be CMMC 2.0 Certified?Continue Reading October 20, 2022DIB Orgs: Here are Answers to Your Top CMMC Encryption and MFA QuestionsContinue Reading April 20, 2024Does My DIB Org Need a SIEM for CMMC ComplianceContinue Reading October 19, 2022Your Top CMMC Questions AnsweredContinue Reading October 14, 2022SME InfoSec Leads: Here’s How to Kickstart a Privacy ProgramContinue Reading October 17, 2022How Automation Can Help Operationalize a Privacy ProgramContinue Reading October 13, 2022How Automation Can Help with Data Privacy Impact AssessmentContinue Reading October 12, 2022SMEs: Do You Know Where All Your Customers’ Personal Data Resides?Continue Reading October 11, 2022SMEs: Are Your Customers Pushing You Towards a Privacy Program?Continue Reading October 10, 2022