FedRAMP – What is It and Who Needs to Know?

by Andrea VanSeveren | Feb 26, 2021 | FedRamp

Reading Time: 2 minutes FedRAMP is hot, and we’re seeing a big ramp-up in client inquiries about it. Just 214 Authorizations to Operate (ATOs) have been granted under the FedRAMP program since its inception in 2011. But 61 ATOs were granted or “in process”...

September 3, 2018: NYDFS 500 “Covered Entities” Compliance Deadline

by John Verry | Aug 16, 2018 | InfoSec Strategies

Reading Time: 2 minutes Entities registered with New York State’s Department of Financial Services (NYDFS) are subject to compliance with the 23 NYCRR 500 (aka “Part 500” or “NYDFS 500”) cybersecurity regulation, and a new deadline is fast approaching....

California’s New Privacy Law Means US Firms Can’t Delay Privacy Initiatives Any Longer (Part 2)

by John Verry | Aug 7, 2018 | Government

Reading Time: 2 minutes If you missed it, start with Part 1 of this post here: California Consumer Privacy Act of 2018: What Could It Mean for Your Business? (Part 1) The most significant privacy regulation enacted to date, the EU’s GDPR, still feels “over...

Not Ready for NYDFS 500? There is No Good Option but Compliance.

by Jeremy Sporn | Mar 16, 2018 | ISMS Consulting

Reading Time: < 1 minute“Covered Entities” that have not yet submitted a certification of compliance for the New York Department of Financial Services’ NYDFS 500 Cybersecurity Regulation (also known as 23 NYCRR 500) received a none-too-gentle “reminder” earlier...

Compliance vs. Security – Are You Secure AND Compliant, or Just Compliant?

by Jeremy Sporn | Dec 13, 2017 | InfoSec Strategies

Reading Time: 3 minutes We see plenty of organizations that are compliant—but not secure. Yet rarely, if ever, do we find an organization to be secure but not in compliance. Cybersecurity regulators care about compliance, but hackers are opportunistic and...