Bridging The AutoLiance Gap

Bridging The AutoLiance Gap for PCI, SOX, SOC2, NIST, NERC Compliance

Automation is now the core mantra for all businesses. Getting the maximum utility out of every piece of software and service investment you have made is the natural way of things. With software orchestration frameworks, python, shell scripts and monitoring tools nearly every company now has it within its grasp to increase efficiency to the max. There is a downside here though. In this race to automate everything and anything under the sun, often times compliance teams are left holding [...]

9 Best Blogs on Enterprise Compliance

9 Best Blogs on Enterprise Compliance

In today’s world of total mobility and connectivity, ensuring enterprise compliance with laws and regulations across the boundaries of nations can be a tricky task. But it’s also one that is absolutely necessary to ensure the successful running of a business. Making sure your enterprise is complaint with the laws of a country helps to avoid criminal charges and build a solid reputation. Risk management will be all-together easier and less costly, and mean that the likelihood of that risk [...]

Comply with NIST 800-171 easily by employing PAM

Comply with NIST 800-171 easily by employing PAM

NIST is an organization that helps craft policy for cyber-security and technology. NIST is well known and has released since early 2015 guidelines called 800-171. The NIST 800-171 deals with how to handle "Controlled Unclassified Information (CUI)". This pertains to unclassified information that resides in non-federal systems - like vendors who sell to the federal government. In this article we will talk about how Privileged Access Management (PAM) can help with satisfying criteria for NIST 800-171. it is important [...]

Making FFIEC cybersecurity compliance simpler for Banks

Making FFIEC cybersecurity compliance simpler for Banks

Making FFIEC cybersecurity compliance simpler for Banks. FFIEC stands for the Federal Financial Institutions Examination Council. The Federal Financial Institutions Examination Council (FFIEC) was established on March 10, 1979, pursuant to title X of the Financial Institutions Regulatory and Interest Rate Control Act of 1978 (FIRA), Public Law 95-630. In 1989, title XI of the Financial Institutions Reform, Recovery and Enforcement Act of 1989 (FIRREA) established The Appraisal Subcommittee (ASC) within the Examination Council. Quoting from [1] - The FFIEC [...]

Credit Union Banks and NCUA IT Compliance

Credit Union Banks and NCUA IT Compliance

Credit Union Banks are a lifeline for this country and for many people internationally. There are more than 6000 credit union organizations who service more than 100 million people, out of whom at least 45% are economically active. This means that credit union banks play a very important role in the economy and touch the lives of nearly a quarter of the population of the US, if not more. Given that Credit Unions play a vital role in the economy [...]

Implement Principle of Least Privilege for HIPAA

Hello again! HIPAA, one of the most commonly mentioned compliance regimes (in addition to many others like PCI, SOC I,II , FISMA, FedRamp) is based on some core principles that aim to protect the data your company is transacting back and forth internally or externally. These core principles are tied into an easy to understand construct: The principle of least privilege (POLP). Even though it makes good sense and its easy to say - Duh! of course - we [...]

Making PCI, SOX, HIPAA, and Other Certifications Easier With PAM

Making PCI, SOX, HIPAA, and Other Certifications Easier With PAM

The monitoring and protection of the powerful accounts within your IT environment is essential for the security of your organization and for meeting key certifications such as PCI, SOX, and HIPAA. PAM, or Privileged Account Management, is the process of governing these accounts. The aim of PAM is to protect your business and your customers from powerful accounts that, when held in the wrong hands, could be used to do a lot of damage. Because of the risk levels in involved [...]