• Staying current with HITRUST advisory changes

    Zach Shales, Senior Director, Cloud Infrastructure, Coalfire

    As a result of an ever-evolving threat landscape, compliance requirements are proliferating at an unprecedented rate. It can be overwhelming to keep up with the staggering number of new and updated regulations, compliance frameworks, and standards. HITRUST®, founded in 2007, recognized this challenge and created the HITRUST CSF® to aggregate disparate authoritative sources into a single and certifiable framework. Read more
  • The business case to expand ISO 27001 certification with privacy controls

    Will Dunphy, Senior Manager, Privacy and International Assurance, Coalfire

    Third-party inspections of organizational privacy risk remain a novel trend. Only five years ago, the most basic of common controls frameworks for this risk taxonomy did not even exist. Today, privacy has captured the collective global consciousness. Every segment, from regulators and industry watchdog groups to business customers and consumers, now asks questions on behalf of their processors about how are you not only handling, but using my personal data to provide your service? Read more
  • Rumors of an upcoming, major change to ISO 27002

    Amy Shepard, Senior Manager of Privacy and International Assurance, Coalfire

    Of the thousands of international standards published by the International Organization for Standardization (ISO), some of the most popular ISO standards are management system standards, such as the well-known ISO 9001 standard for quality management and ISO 27001 for information security management.

    Read more
  • DoD Cloud Computing Impact Level 6 – the unclassified edition

    Max Post, Senior Manager, FedRAMP Advisory

    The final Impact Level (IL) referenced in the Department of Defense (DoD) Cloud Computing (CC) Security Requirements Guide (SRG) is IL6. IL6 allows Cloud Service Providers (CSPs) to store information up to SECRET or below. CSPs can utilize their own infrastructure or deploy their cloud service offering (CSO) in an equivalent IL6-authorized cloud service. All physical locations used to host IL6 data must provide dedicated cloud infrastructure which processes classified information and therefore cannot be considered a “commercial” provider of cloud services. Read more

Recent Posts

Post Topics