Compliance with a fast-growing array of privacy regulations like the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation (GDPR) is now a major concern for many companies. …

The Cybersecurity Maturity Model Certification (CMMC) framework breaks up cybersecurity technical controls and best practices into seventeen domains. Each domain contains capabilities, processes and practices that fall within the CMMC’s five maturity levels. …

The Cybersecurity Maturity Model Certification (CMMC) framework categorizes information security best practices and technical controls into 17 domains. Each domain includes various capabilities, processes and practices spanning the CMMC’s five maturity levels. …

Defense Federal Acquisition Regulation Supplement 252.204–7021 (DFARS 7021) is one of three related clauses that the DoD’s new interim rule adds to the DFARS. These new regulations amend DFARS 252.204–7012, which has been used in US Department of Defense (DoD) contracts since 2018. The interim rule, in effect as of…

Defense Federal Acquisition Regulation Supplement 252.204–7020 (DFARS 7020) is one of three interrelated clauses that the DoD’s new interim rule adds to the DFARS. These new clauses modify the original DFARS 252.204–7012 regulation that has appeared in US Department of Defense (DoD) contracts since 2018. The purpose of the interim…

Software-as-a-Service (SaaS) providers need to be alert to a uniquely broad and complex range of information security risks impacting every business area, from their hosted production environments to their application code to their project management tools to their networks to their people. As a SaaS consumer, how can you assess a SaaS firm’s security and the vendor risk they present? What cybersecurity attestations, certificates and/or credentials should you be asking for?

SaaS providers face information security risk from every direction: from their application code to their software development tools to their networks to their employees. One of the areas with the biggest potential for risk to manifest is a data breach or other incident of the hosted product/service that SaaS customers consume. SaaS security expert Ryan Buckley noted on a recent episode of The Virtual CISO Podcast that many SaaS providers have overlooked significant security vulnerabilities in their…

If your business depends on an Internet of Things (IoT) ecosystem to acquire data or deliver services, you already know that the number and complexity of your “things” and their interconnections has a huge impact on your IoT security testing requirements. …

Whether the provider is in a startup mode or a well-established leader, cybersecurity is a challenge in the world of software as a service (SaaS). Companies often presume their SaaS environment is secure because it’s hosted on a robust public cloud platform like AWS or Microsoft Azure. But is that really true? How good is security in the SaaS industry… really? To get an…