This blog covers key questions around the necessary steps in achieving compliance with the latest Defense Federal Acquisition Regulation Supplement (DFARS) and the National Institute of Standards & Technology (NIST) Special Publication 800-171.
With just a year to go until GDPR takes effect, there are concerns that around half of businesses may not meet the new data protection standards in time. While the majority of IT security professionals are aware of GDPR, a recent poll found just under half are preparing for its arrival.
Following the launch of PCI DSS 3.0 in January, I’ve been faced with questions from many businesses about changes they should implement within the next year to remain or become compliant with the updated mandate.
What do the guidelines of PCI DSS, FDCC, SOX and HIPAA have in common? These mandates, in addition to other commonly implemented regulations, either explicitly demand or at least suggest the use of least privilege security to effectively safeguard data. In terms of compliance, this methodology has a dual benefit – not only does it satisfy auditors, but it will also protect against security breaches that could result in destructive data loss.