Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Businesses that work with the US Department of Defense (DoD) and collect, process, transmit, or store controlled unclassified information (CUI) must comply with Defense Federal Acquisition Regulation Supplement (DFARS) standards. The DoD has responded to the growing threat of cyber incidents, including cyberattacks from cybercriminals and nation-states, by prioritizing cybersecurity best practices and insisting they are implemented throughout the DoD supply chain.

The zero-day vulnerability in Progress Software's MOVEit Transfer product is being exploited by the Clop ransomware gang and other copycat cybercriminal groups to expedite the theft of sensitive data from customer databases. To protect your organization from compromise, follow the recommended response actions in this blog. Learn how UpGuard streamlines Vendor Risk Management >

Often regarded as the Californian version of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) aims to protect the personal information rights of Californian-based employees, contractors, customers, and vendors. The inclusion of third-party vendors means your Vendor Risk Management program needs to be updated to include CCPA compliance tracking, not only during due diligence but through the entire vendor security posture management process.

‍The Cybersecurity Maturity Model Certification (CMMC) is a cyber program and security framework used by the US Department of Defense (DoD) to measure firms’ cybersecurity maturity. All DoD contractors working with the federal government must comply with this program by 2025. CMMC compliance demands that DOD contractors pass an external CMMC assessment carried out by an approved CMMC Third Party Assessment Organization (C3PAO) for all but the lowest level of CMMC certification.

A third-party data breach refers to a data breach that has occurred through a third-party company. In a third-party data breach, the vendor or supplier’s system has been compromised and used to steal data that belongs to you. A third party can be defined as an organization with which your organization has entered into a business relationship to provide goods, access, or services for your use.

After completing an ISO 27001 audit, there may be some critical responses you must undertake based on the recommendation in your audit report. This step-by-step guide will ensure you don’t miss any of the outstanding follow-up tasks that need to be addressed after the audit process is over. Learn how UpGuard simplifies Vendor Risk Management >

This NIST CSF questionnaire template will help you understand the degree of each vendor’s alignment with the high-level function of the NIST CSF framework - Identity, Protect, Detect, Respond, and Recover. Though this assessment only offers a superficial understanding of compliance, it’s sufficient for getting a sense of a prospective vendor’s security posture, especially when coupled with an external attack surface scanning solution.

The cause of most data breaches can be mapped to limited attack surface visibility. Inverting this statement reveals a tactic for reducing your data breach risks - increase attack surface visibility. Cyber Threat Exposure Management presents an advanced security risk management approach by prioritizing attack surface visibility. To learn how to adopt a CTEM mindset and reduce your data breach risks, read on.

So, now what? On the other side of this considerable investment of time and money, it helps to have a structured, checklist-style post guiding you through the post-SOC 2 audit process. This article addresses all of the due diligence requirements after receiving a SOC 2 audit, and clarifies some of the common misunderstandings cybersecurity teams have when it comes to SOC 2 reports.