GDPR, HIPAA, NIST, SOC2, and other regulatory compliance guides and updates.
The Essential Eight is a set of baseline cybersecurity mitigation strategies from the Australian Cyber Security Centre (ACSC) designed to protect organizations against cyber threats. Updated July 2024 with refined maturity levels.
The Gramm-Leach-Bliley Act requires financial institutions to protect customer information through the Privacy Rule, Safeguards Rule, and Pretexting provisions. Major Safeguards Rule updates effective 2023-2024 mandate enhanced cybersecurity controls.
Sarbanes-Oxley Section 404 requires publicly traded companies to establish, document, and test internal controls over financial reporting, including IT General Controls and application controls supporting financial systems.
The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) will require critical infrastructure entities to report cyber incidents to CISA within 72 hours and ransomware payments within 24 hours, with the final rule now expected May 2026.
CMMC 2.0 requires DoD contractors and subcontractors to achieve verified cybersecurity maturity levels to handle Controlled Unclassified Information (CUI). The final rule took effect December 2024 with phased contract inclusion beginning 2025.
The EU's Digital Operational Resilience Act (DORA) took effect January 17, 2025, imposing ICT risk management, incident reporting, resilience testing, and third-party oversight requirements on financial entities across the EU.
The EU AI Act is the world's first comprehensive AI regulation. This guide covers the risk-based classification system, compliance obligations by AI system category, enforcement timelines, and practical steps for organizations deploying AI in the EU.
The EU Cyber Resilience Act establishes mandatory cybersecurity requirements for products with digital elements sold in the EU, including vulnerability handling, security updates, and SBOM generation.
FedRAMP Rev 5 aligns with NIST SP 800-53 Rev 5 controls and modernizes the federal cloud authorization process. This guide covers the updated control baselines, authorization paths, and the FedRAMP Authorization Act.
Practical guide to implementing NIST's AI Risk Management Framework (AI RMF 1.0) and the Cyber AI Profile (IR 8596), covering the Govern, Map, Measure, and Manage functions for organizations building or deploying AI systems.
With over 20 US states enacting comprehensive consumer privacy laws and no federal privacy legislation, organizations must navigate a patchwork of requirements. This guide covers key provisions, compliance strategies, and the path toward harmonization.
The CIS Critical Security Controls provide a prioritized, actionable framework of 18 controls with 153 safeguards organized into three Implementation Groups. Version 8.1 adds Governance function alignment with NIST CSF 2.0.