Compliance & Regulations

HITRUST CSF provides a certifiable security framework that harmonizes over 60 regulations including HIPAA, NIST, and ISO 27001. The framework offers three assessment types (e1, i1, r2) for organizations handling healthcare and sensitive data.

NIST SP 800-53 provides the comprehensive catalog of security and privacy controls required for federal information systems. Rev 5.2.0 includes 1,007 controls across 20 families and serves as the foundation for FedRAMP, FISMA, and federal contractor compliance.

New York's cybersecurity regulation for financial services requires covered entities to maintain comprehensive security programs including CISO designation, MFA, encryption, and incident reporting. The 2023 amendments are fully effective as of November 2025.

The NIS2 Directive required EU member state transposition by October 2024, but most states missed the deadline. Germany enacted its law in December 2025. Full compliance landscape overview.

HHS proposed sweeping changes to the HIPAA Security Rule in January 2025, eliminating the addressable vs. required distinction and mandating encryption and MFA. Finalization targeted for May 2026.

The SEC's cybersecurity disclosure rules face political uncertainty under the new administration. The SolarWinds case was dismissed, but the new CETU signals continued enforcement focus.

The three-year transition period to ISO 27001:2022 ended on October 31, 2025. All ISO 27001:2013 certifications have expired. Here's what organizations need to know now.

Practical guidance for implementing NIST CSF 2.0's new Govern function and updated framework components in your organization.

Complete guide to PCI DSS 4.0 requirements, key changes from 3.2.1, and timeline for compliance with the new payment card security standard.

Understanding the key requirements for GDPR-compliant data processing agreements between controllers and processors.

A comprehensive checklist for preparing your organization for a SOC 2 Type II audit, covering all five Trust Service Criteria.