Legal and Regulatory Compliance

Written By Paul Bergman

There are real benefits to bringing on legal and regulatory compliance into a security team. Regulations are not optional and a fractional security advisor helps you avoid possible costs and legal penalties of non-compliance of regulations you need to follow. Three of the most common and critical compliance frameworks you may need to follow are:

  • PCI-DSS/PA-DSS – If your company accepts payments via credit cards, you need to understand Payment Card Industry’s (PCI) Security Standards.

  • NIST/CMMC – If your company works with or for the Department of Defense (DoD), it will need to protect controlled unclassified information (CUI) the Cybersecurity Model Maturity Certification (CMMC).

  • HIPAA/HITECH – If you are in the healthcare industry in the US, you need to comply with the Health Insurance Portability and Accessibility Act of 1996 (HIPAA) and its Privacy, Security, and Breach Notification rules.

Compliance takes regular effort. As with certifications, you’ll need show that you monitor and update them over time.

Paul Bergman
Previous

Penetration Testing