Skip to main content

Tag: compliance

361 articles

Formal Department of Defense briefing room with empty chairs and podium.

Pentagon Scraps Cybersecurity Certification Phase, Launches Reform Review

The Department of Defense is shaking things up in the world of cybersecurity certification, suspending Phase 2 of its Cybersecurity Maturity Model Certification (CMMC) program and launching a 60-day review to explore a more streamlined approach. This move aims to ease compliance burdens, especially for small and medium-sized businesses.

Analyst 207
Partially constructed government facility with workers in background, symbolizing a pause or delay.

Pentagon Hits Pause on Cybersecurity Certification Requirements

The Pentagon has hit pause on its cybersecurity certification requirements, citing prohibitive compliance costs and bureaucratic burdens that could stifle innovation in the US defense industrial base. This 60-day suspension sparks a review that may reshape enforcement and acquisition rules for defense contractors.

Analyst 207
Modern government office interior with network pattern in window.

Federal Agencies Modernize Security with Zero Trust Architecture

Federal agencies are revolutionizing their security approach with Zero Trust Architecture, shifting from mere compliance to a robust operational framework that enables seamless mobility, cloud modernization, and AI-driven decision making. By embracing this cutting-edge strategy, leaders are transforming their organizations to stay ahead of emerging threats.

Analyst 207
Government building in Canberra with a laptop on a surface in the foreground.

Australia Shifts Cybersecurity Focus to Resilience Over Compliance

Australia is taking a bold step in cybersecurity, shifting its focus from mere compliance to building operational resilience, with a AU$89.3 million investment over four years to drive this change. The Horizon 2 Action Plan is set to boost the nation's cyber posture with 19 key actions and 64 initiatives.

Analyst 207
Dimly lit datacenter hallway with server racks and maintenance personnel in the distance, under flickering fluorescent…

US Datacenter Law Set to Lapse, Leaving Security Gaps Unaddressed

As the Federal Data Center Enhancement Act of 2023 lapses on September 30, 2026, a crucial safeguard for secure and reliable access to federal information systems will vanish, leaving gaping security holes unaddressed. Without an extension or replacement, federal data centers may operate with little oversight, putting sensitive information at risk.

Analyst 207
Cluttered workshop with scattered electronics and concerned people.

Open Source Community Unprepared for EU's Cyber Resilience Act

The open source community is lagging behind on cybersecurity readiness, with stagnating awareness and a lack of preparedness for the EU's Cyber Resilience Act, which requires minimum security standards for hardware and software products by December 2027. It's time for urgent action to avoid falling short of compliance.

Analyst 207
Modern tech lab with computer screens and devices on a neutral surface, surrounded by abstract shapes suggesting data…

Varonis Integrates Claude Compliance API for Enhanced AI Governance

Varonis has integrated the Claude Compliance API into its Atlas AI Security Platform, empowering enterprises to confidently adopt AI with enhanced governance and oversight. This integration enables security teams to monitor AI usage, detect misuse, and assess risks with unparalleled data context.

Analyst 207
Developer workstation with laptop, notes, and coffee cups in a bright, modern office setting with natural daylight.

AI-Powered Tools Elevate Vulnerability Detection, Pressing Secure-by-Design Mandate

With AI-powered tools, companies can now instantly detect and fix software vulnerabilities, making ignorance a thing of the past when it comes to cybersecurity. As Hans de Vries of ENISA notes, this shift makes a secure-by-design approach not just best practice, but a pressing mandate.

Analyst 207
Modern corporate office interior with a large blank screen in a sleek conference room.

Autonomous AI Exposes Governance Gaps in Enterprise Security

As autonomous AI revolutionizes enterprise security, it's also revealing alarming governance gaps that can leave organizations in highly regulated environments exposed to unprecedented risks. The rapid adoption of autonomous AI is creating a trust gap, where innovation outpaces control, and novel risks to visibility, control, and regulatory compliance are emerging.

Analyst 207
Bank compliance investigation room with laptop showing AI agent interface and financial documents.

FIS and Anthropic Unveil AI to Accelerate Money Laundering Probes

Imagine having an AI-powered ally that supercharges your money laundering investigations, automatically gathering evidence, detecting patterns, and prioritizing case files in minutes - not days. FIS and Anthropic have joined forces to bring you the Financial Crimes AI Agent, revolutionizing banking's most costly compliance challenge.

Analyst 207
Person in background reviews documents near digital interface, with abstract digital identity verification process in…

Digital KYC Push Stalls on Trust and Liability Concerns

KYC is more than just verifying identity - it's a crucial process that requires trust and accuracy to prevent financial crimes. Governments and banks are working together to modernize identity data collection and reuse, with countries like the UAE, Europe, and Singapore launching innovative projects to streamline compliance and strengthen anti-money laundering efforts.

Analyst 207
Computer screen displays blurred Excel spreadsheet in brightly-lit office with DevOps folder visible in background.

Fintech Firm Exposes Database Credentials in Shared Spreadsheet

A fintech firm's most sensitive secrets were left exposed in a shared spreadsheet, with a password that was embarrassingly simple - literally a combination of the company's name and the year. The shocking discovery was made by Stanislav Kazanov during a routine compliance audit, when he stumbled upon a widely accessible SharePoint folder containing a file ominously titled Prod_DB_Root_Creds_DO_NOT_SHARE.xlsx.

Analyst 207
Government regulators sit at a formal hearing table with a laptop and documents, conveying institutional enforcement.

US Companies Face Record $3.45 Billion in Privacy Fines

US companies are facing a record-breaking $3.45 billion in privacy fines, a staggering amount that surpasses the total fines issued over the past five years combined, as regulators shift from education to full-scale enforcement. This surge in fines is driven by stronger state laws, coordinated interstate efforts, and increased scrutiny of AI and automation practices.

Analyst 207
Healthcare setting with laptop on desk, surrounded by medical equipment and files, emphasizing security and risk analysis.

HIPAA Fines Hit $1.7 Million for Risk Analysis Failures

The consequences of neglecting HIPAA risk analysis are steep: four entities recently paid a total of $1.7 million in fines for failing to conduct accurate, timely, and thorough assessments, exposing sensitive health information of nearly 427,000 individuals to hacking and ransomware threats.

Analyst 207
Secure server room with rows of computer servers and restricted access controls.

DORA Mandates Credential Security as Financial Risk Control

What happens when a threat actor waltzes into your network with a legitimate username and password - can your controls stop them? With DORA now in effect, EU financial institutions must prioritize credential security as a critical risk control, shifting from best practice to binding regulation.

Analyst 207
Shattered circuit board and torn ancient book pages near a sleek skyscraper with an eerie glow.

Mythos AI Breakthrough Sparks Industry Reassessment

The Mythos AI breakthrough has sent shockwaves through the industry, forcing a crucial question: how can businesses adapt and stay ahead when a single technological leap turns the rulebook upside down? Industry experts gathered to discuss the implications and reassess their strategies in light of this game-changing innovation.

Analyst 207
Shattered briefcase spills cash amidst dark cityscape with glowing office screens.

OpenAI Targets Financial Sector with GPT-5.4-Cyber Partnerships

OpenAI is shaking up the financial sector with its GPT-5.4-Cyber partnerships, targeting major banks with a cutting-edge cyber-focused AI offering that raises important questions about regulation and control. By launching a Trusted Access for Cyber program, OpenAI is paving the way for GPT-5.4-Cyber to be adopted in highly regulated environments.

Analyst 207
Locked metal briefcase with laptop and technical equipment scattered around it, in a dimly lit setting.

Universities Scramble to Tighten Export Controls Amid Rising Risks

As governments tighten export controls to protect national interests, universities face a pressing dilemma: how to balance the need for global collaboration and discovery with the risk of unchecked research crossing borders. With regulations once reserved for industry now bearing down on academic activity, institutions must urgently revisit their export-control compliance to avoid stifling innovation.

Analyst 207
Person in a suit sits at desk with paperwork, laptop, and mobile devices, surrounded by subtle warnings of security concerns.

HHS Weighs HIPAA Security Rule Update Amid Compliance Cost Concerns

As the HHS Office for Civil Rights considers updating the HIPAA Security Rule, a pressing question remains: will the cost of compliance outweigh the risk of leaving protected health information vulnerable? The director bluntly puts it, the cost of inaction may outweigh compliance burdens.

Analyst 207
Financial Services Grapple with SecOps and GRC Alignment Challenges

Financial Services Grapple with SecOps and GRC Alignment Challenges

In financial services, two crucial functions - SecOps and GRC - are struggling to move in lockstep, despite their shared goals of protecting assets and meeting regulatory expectations. Can they ever align to tackle security and compliance challenges head-on?

Analyst 207
Qodo Raises $70M to Mitigate AI Code Risks with Governance Platform

Qodo Raises $70M to Mitigate AI Code Risks with Governance Platform

As businesses increasingly turn to AI to generate production code, a pressing question emerges: who will be accountable when machines write the software that runs our critical systems? With AI-generated code comes a new set of risks - bugs, security threats, and noncompliance - that governance gaps must address to ensure speed and scale don't compromise safety and reliability.

Analyst 207
Critical Data Security Standards Bolster Cancer Innovation Efforts

Critical Data Security Standards Bolster Cancer Innovation Efforts

As cancer research and treatment innovation accelerate, robust data security standards are crucial to safeguarding sensitive information and fueling life-saving collaborations. By prioritizing data security, we can empower the medical community to harness the full potential of technology and drive progress in the fight against cancer.

Analyst 207
cyber risk Must-Have Strategy for Best Business Alignment

cyber risk Must-Have Strategy for Best Business Alignment

Too many security teams track patch counts while executives ask whether revenue and reputation are really protected; aligning risk operations with business priorities turns cyber efforts from checkbox exercises into measurable protection for what matters most. By mapping critical processes, quantifying financial impact, and uniting tech and leadership, organizations can prioritize controls that reduce real risk and keep operations—and customers—running.

Analyst 207
insider risk: Essential Defenses Against Costly Breaches

insider risk: Essential Defenses Against Costly Breaches

Insider risk is now a frontline threat—77% of organizations have suffered data loss—so prioritize least-privilege access, zero-trust IAM, and integrated DLP/UEBA/SIEM while building a people-first culture that balances privacy with protection. These must-have defenses stop costly breaches before trusted channels become exit ramps.

Analyst 207