NIST SP 800-171 vs. SP 800-172: What’s the Difference?

Feb 9, 2022 Lazarus Alliance 0 Comment

Last November, the unveiling of CMMC 2.0 raised many questions but also brought a lot of relief. Streamlining security around Controlled Unclassified Information (CUI) will help defense agencies and contractors better secure their systems without burdening them with operational overhead. This is crucial for organizations who want to support these agencies but don’t know much about either NIST SP 800-171 or NIST SP 800-172, the core documents of CMMC.

Homeland Security and FISMA Updates in 2022

Feb 2, 2022 Lazarus Alliance 0 Comment

FISMA is one of the foundational cybersecurity documents in the U.S. government. Its passage in 2002 and subsequent update in 2014 have defined the security landscape for federal IT systems and associated contractors.

However, a one-two punch from Congress and the President has changed things again. With recent cyber threats causing major damage to public and private resources, an Executive Order from the Office of the President, coupled with updates implemented by Congress, has shaped, directly or indirectly, the implementation of FISMA.

SOC 2: Trust Services Criteria and Secure IT in 2022

Jan 26, 2022 Lazarus Alliance 0 Comment

With COVID-19, always-online eCommerce and the migration to remote, distributed workforces, IT security is more important now than ever. In some industries, regulations can dictate the privacy and security requirements that every organization must meet. In others, those regulations may be less rigorous or even non-existent. That’s why many organizations turn to additional frameworks to shore up their approach to security. That’s where SOC 2 comes in.

Service Organization Control (SOC) is a standard put into place by the American Institute of Certified Professional Accountants (AICPA) to help financial institutions protect client and customer data. Because the framework is robust and focused, many organizations opt to achieve certification as part of a larger security and customer relationship strategy.

In 2022, after such dynamic shifts in our lives (particularly those tied to digital information), SOC 2 is more important than ever. Specifically, the five Trust Criteria can serve as the backbone of modern privacy and compliance strategies.