What are Enclaves and Why Are They Important for Handling CUI?

Security enclave featured

One of our country’s more important assets is its information. The U.S. IT infrastructure carries private information covering things like financial information, private information, defense and military information or information that is critical to the operation of government agencies. Some information is classified, and some, while not deemed sensitive enough to classify, are protected as Controlled Unclassified Information, or CUI.

CUI is protected under government regulation, which means that if your business wants to work with federal or defense agencies, it must meet regulations to participate. 

Read More

What is a C3PAO in CMMC Certification?

CMMC c3pao featured

CMMC certification is rolling out in RFPs in the defense and federal security compliance space. This framework promotes a uniform approach to security to protect important, unclassified data that passes through third-party vendors working with federal agencies. To ensure that companies are meeting their compliance requirements, CMMC leverages outside certified assessors to serve as third-party assessment organizations (C3PAO).

In this article, we will cover the basics of C3PAOs in CMMC certification. This discussion includes a breakdown of CMMC requirements and the importance of a C3PAO in providing objective evaluations of vendor security in the defense space. 

 

Read More

The 2021 Guide to HIPAA Compliance

HIPAA compliance featured

Table of Contents

  1. What is HIPAA?
  2. HIPAA Compliance Terminology
  3. What Are the Three Rules of HIPAA Compliance?
  4. What Is the HIPAA Privacy Rule?
  5. What Is the HIPAA Security Rule?
  6. What Is the HIPAA Breach Notification Rule?
  7. What Is the HITECH Act?
  8. What Is the Omnibus Rule?
  9. What Does HIPAA Compliance Entail?
  10. What Are the Penalties for Not Meeting HIPAA Compliance?
  11. What Can I Do to Ensure That My Organization is HIPAA Compliant?


What is HIPAA?

HIPAA is the Health Insurance Portability and Accountability Act signed into law by President Bill Clinton in 1996. HIPAA was put into place to protect patient data from theft or loss. 

Why is this important? Private Health Information (PHI) is considered some of the most sensitive data that a person can have. It was determined that it was critical to protect PHI for patients and that this responsibility fell on healthcare providers who used that information for treatment, research, or billing purposes. 

With the emergence of electronic PHI (ePHI) and digital technologies like networked communication and electronic recordkeeping, HIPAA became that much more important. HIPAA was therefore conceptualized to protect ePHI no matter where it is. 

Read More