An Introduction to PCI DSS’s Secure Software Life Cycle

PCI DSS featured

Digital payments are, for the most part, the norm for commerce in the modern world. From swiping credit cards, tapping phones, or using credit card information in digital storefronts, a lot of payment information is moving through digital networks… and potentially insecure technologies. This is why credit card networks created the PCI DSS standard to govern security in the payments industry. 

PCI DSS governs these payment technologies, including developing and implementing payment tools at all customer touchpoints. This has led to the PCI DSS Secure Software Life Cycle (SLC) standard, a guideline designed to ensure that security is embedded right from the inception of software development.

 

Read More

HIPAA and the Use of Online Tracking for Marketing Purposes

HIPAA and web tracking featured

Due to some recent actions against online medical providers like BetterHealth and GoodRX, the Department of Health and Human Services has released a new warning for covered entities regarding the tracking methods they use on their websites. 

While web tracking has become a typical technology for most businesses, it’s not a cut-and-dry proposition for healthcare providers who have to maintain patient privacy. 

 

Read More

The Impact of Executive Order 14028 on FedRAMP

zero trust featured

Government responses to evolving security threats have, to more or less a degree, started to incorporate advanced mitigation postures that reflect a world of networked systems and complex digital supply chains. 

To address this changing landscape, the president issued Executive Order 14028, “Executive Order on Improving the Nation’s Cybersecurity.” This 2021 order introduced a zero-trust approach to security and stricter requirements for authorization processes and baseline requirements. 

This article will discuss how some aspects of this executive order are impacting or will impact, FedRAMP Authorization for cloud service offerings. 

 

Read More