Compliance

What to Expect from PCI DSS 3.2

Earlier this year, we wrote about how to prepare for PCI DSS 3.2. Now, organizations should begin to implement changes with the PCI DSS 3.2 official release. These standards should be adopted as soon as is possible, as version 3.1 will expire on October 31,…

Read More

PCI DSS Scoping for Colocation Providers: To Include or Not to Include?

Author: Dustin Rich, CISSP, (ISC)2, CISA, ISACA, PCI QSA, PA QSA, MCSE, CCNA, CCA, and Managing Consultant at A-LIGN. A-LIGN is heavily involved in the colocation industry, performing PCI DSS assessments as well as additional compliance audits to colocation providers throughout the US, as well…

Read More

Phase 2 of the HIPAA Audit Program Launches

Author: Gene Geiger, CPA, CISSP, CCSK, QSA, PCIP, ISO 27k LA, and Partner at A-LIGN. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced Phase 2 of the HIPAA Audit Program. Every covered entity and business associate will be eligible to be…

Read More

FedRAMP Accelerated

Author: Cheryl Zobel, Managing Consultant at A-LIGN. FedRAMP, or the Federal Risk and Authorization Management Program, is a government program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. The FedRAMP Program Management Office (PMO) has retooled the program,…

Read More

ISO 27001: The Four Most Common Post-Certification Pitfalls

Author: Gene Geiger, CPA, CISSP, CCSK, QSA, PCIP, ISO 27k LA, and Partner at A-LIGN. Becoming ISO 27001 certified is a rigorous process for most organizations but the work should not stop after receiving the sought after certification. We want to ensure that your organization does not fall…

Read More

HITRUST Assessment Scoping Guidelines

We are asked routinely “which controls will A-LIGN test as part of the HITRUST assessment?”.  The answer to that question depends on the environment and the outcome of the scoping process.  Scoping occurs in the initial phases of your HITRUST assessment process in order to…

Read More

Preparing for PCI DSS 3.2 in 2016

  Author: Dustin Rich, CISSP, (ISC)2, CISA, ISACA, PCI QSA, PA QSA, MCSE, CCNA, CCA, and Managing Consultant at A-LIGN. This update, which will likely take place of the previously anticipated Q4 2016 update, will include changes that aim to take into account…

Read More

Strengthening the Cloud: ISO 27017 and ISO 27018

As the global usage of cloud technology continues to grow, businesses must strategically consider the risk of storing protected information and explore security options in order to protect their information systems. There are multiple security standards for cloud services providers and users to utilize in order to…

Read More

An Overview of the HITRUST CSF and Related Frameworks

The HITRUST CSF is a comprehensive, certifiable security framework that pulls from HIPAA/HITECH, ISO 27001, NIST SP 800-53, COBIT, and PCI DSS, combining them to create a powerful framework. The HITRUST CSF provides an integrated, prescriptive framework that works with the needs…

Read More

HITRUST Assessment Types & HITRUST Integration with SOC 2

Don’t make the climb to compliance more difficult than it has to be. With a comprehensive framework for organizations of any size, system or regulatory requirement, the HITRUST CSF allows for organizations to easily assess their current compliance while providing implementation requirements based on an organization’s risk…

Read More