Risk & Compliance Glossary
Learn the biggest topics in risk management, compliance requirements, and digital security with Kiteworks’ Risk & Compliance Glossary
21 CFR Part 11
Explore the background, benefits, and challenges of 21 CFR Part 11 compliance and learn the strategies, tools, and best practices for maintaining compliance with this regulation.
23 NYCRR 500
Learn about the 23 NYCRR 500, a comprehensive cybersecurity regulation for financial services companies in New York state, and how it impacts businesses.
Advanced Persistent Threat
Protect sensitive content communications from APTs with targeted security measures for your business.
The AES-256 encryption standard enables organizations to securely transmit information as a ciphertext.
Comprehensive audit logs of sensitive content communications enable organizations to track and report security and compliance exposure risks.
Australian Privacy Principles
Get a comprehensive overview of the Australian Privacy Principles and implement essential measures to protect your business and customers’ data.
Discover how ANSSI’s suite of cybersecurity programs, regulations, and standards can help protect your business from cyberattacks and data loss, and learn more about the advantages of regulatory compliance with Kiteworks.
CCPA institutes privacy controls on the sharing and use of PII belonging to California residents.
CIS Critical Security Controls v8
Discover how the CIS Critical Security Controls (CIS Controls Version 8) can help protect your organization against the most common and successful cyber threats with this overview of the 18 controls and tools and resources to help with implementation.
CDR (Content Disarm and Reconstruction)
Improve your security posture with Content Disarm and Reconstruction (CDR): Learn how this advanced threat prevention technology eliminates malicious components from incoming files and reconstructs them without losing the original structure or fidelity.
Content Delivery & Security Association (CDSA)
Discover how Kiteworks Private Content Network can help businesses get ready for Trusted Partner Network (TPN) assessments and ensure that their content is securely delivered according to the Motion Picture Association’s (MPA) content protection best practices.
Connecticut Data Privacy Act (CTDPA)
Learn about the Connecticut Data Privacy Act (CTDPA), a comprehensive data privacy law that provides rights to Connecticut residents and obligations for the companies that process, collect, and store data about them.
While CMMC is still evolving, you want to make sure your business is up to date on what CMMC certification is and how the updates will affect you.
CMMC 1.0 vs. CMMC 2.0
Discover the major differences between CMMC 1.0 and CMMC 2.0 to learn what it means for your business and how to prepare for the new requirements for DoD contractors with this comprehensive guide.
CMMC 2.0 Levels
Discover CMMC 2.0 Levels and how the Kiteworks-enabled Private Content Network can accelerate Level 2 compliance for DoD contractors and suppliers in the Defense Industrial Base (DIB), helping them to protect controlled unclassified information (CUI) and federal contract information (FCI).
CMMC 2.0 Level 1
Learn about CMMC 2.0 Level 1 requirements, who needs compliance at this level, and how to comply.
CMMC 2.0 Level 2
Learn about CMMC 2.0 Level 2 requirements, what it takes to achieve compliance, who needs compliance and how DoD suppliers need to prepare for compliance.
CMMC 2.0 Level 3
Discover the compliance requirements for CMMC 2.0 Level 3, the highest cybersecurity regulation from the DoD for contractors and organizations handling CUI for high-priority programs
CMMC CUI and What It Means
Learn about controlling and protecting controlled unclassified information (CUI) under CMMC, including types of CUI, handling requirements, and steps for protecting CUI and meeting compliance requirements.
CMMC and NIST 800-171 Requirements
Learn about the CMMC 2.0 and NIST 800-171 frameworks – the key similarities and differences between them and the requirements for each.
CMMC Compliance and Security Requirements
Learn the importance of CMMC compliance and the security requirements it provides organizations to protect their data and remain competitive in the DoD marketplace with this comprehensive overview.
CMMC Compliance Audit
This comprehensive guide provides businesses a roadmap to successfully navigate their Cybersecurity Maturity Model Certification (CMMC) self-assessment. Learn tips, tricks, and best practices to ensure success during the self-assessment process.
Learn about the crucial components that contribute to a successful CMMC compliance audit and ensure your organization is fully prepared.
Cybersecurity Risk Management
Cybersecurity risk management is becoming a large part of many organizations’ security strategies but others wonder if it’s truly that important.
CJIS Compliance in Law Enforcement
Learn everything you need to know about CJIS compliance, including its requirements and benefits, in this comprehensive guide.
Colorado Privacy Act (CPA)
Discover the Colorado Privacy Act (CPA), a comprehensive privacy framework that provides citizens of Colorado the right to access and delete their personal information, to opt out of targeted advertising, and to review automated decisions.
Credential Theft Attacks
Learn about credential theft attacks, the types of attacks, the common targets of such attacks, and how Kiteworks can help improve a business’s overall security posture to protect from credential theft.
Data privacy isn’t just a business problem; it affects every user, employee or customer that trusts you to handle or store your private information.
Data Protection Act 2018
How the Data Protection Act compares to GDPR and what this means for businesses operating in the U.K.
Discover the importance of data sovereignty and how it can protect your information in a digital world.
Distributed denial-of-service (DDoS) attacks are malicious attempts to disrupt the normal functioning of a targeted network, server, or website by overwhelming it with a flood of internet traffic.
Discover how DevSecOps is an innovative approach that combines development, security, and operations teams to automate security checks throughout the software development process and prioritize security with an integrated workflow.
DoD and CMMC Requirements
Learn more about the Department of Defense and the CMMC requirements for Defense Industrial Base (DIB) contractors to protect CUI, their networks, and data and ensure compliance with government regulations.
EAR (Export Administration Regulations)
Understand and comply with the Export Administration Regulations (EAR) to ensure compliance and avoid costly fines, penalties, and ensure national security and foreign policy interests.
Discover the power of eDiscovery and learn the best practices, types, and step-by-step process of using eDiscovery to save time, money, and improve your legal proceedings.
Email compliance goes beyond making sure your marketing emails are compliant. Email compliance also includes day to day communications.
Email encryption is an important line of defense for your business communications. This encryption can help prevent hackers from accessing private information.
Email Protection Gateway (EPG)
Experience secure and compliant email communications with an Email Protection Gateway (EPG) while making email encryption invisible to end-users.
Federal Data Protection Act (FDPA)
Discover what Germany’s Federal Data Protection Act is, who it applies to, its principles, individuals’ rights, and how businesses can comply in order to protect personal data and avoid penalties.
FedRAMP compliance is extremely important if you want to provide cloud services to a federal government office but how should you start this process?
FedRAMP and NIST CSF
Discover the similarities and differences between FedRAMP and NIST CSF and how organizations can use them to maintain strong cybersecurity practices.
FedRAMP and CMMC Requirements
The U.S. government has implemented the FedRAMP and CMMCcybersecurity frameworks to help businesses support government agenciessecurely and efficiently. Learn how your business can do the same
FedRAMP Certification Process
Learn about the FedRAMP certification process, including its purpose, requirements like security controls, cost, and time and, finally,
Learn about FERPA compliance and the importance of protecting student information, such as implementing data security protocols and providing training to employees and administrators.
Learn about FINRA compliance and why it is important for firms, financial advisors, and individual investors.
French Data Protection Act
Get a comprehensive overview of the French Data Protection Act and implement essential measures to protect your business and customers’ data.
What are the requirements for FIPS compliance and how do FIPS, NIST and FISMA relate? We’ve covered all the important points for a complete FIPS overview.
FISMA is necessary for federal agencies but may also affect the compliance standards required by your business if you do work for a federal agency.
FTC Safeguards Rule
A guide on securing customer information and complying with the FTC Safeguards Rule using governance tracking and control in the financial services industry.
GDPR may be an EU regulation but it has affected countries worldwide. Understanding and adapting to this law can save your company from receiving any penalties.
How financial services organizations can comply with GLBA when sending and sharing confidential customer information.
Get a clear understanding of GxP compliance and its requirements with an expert-led breakdown and roadmap.
What is HIPAA and how can the HIPAA security rule, omnibus rule and privacy rule apply to me and my business? Keep reading to find out.
Hardened Virtual Appliance
Learn about the benefits of a hardened virtual appliance and how it can help organizations protect their sensitive content communications and comply with regulatory requirements.
When handling personal healthcare information, HIPAA compliance is a must, not only for your business but also for your client’s privacy.
HITECH Act Compliance
Step-by-step instructions to help healthcare providers meet HITECH regulatory requirements.
Identity & Access Management (IAM)
Identity and access management is a set of processes, policies, and tools for controlling user access to web applications and critical information within an organization.
Integrated Risk Management
Wondering about integrated risk management or the difference between IRM, CRC and ERM? We’ve got you covered – just keep reading.
Iowa Consumer Data Privacy Law
Explore Iowa’s Consumer Data Privacy Law, its key provisions, consumer rights, and business obligations for data protection.
What is Information Security Registered Assessors Program? Who needs IRAP assessment and certification? Keep reading to find out everything you need to know.
ISO 27000 Standards
The ISO 27001, ISO 27017, and ISO 27018 belong to the family of ISO/IEC 27000 standards that keep information assets in an organization secure.
If your company exports defense or space related items, you must be ITAR compliant otherwise you could be fined hundreds of thousands of dollars.
Managed File Transfer (MFT)
Managed file transfer software solutions can become a key part of your company’s security strategy simply because this software protects all transferred data.
Discover how man-in-the-middle attacks work, the consequences, and steps to protect your organization from these cyber threats.
Malware-based attacks pose a constant threat to software that can cause extensive damage and disruption, including content exposure. Protecting against them requires robust defenses.
Multi-factor Authentication (MFA)
Protect your sensitive information with multi-factor authentication (MFA) and follow best practices for security.
Learn about NERC CIP, what it is, compliance, and why it’s important for the reliability and security of North America’s power grid.
NIST Cybersecurity Framework
Learn how the NIST Cybersecurity Framework (NIST CSF) provides a comprehensive set of best practices for cybersecurity that can be tailored to an organization’s specific needs.
NIS 2 Directive
This article explains the NIS 2 Directive, including its purpose, scope, and impact on cybersecurity. We cover its requirements, compliance obligations, and potential benefits.
NIST Privacy Framework
Unlock the ultimate guide to NIST Privacy Framework. Protect your sensitive data from prying eyes with this game-changing resource.
Secure controlled unclassified information with NIST SP 800-171 and improve your cybersecurity posture with comprehensive security controls and guidance.
Learn how NIST 800-53 and adherence to this cybersecurity framework can help you protect your systems and the assets they contain so you stay ahead of the ever-evolving threat landscape.
If your company handles credit card data and is not following PCI compliance standards, you could face large penalties if these regulations aren’t corrected.
If your business handles credit card transactions and isn’t PCI DSS compliant, you need to keep reading in order to avoid possible legal ramifications.
PII / PHI
Personally identifiable information (PII) is any data that could potentially identify a specific individual.
Plan of Action and Milestones (POA&M)
Department of Defense suppliers can discover the key steps and milestones involved in creating an effective POA&M for Cybersecurity Maturity Model Certification (CMMC)
Privacy by Design
Discover the importance of Privacy by Design and learn how to implement it in your data management practices.
Regulatory compliance is important for any business and can actually be financially rewarding by avoiding fines and finding vulnerable areas in your company.
Secure File Sharing
Not all file sharing software was made equal and using a free secure file sharing option can open your business up to breaches and attacks.
Secure File Transfer
We’ve found the best secure file transfer software solutions to help your business stay compliant and secure while handling sensitive data.
System Security Plan
Learn the steps to create an effective system security plan to protect information systems and comply with CMMC and NIST 800-171 standards.
Secure Web Forms
Learn why secure web forms are essential for protecting your data from online threats.
Security Risk Management
Security risk management can prevent a possible weak area in your company from being overlooked and preyed upon by outside attackers.
Learn about the common types of security misconfiguration vulnerabilities, their risks and impacts, and best practices for preventing them.
Security Operations Center
A comprehensive guide to the security operations center (SOC), including its role, functions, and benefits, and how it can mitigate risks and enhance your security posture.
Learn the dangers of session hijacking and how to protect sensitive content communications from this malicious cyberattack.
Singapore Personal Data Protection Act 2012
Singapore PDPA Guide: Navigate the Personal Data Protection Act 2012 with this comprehensive resource.
Is SFTP just another data transfer protocol and is it the same as FTPS? These answers may surprise you so keep reading to find out.
Learn why SIEM is important and the associated benefits, how it works, and best practices for implementation in order to effectively achieve an organization’s security and compliance initiatives.
SMTP may seem complicated with its protocols, ports, servers and providers, but it doesn’t need to be. We’re covering it all to help you fully understand SMTP.
About to receive a SOC 2 audit or just looking to prepare for one? We run through all the important points you need to consider before an audit.
Structured vs. Unstructured Data
Explore structured vs. unstructured data, their characteristics, pros and cons, and how to manage and analyze them effectively.
The supply chain process has many moving parts and will require some type of supply chain management to create a productive network.
Supply Chain Risk Management
Supply chain risk management not only helps to keep your supply chain protected but will also keep your company, as a whole, more risk aware.
SQL Injection Attack
Discover the anatomy of an SQL injection attack, a common hacking technique that targets databases and web applications.
Tennessee Information Protection Act
In this glossary, we will take a deep dive into the Tennessee Information Protection Act and explore how it protects consumers’ personal information and the obligations it places on businesses.
Third-party Risk Management
Working with third-party vendors introduces a certain level of risk. This calls for a certain level of due diligence, trust, and risk management
Transport layer security (TLS) ensures the secure delivery of information over the internet, avoiding possible leakage and altering the content.
TPRM is an important area of security for all organizations that do business with outside vendors and can even prevent breaches if done correctly.
UK Cyber Essentials Certification
Discover the importance of Cyber Essentials certification and explore the benefits it offers to businesses of any size, including improved system and data security, improved compliance with existing regulations, and reduced cost of implementing cybersecurity measures.
Utah’s Consumer Privacy Act (UCPA)
The Utah Consumer Privacy Act (UCPA) provides additional rights and protections to Utah consumers, granting them the right to access, delete, and opt out of the sale of their data. Businesses must comply with the UCPA to ensure consumer data is kept safe and secure.
Virginia Consumer Data Protection Act
The Virginia Consumer Data Protection Act (VCDPA) provides consumers with greater control over their personal data, establishes consumer protections, and requires businesses to have appropriate safeguards in place to protect consumer data.
Vendor Risk Management
Vendor risk management deals with vulnerabilities that vendors and third parties bring to your business. But how can you mitigate these risks?
Virtual Data Rooms
Virtual data rooms are used by organizations to protect confidential information when it is shared and stored.
Zero-day Exploits and Attacks
Explore the dangers of zero-day attacks and how to protect against them. Learn what zero-day attacks are, how they work, and the best practices for defending against them.
No records found