Compliance Guides
Rapid7 PCI DSS Compliance Guide
Negative media coverage, a loss of customer confidence, and the resulting loss in sales can cripple a business. As a result, all entities that handle credit cardholder information are being challenged to adopt more effective data protection measures. The Payment Card Industry (PCI) Data Security Standard (DSS) was created to confront the rising threat to credit cardholder personal information. This compliance guide will provide readers with an overview of the requirements as well as suggested steps in achieving PCI compliance.
Rapid7 HIPAA and HITECH Act Compliance Guide
When private medical records are breached, healthcare service providers suffer damage to their brand, reputation, loss of trust from their patients, and severe financial repercussions. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates that appropriate administrative, technical, and physical safeguards be used to protect the privacy and security of sensitive health information. This compliance guide will provide readers with an overview of the requirements as well as suggested steps in achieving HIPAA compliance.
Rapid7 NERC-CIP Compliance Guide
The North American Electric Reliability Corporation (NERC) introduced Critical Infrastructure Protections (CIPs) as mandatory cyber security regulations, intended to protect the bulk electric grid. The U.S. Federal Energy Regulatory Commission (FERC) and governmental authorities in Canada made the Cyber Security Standards detailed in the NERC CIPs mandatory and enforceable across all private and public users, owners, and operators of the bulk power system. This compliance guide will provide readers with an overview of the requirements as well as suggested steps in achieving NERC compliance.
Rapid7 FISMA Compliance Guide
All government agencies, government contractors, and organizations that exchange data directly with government systems must be FISMA compliant. This may include such diverse entities as data clearinghouses, state government departments, and government military subcontractors if data is exchanged directly with Federal government systems. Coverage may expand to include public and private sector entities that utilize manage or run critical infrastructures if FISMA security controls are combined with the Consensus Audit Guidelines as part of the new U.S. Information and Communications Enhancement (ICE) Act.
Rapid7 CAG Compliance Guide
The Consensus Audit Guidelines (CAG) provide critical U.S. Federal government infrastructures with a proactive cyber-security framework to prioritize critical IT security concerns. The goal of applying CAG is not simply to become compliant with regulations, but rather to provide a template for making security best practices an integral part of system design and operation so that Federal agencies can ensure their systems are capable of withstanding the more frequent and in-depth attacks found in an increasingly complex threat landscape. This compliance guide will provide readers with an overview of the requirements as well as suggested steps in achieving CAG compliance.
Rapid7 Massachusetts Privacy Law Compliance Guide
In an effort to protect Massachusetts residents from the rising incidence of fraud and identity theft from data loss, the State of Massachusetts has implemented aggressive regulatory requirements to protect personal information. The state now requires mandatory compliance with 201 CMR 17.00 - Standards for the Protection of Personal Information of Residents of the Commonwealth (also known as just 201 CMR 17, or the Massachusetts Privacy Law). This compliance guide will provide readers with an overview of the requirements as well as suggested steps in achieving compliance with the Massachusetts Data Privacy Law (Mass 201 CMR 17).
-
ON-DEMAND WEBCAST Forrester: PCI Compliance is Good, But is It Enough?
VIEW WEBCAST
- Related Resources
- Read Gartner MarketScope
