Make PCI Compliance Easier; Automate PCI DSS Requirement 11.2

Automate PCI DSS Requirement 11.2

One of the key tenets of a good cybersecurity program is using security in layers and including automated tools to assess defense status. Automated tools are the only way to deal with the huge variety of network infrastructure components involved in our modern information environments. For example, the Payment Card Industry Data Security Standard (PCI […]

HITRUST CSF Version 9.4 CMMC and NIST Mapping: What’s New

HITRUST CSF Version 9.4

The HITRUST Alliance recently released HITRUST CSF version 9.4. This iteration of HITRUST v9 further delivers on the organization’s mission to provide “One Framework, One Assessment, Globally” by incorporating and streamlining the largest number of authoritative sources of any security and privacy framework. This article explains the added HITRUST CMMC and NIST mapping aspects of this […]

Am I Ready for a PCI ROC?

Am I Ready for a PCI ROC?

We recently answered the question, “How do I know if I have to be PCI compliant?” That post is a good way for those new to the Payment Card Industry (PCI) world to learn some of the basics. Now, we answer the question, “Am I ready for a PCI ROC?” by going more in depth […]

First HIPAA Risk Assessment? Here’s How to Be Prepared

Introduction to HIPAA Risk Assessments

The Health Insurance Portability and Accountability Act (HIPAA) mandates industry-wide standards for the protection and confidential handling of protected health information (PHI). This legislation outlines how companies store, manage, retain, and/or transmit this data. One important exercise organizations subject to HIPAA are expected to complete is a risk analysis. It can be a challenging effort […]

Do I Have to Be PCI Compliant?

How do I know if I have to be PCI Compliant

The Payment Card Industry Data Security Standard (PCI DSS) is designed to help organizations protect their customer’s credit and debit card data. Businesses are held accountable for PCI compliance and must pay heavy fines if they don’t meet the standards. This article offers basic PCI DSS information to help you answer the question, “Do I […]

Does HIPAA Apply to Me?

Does HIPAA Apply to Me?

A common question we hear when we mention Avertium’s compliance expertise is, “Does HIPAA Apply to Me?”. Due to nuances in the requirements, it’s a fair question. In this post, we describe how your organization can determine whether or not you are required to adhere to the HIPAA regulations for privacy and security of protected […]

PCI DSS Business as Usual: The Pandemic Proved Why Businesses Should Adhere

PCI DSS Business as Usual

The PCI DSS standards are designed to ensure that companies processing, transmitting or storing customer credit card information or companies that can affect the security of that information are protecting this data appropriately. The process for becoming PCI certified includes passing a yearly audit during which security controls are evaluated. For many years that meant […]

10 Ways Using SIEM Technology Can Automate Fulfilling HIPAA Regulations

Using SIEM Technology Can Automate Fulfilling HIPAA Regulations

Any organization that transmits health information electronically, including health plans, healthcare clearing houses, healthcare providers, and a covered entity’s business associates, must comply with the Health Insurance Portability and Accountability Act (HIPAA). Yet one of the top problems these organizations face is failure to properly safeguard electronic protected health information (ePHI). One of the greatest […]

3 Things for HIPAA Compliance When Returning to Normal Operations

HIPAA Compliance When Returning to Normal Operations

As workplaces begin to re-open, organizations are looking to return their employees to their office work environments. The Health Insurance Portability and Accountability Act (HIPAA) stipulates that employees are responsible for protecting the privacy of protected health information (PHI) at all times. This means employers must continually review and modify their security measures to ensure […]

Complying with HIPAA Encryption Standards; What You Need to Know

Complying with HIPAA Encryption Standards

The Yes or No Question: Have you encrypted your ePHI data at rest and in transit? Have you encrypted your electronic protected health information (ePHI) data at rest (being stored in persistent storage) and in transit (flowing from one point to another, whether it be the over the internet or a private network)? If your […]