Achieve Cybersecurity Compliance with Arctic Wolf
Between staying ahead of cyber attacks, implementing the right technology, and staffing a security operations team, complying with increasingly complex regulations can feel out of reach for even the most skilled teams. That’s why you need the experts on your side.
Compliance Is a Moving Target
Is your organisation checking every box when it comes to compliance obligations? The complexity can feel overwhelming. Multiple frameworks and regulations must be considered, many of which have overlapping requirements.

Industry-Specific Legislation
Heavily regulated industries are a major target for cybercriminals. Financial, legal, healthcare, and governing institutions need to comply with stringent controls to limit access to private and sensitive data.

National and International Requirements
Governing bodies around the world have enacted numerous security privacy rules and guidelines including GDPR, ISO, and NIST frameworks that can be enforced with heavy financial penalties. Use our interactive compliance map below to understand these regulations.
Compliance RegulationsIs your organisation checking every box when it comes to compliance obligations? The complexity can feel overwhelming. Multiple frameworks and regulations must be considered, many of which have overlapping requirements. |
LOCATION: |
STATE: |
PCI-DSS
Industry: Banking
Location: United States
PCI-DSS AT A GLANCE
While not federally mandated in the United States, PCI-DSS is an industry standard and mandated by the Payment Card Industry (PCI) Security Standard Council to protect cardholder data.
PCI-DSS COMPLIANCE REQUIREMENTS
PCI-DSS 1: Install and maintain firewall configuration to protect data
PCI-DSS 2: Do not use vendor-supplied defaults for system passwords and security parameters
PCI-DSS 3: Protect stored cardholder data
PCI-DSS 4: Encrypt transmission of cardholder data across open, public networks
PCI-DSS 5: Protect all systems against malware and regularly update AV software
PCI-DSS 6: Develop and maintain secure systems and applications
PCI-DSS 7: Restrict access to cardholder data by business need-to-know
PCI-DSS 8: Identify and authenticate access to system components
PCI-DSS 9: Restrict physical access to cardholder data
PCI-DSS 10: Track and monitor all access to network resources and cardholder data
PCI-DSS 11: Regularly test security systems and processes
PCI-DSS 12: Maintain a policy that addresses information security
HOW ARCTIC WOLF CAN HELP WITH PCI DSS COMPLIANCE
- Simplify PCI-DSS 3.2 compliance with customised reporting
- Monitor access to card holder data on-premises and in the cloud
- Provide real-time alerts based on business risks posed by payment card data
- Perform continuous vulnerability scanning of internal and external networks, and endpoints
- Implement secure configuration policies based on security controls benchmarks, such as CIS
- Identify and prioritise vulnerabilities based on threat exposure, assets, and severity
- Audit system access, authentication, and other security controls to detect policy violations
- Automatically detect and scan new devices as they enter the network
- Create, assign, track, and verify remediation tasks
- Demonstrate compliance and communicate progress with reports, analytics, and live dashboards from the Arctic Wolf Concierge Security Team
ISO/IEC 27001
Industry: All
Location: International
ISO/IEC 27001 At A Glance
ISO 27001 provides organisations with a framework on how to manage information security. Its goal is to keep information assets secure. There are currently more than a dozen ISO/IEC standards with 114 controls in 14 groups and 35 control categories.
ISO/IEC 27001 COMPLIANCE REQUIREMENTS
Annex A.5 – Information Security Policies
Annex A.6 – Organisation of Information Security
Annex A.7 – Human Resource Security
Annex A.8 – Asset Management
Annex A.9 – Access Control
Annex A.10 – Cryptography
Annex A.11 – Physical and Environmental Security
Annex A.12 – Operations Security
Annex A.13 – Communications Security
Annex A.14 – System Acquisition, Development, and Maintenance
Annex A.15 – Supplier Relationships
Annex A.16 – Information Security Incident Management
Annex A.17 – Information Security Aspects of Business Continuity Management
Annex A.18 – Compliance
HOW ARCTIC WOLF CAN HELP WITH ISO/IEC 27001
For more, check out Arctic Wolf Is Now ISO 27001 Certified—Why That’s a Big Deal.UK-GDPR
Industry: All
Location: UK
UK-GDPR At A Glance
Taking place on January 31, 2020, the UK-GDPR (General Data Protection Regulation) affects user privacy by placing limits on what organisations can with personal data. There are seven key principles of UK-GDPR that detail how user data can be handled.
Sarbanes-Oxley Act (SOX)
Industry: Banking
Location: United States and International
Sarbanes-Oxley Act At a Glance
SOX are expanded regulatory requirements governing all U.S. public companies, foreign companies with securities registered with the Securities and Exchange Commission, and public accounting firms. Its primary goal is to prevent fraudulent financial reporting and protect investors.
Top Compliance Requirements of SOX
Section 302 mandates that senior corporate officers personally certify in writing that the company’s financial statements “comply with SEC disclosure requirements and fairly present in all material aspects the operations and financial condition of the issuer.” Officers who sign off on financial statements that they know to be inaccurate are subject to criminal penalties, including prison terms.
Section 404 requires that management and auditors establish internal controls and reporting methods to ensure the adequacy of those controls. Some critics of the law have complained that the requirements in Section 404 can have a negative impact on publicly traded companies because it’s often expensive to establish and maintain the necessary internal controls.
Section 802 contains the three rules that affect recordkeeping. The first deals with destruction and falsification of records. The second strictly defines the retention period for storing records. The third rule outlines the specific business records that companies need to store, which includes electronic communications.
How Arctic Wolf can help with SOX
- Analyse, prioritise, and manage vulnerabilities
- Maintain, monitor, and analyse audit logs
- Perform regular risk assessments to identify weak points in your security
CIS Controls
Industry: All
Location: United States and International
CIS Controls at a Glance
CIS controls supplement almost every other security framework—including NIST, ISO 27001, PCI, and HIPAA—and are a useful baseline to develop or assess a security program.
Top 18 CIS Security Controls
1. Inventory and Control of Enterprise Assets2. Inventory and Control of Software Assets
3. Data Protection
4. Secure Configuration of Enterprise Assets and Software
5. Account Management
6. Access Control Management
7. Continuous Vulnerability Management
8. Audit Log Management
9. Email and Web Browser Protections
10. Malware Defenses
11. Data Recovery
12. Network Infrastructure Management
13. Network Monitoring and Defense
14. Security Awareness and Skills Training
15. Service Provider Management
16. Application Software Security
17. Incident Response Management
18. Penetration Testing
How Arctic Wolf can help with CIS Controls
- Deliver 24×7, 365 scanning of your entire IT environment for threats and vulnerabilities
- Provide priority context to the criticality of vulnerabilities found within the organisation’s networks and endpoints
- Prevent unnecessary access to critical systems and infrastructure
- Provide a way to better understand the configuration settings of your servers and workstations—preventing vulnerable services and settings from being exploited
No results found
Please refine your search using the checkboxes