{"id":22462,"date":"2020-04-13T17:59:41","date_gmt":"2020-04-13T21:59:41","guid":{"rendered":"https:\/\/arcticwolf.com\/compliance\/"},"modified":"2025-05-05T11:51:18","modified_gmt":"2025-05-05T16:51:18","slug":"compliance","status":"publish","type":"page","link":"https:\/\/arcticwolf.com\/uk\/compliance\/","title":{"rendered":"Solutions &#8211; Industries &#8211; Compliance"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"22462\" class=\"elementor elementor-22462 elementor-17002\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t<section data-particle_enable=\"false\" data-particle-mobile-disabled=\"false\" class=\"elementor-section elementor-top-section elementor-element elementor-element-39495d9 elementor-section-full_width redonk-outer-wrapper elementor-section-height-default elementor-section-height-default\" data-id=\"39495d9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;_ha_eqh_enable&quot;:false}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-6b48e9a\" data-id=\"6b48e9a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d3ccbd0 elementor-widget elementor-widget-html\" data-id=\"d3ccbd0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<!-- Load Esri  LeafletGeocoder from CDN -->\n<link rel=\"stylesheet\" href=\"https:\/\/unpkg.com\/esri-leaflet-geocoder@3.1.3\/dist\/esri-leaflet-geocoder.css\"\n    integrity=\"sha512-IM3Hs+feyi40yZhDH6kV8vQMg4Fh20s9OzInIIAc4nx7aMYMfo+IenRUekoYsHZqGkREUgx0VvlEsgm7nCDW9g==\"\n    crossorigin=\"\">\n<link rel=\"stylesheet\" href=\"\/wp-content\/rd\/assets\/css\/leaflet\/leaflet.css\" \/>\n<link type=\"text\/css\" rel=\"stylesheet\" href=\"\/wp-content\/rd\/assets\/css\/compliance.css\" \/>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6be89ba elementor-widget elementor-widget-html\" data-id=\"6be89ba\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<style>\n    strong {font-weight: bold;}\n    \n                                                #header-widget-area:before {\n                                                    content:\"\";\n                                                    position: absolute;\n                                                    left: 0;\n                                                    top: 0;\n                                                    right: 0;\n                                                    bottom: 0;\n                                                    background: linear-gradient(180deg, rgba(1, 21, 43, 0.86) 7.18%, rgba(1, 21, 43, 0) 100%)!important;\n                                                }\n                                                #drift-frame-controller {\n                                                    z-index: 99999!important;\n                                                }\n                                            <\/style>\n                                            <section class=\"aw-compliance-map elementor-section elementor-section-boxed elementor-section-items-middle\">\n    \n                                                <svg class=\"hidden-svg\" viewBox=\"250.758 235.554 50.857 50.857\" width=\"50.857\" height=\"50.857\">\n                                                    <clipPath id=\"triangle-svg\">\n                                                        <path d=\"M 301.615 235.554 L 301.615 286.411 L 250.758 286.411 L 301.615 235.554 Z\" data-bx-shape=\"triangle 250.758 235.554 50.857 50.857 1 0 1@8647725f\" style=\"fill: rgb(216, 216, 216); stroke: rgb(0, 0, 0);\"><\/path>\n                                                    <\/clipPath>\n                                                <\/svg>\n    \n                                                <svg class=\"hidden-svg\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 100 100\" width=\"0\" height=\"0\">\n                                                    <linearGradient id=\"g1\">\n                                                        <stop offset=\"0\" class=\"color1\" \/>\n                                                        <stop offset=\"1\" class=\"color2\" \/>\n                                                    <\/linearGradient>\n                                                <\/svg>\n    \n                                                <svg class=\"hidden-svg\" width=\"0\" height=\"0\">\n                                                    <defs>\n                                                        <pattern id=\"pattern-stripe\" \n                                                            width=\"5\" height=\"5\" \n                                                            patternUnits=\"userSpaceOnUse\"\n                                                            patternTransform=\"rotate(-45)\">\n                                                            <rect width=\"3\" height=\"5\" transform=\"translate(0,0)\" fill=\"#042D50\" opacity=\"1\"><\/rect>\n                                                        <\/pattern>   \n                                                    <\/defs>\n                                                    <rect class=\"hbar thing-2\" x=\"0\" y=\"0\" width=\"50\" height=\"100\"><\/rect>\n                                                    <rect class=\"hbar thing-2\" x=\"51\" y=\"50\" width=\"50\" height=\"50\"><\/rect>\n                                                    <rect class=\"hbar thing-2\" x=\"102\" y=\"25\" width=\"50\" height=\"75\"><\/rect>\n                                                    <rect class=\"hbar thing-1\" x=\"0\" y=\"200\" width=\"10\" height=\"50\"><\/rect>\n                                                    <rect class=\"hbar thing-1\" x=\"0\" y=\"251\" width=\"123\" height=\"50\"><\/rect>\n                                                    <rect class=\"hbar thing-1\" x=\"0\" y=\"302\" width=\"41\" height=\"50\"><\/rect>\n                                                <\/svg>\n    \n                                                <svg class=\"hidden-svg\" width=\"0\" height=\"0\">\n                                                    <defs>\n                                                        <pattern id=\"pattern-stripe-us\" \n                                                            width=\"5\" height=\"5\" \n                                                            patternUnits=\"userSpaceOnUse\"\n                                                            patternTransform=\"rotate(-45)\">\n                                                            <rect width=\"1.5\" height=\"5\" transform=\"translate(0,0)\" fill=\"#bfbdbd\" opacity=\"0.4\"><\/rect>\n                                                        <\/pattern>   \n                                                    <\/defs>\n                                                    <rect class=\"hbar thing-2\" x=\"0\" y=\"0\" width=\"50\" height=\"100\"><\/rect>\n                                                    <rect class=\"hbar thing-2\" x=\"51\" y=\"50\" width=\"50\" height=\"50\"><\/rect>\n                                                    <rect class=\"hbar thing-2\" x=\"102\" y=\"25\" width=\"50\" height=\"75\"><\/rect>\n                                                    <rect class=\"hbar thing-1\" x=\"0\" y=\"200\" width=\"10\" height=\"50\"><\/rect>\n                                                    <rect class=\"hbar thing-1\" x=\"0\" y=\"251\" width=\"123\" height=\"50\"><\/rect>\n                                                    <rect class=\"hbar thing-1\" x=\"0\" y=\"302\" width=\"41\" height=\"50\"><\/rect>\n                                                <\/svg>\n    \n                                                <div class=\"map-container\">\n                                                \n                                                    <div class=\"map-panel\">\n                                                        <div class=\"map-panel-open-btn\">\n                                                            <svg width=\"22\" height=\"12\" viewBox=\"0 0 22 12\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><g clip-path=\"url(#clip0_662_2219)\"><path d=\"M6.28857 1.22949L1.92057 5.59959L6.28857 9.96969\" stroke=\"#F58220\" stroke-width=\"1.26\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/><path d=\"M12.062 1.22949L7.69401 5.59959L12.062 9.96969\" stroke=\"#F58220\" stroke-width=\"1.26\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/><path d=\"M18.2026 1.22949L13.8346 5.59959L18.2026 9.96969\" stroke=\"#F58220\" stroke-width=\"1.26\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/><\/g><\/svg>\n                                                            <div class=\"inner-btn\">VIEW ALL REGULATIONS<\/div>\n                                                            <svg width=\"22\" height=\"12\" viewBox=\"0 0 22 12\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><g clip-path=\"url(#clip0_662_2219)\"><path d=\"M6.28857 1.22949L1.92057 5.59959L6.28857 9.96969\" stroke=\"#F58220\" stroke-width=\"1.26\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/><path d=\"M12.062 1.22949L7.69401 5.59959L12.062 9.96969\" stroke=\"#F58220\" stroke-width=\"1.26\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/><path d=\"M18.2026 1.22949L13.8346 5.59959L18.2026 9.96969\" stroke=\"#F58220\" stroke-width=\"1.26\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/><\/g><\/svg>\n                                                        <\/div>\n                                                        <div class=\"map-panel-container\">\n                                                            <div class=\"map-panel-top\">\n                                                                \n                                                                <div class=\"map-panel-top-header\">\n    \n                                                                    <ul class=\"nav-menu step-1\" style=\"display:none\">\n                                                                        <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                                                    <\/ul>\n    \n                                                                    <h2 class=\"map-panel-title\">All Tracked <br> Regulations<\/h2>\n                                                                    <div class=\"map-panel-close-btn\"><\/div>\n                                                                    <div class=\"map-panel-filter-item regulations\">\n                                                                        <div class=\"headline\">Regulations<\/div>\n                                                                        <div class=\"count-regulations\">38<\/div>\n                                                                    <\/div>\n    \n                                                                    <div class=\"map-panel-filter-item industries\">\n                                                                        <div class=\"headline\">Industries<\/div>\n                                                                        <ul>\n                                                                                                                                                                <li data-val=\"arms\/defense\">arms\/defense <span>1<\/span><\/li>\n                                                                                                                                                                        <li data-val=\"automotive\">automotive <span>1<\/span><\/li>\n                                                                                                                                                                        <li data-val=\"consumertransactions\">consumer transactions <span>1<\/span><\/li>\n                                                                                                                                                                        <li data-val=\"education\">education <span>2<\/span><\/li>\n                                                                                                                                                                        <li data-val=\"energy\">energy <span>1<\/span><\/li>\n                                                                                                                                                                        <li data-val=\"federalcontractors\"> federal contractors <span>3<\/span><\/li>\n                                                                                                                                                                        <li data-val=\"financialservices\"> financial services <span>7<\/span><\/li>\n                                                                                                                                                                        <li data-val=\"government\">government <span>10<\/span><\/li>\n                                                                                                                                                                        <li data-val=\"healthcare\">healthcare <span>3<\/span><\/li>\n                                                                                                                                                                        <li data-val=\"insurance\"> insurance <span>1<\/span><\/li>\n                                                                                                                                                                        <li data-val=\"manufacturing\">manufacturing <span>3<\/span><\/li>\n                                                                                                                                                        <\/ul>\n                                                                    <\/div>\n    \n                                                                    <div class=\"map-panel-filter-item locations\">\n                                                                        <div class=\"headline\">Locations<\/div>\n                                                                                                                                            <ul>\n                                                                                                                                                        <li data-val=\"international\">\n                                                                                    International <span><\/span>\n                                                                                <\/li>\n    \n                                                                                <li data-val=\"unitedstates\">United States <span><\/span><\/li>\n    \n                                                                                                                                                                    <li data-val=\"newyork\">\n                                                                                            New York  <span><\/span>\n                                                                                        <\/li>\n                                                                                                                                                                        <li data-val=\"california\">\n                                                                                            California  <span><\/span>\n                                                                                        <\/li>\n                                                                                                                                                                        <li data-val=\"alabama\">\n                                                                                            Alabama  <span><\/span>\n                                                                                        <\/li>\n                                                                                                                                                                        <li data-val=\"massachusetts\">\n                                                                                            massachusetts <span><\/span>\n                                                                                        <\/li>\n                                                                                                                                                                \n                                                                                <li data-val=\"canada\">Canada <span><\/span><\/li>\n    \n                                                                                <li data-val=\"europeanunion\">European Union <span><\/span><\/li>\n    \n                                                                                                                                                                    <li data-val=\"germany\">Germany <span><\/span><\/li>\n                                                                                    \n                                                                                <li data-val=\"unitedkingdom\">United Kingdom  <span><\/span><\/li>\n                                                                                                                                                <\/ul>\n                                                                    <\/div>\n                                                                    <\/div>\n    \n    \n                                                                    <div class=\"map-panel-filter-menu\">\n                                                                        <div class=\"mobile-filter-regulation\">\n                                                                            <div class=\"filter-btn\"><span><\/span><\/div>\n                                                                            Filter Regulations <b>(38)<\/b>\n                                                                            <span class=\"arrow\"><\/span>\n                                                                        <\/div>\n                                                                        <ul>\n                                                                            <li class=\"filter-by-name\"><span>Name<\/span><\/li>\n                                                                            <li class=\"filter-by filter-by-industry opened\">\n                                                                                <div class=\"filter-btn\"><span><\/span><\/div>\n                                                                                <span><p>Industry<\/p> \n                                                                                    <span class=\"count-selected\">\n                                                                                        <div>\n                                                                                            <span class=\"selected\"><\/span>\n                                                                                            <span class=\"x-selected\">\n                                                                                                <svg width=\"7\" height=\"6\" viewBox=\"0 0 7 6\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                                                                                    <path d=\"M6.39167 4.95878C6.62394 5.19106 6.62394 5.56734 6.39167 5.79962C6.27646 5.91575 6.12409 5.97336 5.97172 5.97336C5.81934 5.97336 5.66734 5.91529 5.55139 5.79915L3.59323 3.84201L1.63525 5.79869C1.51911 5.91575 1.36693 5.97336 1.21474 5.97336C1.06255 5.97336 0.910553 5.91575 0.794323 5.79869C0.562049 5.56641 0.562049 5.19013 0.794323 4.95785L2.75286 2.99932L0.794323 1.04171C0.562049 0.809437 0.562049 0.433152 0.794323 0.200878C1.0266 -0.0313962 1.40288 -0.0313962 1.63516 0.200878L3.59323 2.16034L5.55176 0.201807C5.78404 -0.030467 6.16032 -0.030467 6.3926 0.201807C6.62487 0.434081 6.62487 0.810365 6.3926 1.04264L4.43406 3.00118L6.39167 4.95878Z\" fill=\"black\"\/>\n                                                                                                <\/svg>\n                                                                                            <\/span>\n                                                                                        <\/div>\n                                                                                    <\/span>\n                                                                                <\/span>\n                                                                                <ul class=\"ul\">\n                                                                                    <li class=\"all-industries\">\n                                                                                        <div data-val=\"all\" class=\"selected\">\n                                                                                            <span><\/span>\n                                                                                            All Industries\n                                                                                        <\/div>\n                                                                                    <\/li>\n                                                                                                                                                                                                                                                            <li>\n                                                                                                <div data-val=\"arms\/defense\">\n                                                                                                    <span><\/span>\n                                                                                                    <p>arms\/defense<\/p>\n                                                                                                <\/div>\n                                                                                            <\/li>\n                                                                                                                                                                                                                                                                <li>\n                                                                                                <div data-val=\"automotive\">\n                                                                                                    <span><\/span>\n                                                                                                    <p>automotive<\/p>\n                                                                                                <\/div>\n                                                                                            <\/li>\n                                                                                                                                                                                                                                                                <li>\n                                                                                                <div data-val=\"consumertransactions\">\n                                                                                                    <span><\/span>\n                                                                                                    <p>consumer transactions<\/p>\n                                                                                                <\/div>\n                                                                                            <\/li>\n                                                                                                                                                                                                                                                                <li>\n                                                                                                <div data-val=\"education\">\n                                                                                                    <span><\/span>\n                                                                                                    <p>education<\/p>\n                                                                                                <\/div>\n                                                                                            <\/li>\n                                                                                                                                                                                                                                                                <li>\n                                                                                                <div data-val=\"energy\">\n                                                                                                    <span><\/span>\n                                                                                                    <p>energy<\/p>\n                                                                                                <\/div>\n                                                                                            <\/li>\n                                                                                                                                                                                                                                                                <li>\n                                                                                                <div data-val=\"federalcontractors\">\n                                                                                                    <span><\/span>\n                                                                                                    <p> federal contractors<\/p>\n                                                                                                <\/div>\n                                                                                            <\/li>\n                                                                                                                                                                                                                                                                <li>\n                                                                                                <div data-val=\"financialservices\">\n                                                                                                    <span><\/span>\n                                                                                                    <p> financial services<\/p>\n                                                                                                <\/div>\n                                                                                            <\/li>\n                                                                                                                                                                                                                                                                <li>\n                                                                                                <div data-val=\"government\">\n                                                                                                    <span><\/span>\n                                                                                                    <p>government<\/p>\n                                                                                                <\/div>\n                                                                                            <\/li>\n                                                                                                                                                                                                                                                                <li>\n                                                                                                <div data-val=\"healthcare\">\n                                                                                                    <span><\/span>\n                                                                                                    <p>healthcare<\/p>\n                                                                                                <\/div>\n                                                                                            <\/li>\n                                                                                                                                                                                                                                                                <li>\n                                                                                                <div data-val=\"insurance\">\n                                                                                                    <span><\/span>\n                                                                                                    <p> insurance<\/p>\n                                                                                                <\/div>\n                                                                                            <\/li>\n                                                                                                                                                                                                                                                                <li>\n                                                                                                <div data-val=\"manufacturing\">\n                                                                                                    <span><\/span>\n                                                                                                    <p>manufacturing<\/p>\n                                                                                                <\/div>\n                                                                                            <\/li>\n                                                                                                                                                                                                                                                        <li class=\"apply-filters\">Apply<\/li>\n                                                                                <\/ul>\n                                                                            <\/li>\n                                                                            <li class=\"filter-by filter-by-location opened\">\n                                                                                <div class=\"filter-btn\"><span><\/span><\/div>\n                                                                                <span><p>Location<\/p> \n                                                                                    <span class=\"count-selected\">\n                                                                                        <div>\n                                                                                            <span class=\"selected\"><\/span>\n                                                                                            <span class=\"x-selected\">\n                                                                                                <svg width=\"7\" height=\"6\" viewBox=\"0 0 7 6\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                                                                                    <path d=\"M6.39167 4.95878C6.62394 5.19106 6.62394 5.56734 6.39167 5.79962C6.27646 5.91575 6.12409 5.97336 5.97172 5.97336C5.81934 5.97336 5.66734 5.91529 5.55139 5.79915L3.59323 3.84201L1.63525 5.79869C1.51911 5.91575 1.36693 5.97336 1.21474 5.97336C1.06255 5.97336 0.910553 5.91575 0.794323 5.79869C0.562049 5.56641 0.562049 5.19013 0.794323 4.95785L2.75286 2.99932L0.794323 1.04171C0.562049 0.809437 0.562049 0.433152 0.794323 0.200878C1.0266 -0.0313962 1.40288 -0.0313962 1.63516 0.200878L3.59323 2.16034L5.55176 0.201807C5.78404 -0.030467 6.16032 -0.030467 6.3926 0.201807C6.62487 0.434081 6.62487 0.810365 6.3926 1.04264L4.43406 3.00118L6.39167 4.95878Z\" fill=\"black\"\/>\n                                                                                                <\/svg>\n                                                                                            <\/span>\n                                                                                        <\/div>\n                                                                                    <\/span>\n                                                                                <\/span>\n                                                                                                                                                            <ul class=\"ul\">\n                                                                                    <li class=\"all-locations\">\n                                                                                        <div data-val=\"all\" class=\"selected\">\n                                                                                            <span><\/span>\n                                                                                            All Locations\n                                                                                        <\/div>\n                                                                                    <\/li>\n    \n                                                                                                                                                                        <li>\n                                                                                            <div data-val=\"international\">\n                                                                                                <span><\/span>\n                                                                                                <p>International<\/p>\n                                                                                            <\/div>\n                                                                                        <\/li>\n    \n                                                                                        <li class=\"has-sub-menu\">\n                                                                                            <div data-val=\"unitedstates\">\n                                                                                                <span><\/span>\n                                                                                                <p>United States<\/p>\n                                                                                            <\/div>\n                                                                                            <ul class=\"sub-ul\">\n    \n                                                                                                                                                                                                    <li>\n                                                                                                            <div data-val=\"newyork\">\n                                                                                                                <span><\/span>\n                                                                                                                <p>New York <\/p>\n                                                                                                            <\/div>\n                                                                                                        <\/li>\n                                                                                                                                                                                                        <li>\n                                                                                                            <div data-val=\"california\">\n                                                                                                                <span><\/span>\n                                                                                                                <p>California <\/p>\n                                                                                                            <\/div>\n                                                                                                        <\/li>\n                                                                                                                                                                                                        <li>\n                                                                                                            <div data-val=\"alabama\">\n                                                                                                                <span><\/span>\n                                                                                                                <p>Alabama <\/p>\n                                                                                                            <\/div>\n                                                                                                        <\/li>\n                                                                                                                                                                                                        <li>\n                                                                                                            <div data-val=\"massachusetts\">\n                                                                                                                <span><\/span>\n                                                                                                                <p>massachusetts<\/p>\n                                                                                                            <\/div>\n                                                                                                        <\/li>\n                                                                                                    \n                                                                                            <\/ul>\n                                                                                        <\/li>\n                                                                                        \n                                                                                        <li>\n                                                                                            <div data-val=\"canada\">\n                                                                                                <span><\/span>\n                                                                                                <p>Canada<\/p>\n                                                                                            <\/div>\n                                                                                        <\/li>\n    \n                                                                                        <li class=\"has-sub-menu\">\n                                                                                            <div data-val=\"europeanunion\">\n                                                                                                <span><\/span>\n                                                                                                <p>European Union<\/p>\n                                                                                            <\/div>\n                                                                                            <ul class=\"sub-ul\">\n    \n                                                                                                                                                                                                    <li>\n                                                                                                            <div data-val=\"germany\">\n                                                                                                                <span><\/span>\n                                                                                                                <p>Germany<\/p>\n                                                                                                            <\/div>\n                                                                                                        <\/li>\n                                                                                                    \n                                                                                            <\/ul>\n                                                                                        <\/li>\n    \n                                                                                        <li>\n                                                                                            <div data-val=\"unitedkingdom\">\n                                                                                                <span><\/span>\n                                                                                                <p>United Kingdom <\/p>\n                                                                                            <\/div>\n                                                                                        <\/li>\n    \n                                                                                        <li class=\"apply-filters\">Apply<\/li>\n                                                                                                                                                                    \n                                                                                <\/ul>\n                                                                            <\/li>\n                                                                            <li class=\"filter-by filter-by-search\">\n    \n                                                                                <div class=\"open-search\">\n                                                                                    <svg width=\"15\" height=\"15\" viewBox=\"0 0 15 15\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                                                                        <path d=\"M14.6572 12.9976L11.1504 9.49117C11.9479 8.3074 12.3413 6.82836 12.1307 5.25236C11.7715 2.57169 9.57422 0.390183 6.89062 0.050463C2.90066 -0.454356 -0.45443 2.90036 0.0504741 6.88988C0.390319 9.57436 2.57236 11.7731 5.25362 12.1305C6.8298 12.3411 8.30929 11.9479 9.49289 11.1504L12.9997 14.6568C13.4574 15.1144 14.1995 15.1144 14.6571 14.6568C15.1143 14.1987 15.1143 13.4546 14.6572 12.9976ZM2.31736 6.09309C2.31736 4.02554 3.99959 2.34349 6.06737 2.34349C8.13515 2.34349 9.81739 4.02554 9.81739 6.09309C9.81739 8.16064 8.13515 9.84269 6.06737 9.84269C3.99959 9.84269 2.31736 8.16123 2.31736 6.09309Z\" fill=\"white\"\/>\n                                                                                    <\/svg>                                                                        \n                                                                                <\/div>\n    \n                                                                                <div class=\"search-container\">\n                                                                                    <input class=\"search-list\" type=\"text\" placeholder=\"Filter Regulations by Name...\" \/>\n                                                                                <\/div>\n    \n                                                                                <div class=\"close-search\">\n                                                                                    <svg width=\"12\" height=\"12\" viewBox=\"0 0 12 12\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\">\n                                                                                        <path d=\"M11.6466 9.95266C12.1153 10.4214 12.1153 11.1807 11.6466 11.6494C11.4141 11.8838 11.1066 12 10.7992 12C10.4917 12 10.185 11.8828 9.95097 11.6485L5.99953 7.69909L2.04847 11.6475C1.81411 11.8838 1.50701 12 1.19991 12C0.892805 12 0.586079 11.8838 0.351535 11.6475C-0.117178 11.1788 -0.117178 10.4195 0.351535 9.95078L4.30373 5.99859L0.351535 2.04828C-0.117178 1.57956 -0.117178 0.820248 0.351535 0.351535C0.820248 -0.117178 1.57956 -0.117178 2.04828 0.351535L5.99953 4.3056L9.95172 0.35341C10.4204 -0.115303 11.1798 -0.115303 11.6485 0.35341C12.1172 0.822123 12.1172 1.58144 11.6485 2.05015L7.69627 6.00234L11.6466 9.95266Z\" fill=\"#F9FAFB\"\/>\n                                                                                    <\/svg>\n                                                                                <\/div>\n    \n                                                                            <\/li>\n                                                                        <\/ul>\n                                                                    <\/div>\n                                                                <\/div><!-- \/. map-panel-top-header -->\n    \n                                                                <div class=\"map-panel-filter-list\">\n                                                                    \n                                                                    <div \n        data-industry=\"financial services, insurance\"\n        data-location=\"newyork\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">23 NYCRR Part 500<\/span>       \n            <div class=\"s-text search-text\">The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR 500)<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Financial Services<\/span>,<span> Insurance<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>New York - US<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"newyork\">New York - US<\/a><\/li>\n                    <li>23 NYCRR Part 500<\/li>\n                <\/ul>\n    \n                <span>23 NYCRR Part 500<\/span>       \n                <h4>The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR 500)<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>New York - US<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"financialservices\">Financial Services<\/li>\n                                                                        <li data-val=\"insurance\"> Insurance<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            11                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>23 NYCRR Part 500 At a Glance<\/h5>\n                                            <p>\n                                The intention of the New York State Department of Financial Services (23 NYCRR 500) is to establish minimum regulatory standards to promote the protection of customer information, as well as protect the information technology systems of regulated entities.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>23 NYCRR PART 500 REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>Section 500.02: Cybersecurity Program                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Section 500.05: Penetration Testing and Vulnerability Assessments                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Section 500.06: Audit Trail                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Section 500.07: Access Privileges                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Section 500.09: Risk Assessment                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Section 500.10: Cybersecurity Personnel and Intelligence                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span>Section 500.11: Third-Party Service Provider Security Policy                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">8<\/span>Section 500.13: Limitations on Data Retention                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">9<\/span>Section 500.14: Training and Monitoring                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">10<\/span>Section 500.15: Encryption of Nonpublic Information                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">11<\/span>Section 500.16: Incident Response Plan                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Provide incident response plans that include responding to cyberthreats and data breaches                            <\/li>\n                                                        <li>\n                                    Audit trails designed to record and respond to cyber attacks                            <\/li>\n                                                        <li>\n                                    Create reports covering the risks faced, all material events, and the impact on protected data                            <\/li>\n                                                        <li>\n                                    Conduct risk Assessments to identify and document security deficiencies and remediation plans                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/23-nycrr-500-why-its-important\">23 NYCRR 500: Why It's Important for Your Organization<\/a><\/li>\n                            \n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/briefs-2\/simplifies-compliance-for-ny-dfs-cybersecurity-requirements-23-nycrr-500\">Simplify Compliance for NY DFS Cybersecurity Requirements (23 NYCRR 500)<\/a><\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><!-- <div \n        data-industry=\"all\"\n        data-location=\"alabama\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">Alabama Data Breach Notification Act of 2018 (S.B. 318)<\/span>       \n            <div class=\"s-text search-text\">Alabama Data Breach Notification Act of 2018 (S.B. 318)<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>Alabama - US<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"alabama\">Alabama - US<\/a><\/li>\n                    <li>Alabama Data Breach Notification Act of 2018 (S.B. 318)<\/li>\n                <\/ul>\n    \n                <span>Alabama Data Breach Notification Act of 2018 (S.B. 318)<\/span>       \n                <h4>Alabama Data Breach Notification Act of 2018 (S.B. 318)<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>Alabama - US<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            3                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>Alabama Data Breach Notification Act of 2018 (S.B. 318) At a Glance<\/h5>\n                                            <p>\n                                Requires entities to provide notice to certain persons upon a breach of security that results in the unauthorized acquisition of sensitive personally identifying information.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>ALABAMA DATA BREACH NOTIFICATION (S.B. 318) REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span> Third-party agents are required to notify the covered entity within 10 days of discovery of a breach of security.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span> Notification is not required if, after a prompt investigation in good faith, it is determined that the breach of security is not reasonably likely to cause substantial harm to the individuals to whom the information relates.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span> Must provide a copy of the notice to the Attorney General when the number of individuals the entity notified exceeds 1,000.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Arctic Wolf MDR can help rapidly identify a security incident, and provide evidence on the scope and impact of the incident.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/guides\/cybersecurity-compliance-guide#main-content\">Cybersecurity Compliance Guide<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div>--><!--<div \n        data-industry=\"financial services\"\n        data-location=\"international\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">Basel III<\/span>       \n            <div class=\"s-text search-text\">Basel III IT Operational Controls<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Financial Services<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>International<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"international\">International<\/a><\/li>\n                    <li>Basel III<\/li>\n                <\/ul>\n    \n                <span>Basel III<\/span>       \n                <h4>Basel III IT Operational Controls<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>International<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"financialservices\">Financial Services<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            1                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>Basel III At a Glance<\/h5>\n                                            <p>\n                                The Basel Committee on Banking Supervision (BCBS) is an international supervisory authority that maintains several standards and voluntary frameworks for financial institutions. Basel III (and Standard 239), in particular, affects IT infrastructure and operations, as it includes principles related to data architecture and IT infrastructure, as well as accuracy and integrity of risk data.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>BASEL III REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>To comply with the BCBS effective risk data aggregation and risk reporting principles, financial institutions must have a robust and resilient IT infrastructure that supports risk aggregation capabilities and risk reporting practices both in normal times and in times of stress or crisis.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Detect and respond to security incidents                            <\/li>\n                                                        <li>\n                                    Deliver concierge guidance on an organization's security journey                            <\/li>\n                                                        <li>\n                                    Provide evidence, artifacts and reporting on security controls and practices for audit and review                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/guides\/cybersecurity-compliance-guide#main-content\">Cybersecurity Compliance Guide<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div>--><div \n        data-industry=\"all\"\n        data-location=\"california\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">CCPA<\/span>       \n            <div class=\"s-text search-text\">California Consumer Privacy Act<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>California - US<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"california\">California - US<\/a><\/li>\n                    <li>CCPA<\/li>\n                <\/ul>\n    \n                <span>CCPA<\/span>       \n                <h4>California Consumer Privacy Act<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>California - US<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            3                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>CCPA At a Glance<\/h5>\n                                            <p>\n                                The California Consumer Privacy Act (CCPA), effective Jan. 1, 2020, is the first-of-its-kind consumer privacy legislation in the United States. It gives consumers the ability to request, free of charge, information about what businesses collect about them. This includes what sources are collecting information, and for what purpose. They can also request to opt out from having their data sold, and\/or request that their data be deleted. The California Attorney General enforces the law, which includes provisions for civil litigation and penalties.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>CCPA REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>The CCPA applies to any business that sells products and services to Californians\u2014and even displaying a website could count as advertising in the state. The law, however, exempts entities that have $25 million or less in revenues, collect data on fewer than 50,000 consumers, and derive less than half of their revenues from selling consumer data.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>AB 375 is light on requirements around security and breach response when compared to the GDPR. Businesses are not required to report breaches under AB 375, and consumers must file complaints before fines are possible. The law does define penalties for companies that expose consumer data due to a breach or security lapse.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Businesses should know what data AB 375 defines as private data and take steps to secrure it. Any organization that complies with the GDPR likely does not need to take further action to comply with AB 375 in terms of securing data.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Detect and respond to security incidents                            <\/li>\n                                                        <li>\n                                    Deliver concierge guidance on an organization's security journey                            <\/li>\n                                                        <li>\n                                    Provide evidence, artifacts and reporting on security controls and practices for audit and review                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/guides\/cybersecurity-compliance-guide#main-content\">Cybersecurity Compliance Guide<\/a><\/li>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/ccpa-privacy-laws\/\">California Consumer Privacy Act (CCPA): What You Need to Know<\/a><\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"all\"\n        data-location=\"international\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">CERT RMM<\/span>       \n            <div class=\"s-text search-text\">CERT Resilience Management Model<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>International<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"international\">International<\/a><\/li>\n                    <li>CERT RMM<\/li>\n                <\/ul>\n    \n                <span>CERT RMM<\/span>       \n                <h4>CERT Resilience Management Model<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>International<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            6                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>CERT RMM At a Glance<\/h5>\n                                            <p>\n                                CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help organizations actively direct, control, and manage operational resilience and risk.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>CERT-RMM REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>The Asset Definition and Management process area has three specific goals: to inventory assets, associate the assets with services, and manage the assets. To meet these goals, the organization must engage in the following practices:                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span> Establish a means to identify and document assets.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span> Establish ownership and custodianship for the assets.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span> Link assets to the services they support.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span> Establish resilience requirements (including those for protecting and sustaining) fo rassets and associated services. (This is addressed in the Resilience Requirements Definition and Resilience Requirements Management process areas.)                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span> Provide change management processes for assets as they change and as the inventory of assets changes.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Arctic Wolf Managed Risk helps identify and audit assets, and supports certain change management activities.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/guides\/cybersecurity-compliance-guide#main-content\">Cybersecurity Compliance Guide<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"all\"\n        data-location=\"international unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">CIS<\/span>       \n            <div class=\"s-text search-text\">Center for Internet Security - Critical Security Controls<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>International<\/span>,<span> United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"international,unitedstates\">International, United States<\/a><\/li>\n                    <li>CIS Controls<\/li>\n                <\/ul>\n    \n                <span>CIS Controls<\/span>       \n                <h4>Center for Internet Security - Critical Security Controls<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>International<\/li>\n                                                                        <li> United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            18                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>CIS At a Glance<\/h5>\n                                            <p>\n                                The CIS (Center for Internet Security) Controls supplement almost every other security framework\u2014including NIST, ISO 27001, PCI, and HIPAA\u2014and are a useful baseline to develop or assess a security program.                        <\/p>\n                                                <p>\n                                Version 8.0 combines and consolidates the CIS Controls by activities, rather than by who manages the devices, which has resulted in a decrease of the number of controls from 20 to 18 on May 18, 2021. The CIS Controls are also now task-focused and contain 153 \u201csafeguards\u201d\u2014formerly known as \u201csub-controls.\u201d                        <\/p>\n                                <p>The latest version, CIS Control 8.1, was released on June 25, 2024. It realigned its security function mappings to better match NIST CSF 2.0, ensuring a more cohesive and updated approach to securing mobile devices and aligning with the latest NIST cybersecurity framework. This adjustment strengthens the integration of mobile device management practices with broader organizational security strategies. <\/p>\n                                                <!--<p>\n                                                                <a href=\"https:\/\/arcticwolf.com\/resources\/blog\/unpacking-significant-changes-in-latest-version-cis-critical-security-controls\">Learn more about the latest updates here. <\/a>\n                                                        <\/p>-->\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>CIS CONTROLS REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>Inventory and Control of Enterprise Assets                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Inventory and Control of Software Assets                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Data Protection                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Secure Configuration of Enterprise Assets and Software                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Account Management                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Access Control Management                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span>Continuous Vulnerability Management                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">8<\/span>Audit Log Management                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">9<\/span>Email and Web Browser Protections                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">10<\/span>Malware Defenses                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">11<\/span>Data Recovery                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">12<\/span>Network Infrastructure Management                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">13<\/span>Network Monitoring and Defense                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">14<\/span>Security Awareness and Skills Training                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">15<\/span>Service Provider Management                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">16<\/span>Application Software Security                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">17<\/span>Incident Response Management                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">18<\/span>Penetration Testing                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Deliver 24\u00d77, 365 scanning of your entire IT environment for threats and vulnerabilities.                            <\/li>\n                                                        <li>\n                                    Provide priority context to the criticality of vulnerabilities found within the organization\u2019s networks and endpoints.                            <\/li>\n                                                        <li>\n                                    Prevent unnecessary access to critical systems and infrastructure.                            <\/li>\n                                                        <li>\n                                    Provide a way to better understand the configuration settings of your servers and workstations\u2014preventing vulnerable services and settings from being exploited.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/white-papers\/address-the-top-cis-critical-security-controls-with-arctic-wolf\">The Top 18 CIS Critical Security Controls<\/a><\/li>\n                            \n                                                        <!--<li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/unpacking-significant-changes-in-latest-version-cis-critical-security-controls\">CIS Critical Security Controls: Unpacking the Significant Changes in the Latest Version<\/a><\/li> -->\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"government\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">CJIS<\/span>       \n            <div class=\"s-text search-text\">Criminal Justice Information Services<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Government<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>CJIS<\/li>\n                <\/ul>\n    \n                <span>CJIS<\/span>       \n                <h4>Criminal Justice Information Services<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"government\">Government<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            14                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>CJIS At a Glance<\/h5>\n                                            <p>\n                                Criminal Justice Information Services (CJIS) released a security policy that outlines 13 policy areas all government agencies should follow to stay compliant and protected from hackers with malintent.                        <\/p>\n                                                <p>\n                                Government entities that access or manage sensitive information from the US Justice Department need to ensure that their processes and systems comply with CJIS policies for wireless networking, data encryption, and remote access\u2014especially since phishing, malware, and hacked VPNs or credentials are the most common attack vectors used to hack into government networks. The CJIS compliance requirements help proactively defend against these attack methods and protect national security (and citizens) from cyber threats.                         <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>CJIS REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>The CJIS Security Policy document\u2013a hefty 230-page read\u2013defines implementation requirements and standards for the following 13 security policy areas:                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Information exchange agreements                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Security awareness training                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Incident Response                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Auditing and accountability                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Access control                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span>Identification and authentication                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">8<\/span>Configuration management                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">9<\/span>Media protection                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">10<\/span>Physical protection                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">11<\/span>Systems and communications protection and information integrity                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">12<\/span>Formal audits                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">13<\/span>Personnel security                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">14<\/span>Mobile audits                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Monitor and provide evidence and artifacts for access control, identificationn and authentication, etc.                            <\/li>\n                                                        <li>\n                                    Support incident response activities                            <\/li>\n                                                        <li>\n                                    Provide standard and custom reporting for audit and review                            <\/li>\n                                                        <li>\n                                    Deliver managed security awareness training                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/www.fbi.gov\/services\/cjis\">Criminal Justice Information Services (CJIS) Information<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"manufacturing, government\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">CMMC<\/span>       \n            <div class=\"s-text search-text\">Cybersecurity Maturity Model Certification<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Manufacturing<\/span>,<span> Government<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>CMMC<\/li>\n                <\/ul>\n    \n                <span>CMMC<\/span>       \n                <h4>Cybersecurity Maturity Model Certification<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"manufacturing\">Manufacturing<\/li>\n                                                                        <li data-val=\"government\"> Government<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            5                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>CMMC At a Glance<\/h5>\n                                            <p>\n                                The Cybersecurity Maturity Model Certification (CMMC) is designed to maintain the security of Controlled Unclassified Information (CUI) stored on networks of DoD contractors.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>CMMC REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>Level 1 Performed: Basic Cyber Hygiene                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Level 2 Documented: Immediate Cyber Hygiene                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Level 3 Managed: Good Cyber Hygiene                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Level 4 Reviewed: Proactive Cyber Hygiene                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Level 5 Optimizing: Advanced \/ Progressive Cyber Hygiene                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Third-party compliance analyst firm Coalfire found that Arctic Wolf can assist with 84% of CMMC 1.0 controls.                            <\/li>\n                                                        <li>\n                                    Hold third party audited SOC II Type 2 and ISO 27001-2013 certifications.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/how-arctic-wolf-helps-with-cmmc-certification\">How Arctic Wolf Helps with CMMC Certification<\/a><\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"all\"\n        data-location=\"unitedkingdom\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">Cyber Essentials Certification<\/span>       \n            <div class=\"s-text search-text\">Cyber Essentials<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United Kingdom <\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedkingdom\">United Kingdom <\/a><\/li>\n                    <li>Cyber Essentials Certification<\/li>\n                <\/ul>\n    \n                <span>Cyber Essentials Certification<\/span>       \n                <h4>Cyber Essentials<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United Kingdom <\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            6                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>Cyber Essentials Certification At a Glance<\/h5>\n                                            <p>\n                                The Cyber Essentials certification is a UK government-backed framework supported by the NCSC (National Cyber Security Centre). It sets out five basic security controls that can protect organizations against 80% of common cyber attacks.                        <\/p>\n                                                <p>\n                                The certification is designed to help organizations of any size demonstrate their commitment to cyber security\u2013while keeping the approach simple and the costs low.                        <\/p>\n                                                <p>\n                                The Cyber Essentials certification process is managed by the IASME Consortium (IASME), which licenses certification bodies to carry out Cyber Essentials and Cyber Essentials Plus certifications.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>CYBER ESSENTIALS REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>It sets out five basic security controls that can protect organisations against 80% of common cyber attacks.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Firewalls & routers                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Software updates                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Malware protection                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Access control                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Secure configuration                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Detect and respond to malware and other cybersecurity incidents                            <\/li>\n                                                        <li>\n                                    Provide monitoring, evidence, and artifacts related to access control and network infrastructure                            <\/li>\n                                                        <li>\n                                    Deliver visibility, benchmarking, reporting and guidance on configurations and vulnerabilities                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/www.ncsc.gov.uk\/cyberessentials\/overview\">The National Cyber Security Centre<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div>\n    \n    <div \n        data-industry=\"government, manufacturing\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">DFARS<\/span>       \n            <div class=\"s-text search-text\">Federal Acquisition Regulation: Defense Federal Acquisition Regulation Supplement<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Government<\/span>,<span> Manufacturing<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>DFARS<\/li>\n                <\/ul>\n    \n                <span>DFARS<\/span>       \n                <h4>Federal Acquisition Regulation: Defense Federal Acquisition Regulation Supplement<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"government\">Government<\/li>\n                                                                        <li data-val=\"manufacturing\"> Manufacturing<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            8                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>DFARS At a Glance<\/h5>\n                                            <p>\n                                A supplement to the Federal Acquisition Regulation (FAR), the Defense Federal Acquisition Regulation Supplement (DFARS) has been a requirement since Dec. 31, 2017, requiring all Department of Defense (DoD) contractors and subcontractors that store or process Controlled Unclassified Information (CUI) to comply with the minimum security standards outlined in the DFARS. Failure to adhere to DFARS requirements may result in termination of existing DoD contracts.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>DFARS REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>There are 110 granular requirements contained within the 14 main sections, and DoD contractors must comply with all of them. We\u2019ve narrowed the broader sections down to seven of the most infosec-oriented categories, and the specific requirements down to 13. These are the ones that DoD contractors will likely need the most help to manage:                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Section 3.1 - Access Control: Granting or denying permissions to access and\/or use information.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Section 3.3 - Audit and Accountability: Tracking, reviewing, and examining adherence to system requirements.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Section 3.5 - Identification and Authentication: Managing user identities and adequately authenticating those identities for use with information\/processes.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Section 3.6 - Incident Response: Establishing well-tested incident-handling processes (e.g., threat detection, analysis, response, recovery) for organization information systems.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Section 3.11 - Risk Assessment: Periodically assessing risks to information systems and data to effectively track and manage organizational risk.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span>Section 3.13 - System and Communication Protection: Monitoring, controling, and protecting all organizational communications.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">8<\/span>Section 3.14 - System and Information Integrity: Monitoring all information and communication systems for indicators of threatening traffic and\/or activity.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Creation, Protection, retention, and review of system logs.                            <\/li>\n                                                        <li>\n                                    Develop operations to prepare for, detect, analyze, contain, recover from, and respond to incidents.                            <\/li>\n                                                        <li>\n                                    Assess the operations risk associated with processing, storage, and transmission of CUI.                            <\/li>\n                                                        <li>\n                                    Monitor, assess, and correct deficiencies and reduce or eliminate vulnerabilities in organizational information systems.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/www.acquisition.gov\/dfars\">Defense Federal Acquisition Regulation Supplement<\/a><\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div>\n    \n    <!--- DORA -->\n    <div \n        data-industry=\"financialservices\"\n        data-location=\"europeanunion\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">DORA  <\/span>       \n            <div class=\"s-text search-text\">Digital Operational Resilience Act<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Financial Services<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>European Union<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>DORA  <\/li>\n                <\/ul>\n    \n                <span>DORA  <\/span>       \n                <h4>Digital Operational Resilience Act<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>European Union<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"financialservices\">Financial Services<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            5                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>DORA At a Glance<\/h5>\n                                            <p>\n                                                The Digital Operational Resilience Act, officially Regulation 2022\/2554 is a European Union regulation. It requires financial entities to improve their digital operational resilience.<\/p>\n                                                    <\/div>            \n                \n                \n                        \n        \n        <div class=\"content-list requirements\">\n            <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n            <div class=\"list\">\n                                            <h4>DORA REQUIREMENTS<\/h4>\n                    \n                    <ul>\n                                                        <li>\n                                <span class=\"no-count\">1<\/span>ICT Risk Management<\/li>\n                                                        <li>\n                                <span class=\"no-count\">2<\/span>ICT-related Incident Clasification & Reporting<\/li>\n                                                        <li>\n                                <span class=\"no-count\">3<\/span>Digital OR Testing<\/li>\n                                                        <li>\n                                <span class=\"no-count\">4<\/span>Information Sharing<\/li>\n                                                        <li>\n                                <span class=\"no-count\">5<\/span>Governance and Accountability: NIS2 places greater emphasis on the role of management in overseeing cybersecurity.<\/li>\n                                                                   <\/ul>\n                                <\/div>\n        <\/div>\n    \n        <div class=\"content-list help\">\n            <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n            <div class=\"list\">\n                <ul>\n                                                <li>In addition to our industry-leading Security Operations Platform, Arctic Wolf invented the Concierge Delivery Model, which pairs a team of our security operations experts directly with your IT or security staff.  No matter where you are on your security journey, from working toward aligning with the DORA standards to maturing your security posture over time, and beyond, we\u2019re here to offer personalised support over the long term.<\/li>\n                                        <\/ul>\n            <\/div>\n        <\/div>\n        \n            <div class=\"content-list resources\">\n                <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                <div class=\"list\">\n                    <ul>\n                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog-uk\/understanding-and-implementing-the-digital-operational-resilience-act-dora\/\">Understanding and Implementing the Digital Operational Resilience Act (DORA)<\/a><\/li>\n                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resource\/aw-uk\/emea-dora-compliance-guide\">EMEA DORA Compliance Guide<\/a><\/li>\n                    <\/ul>\n                <\/div>\n            <\/div>\n    <\/div>\n    <\/div><\/div>\n    <!-- end DORA -->\n    \n    <!-- <div \n        data-industry=\"government\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">FAR  <\/span>       \n            <div class=\"s-text search-text\">Federal Acquisition Regulation<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Government<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>FAR  <\/li>\n                <\/ul>\n    \n                <span>FAR  <\/span>       \n                <h4>Federal Acquisition Regulation<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"government\">Government<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            0                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>FAR   At a Glance<\/h5>\n                                            <p>\n                                The Federal Acquisition Regulation (FAR) is a set of regulations that establishes the rules that the Government has to follow to acquire goods and services with procurement contracts.                         <\/p>\n                                                <p>\n                                Notably, FAR 52.204-21\u2014a clause within FAR and its supplement, DFARS\u2014call out specific cybersecurity regulations applying to federal contractors.                          <\/p>\n                                                    <\/div>            \n                \n                \n                        <\/div>\n        <\/div>\n    <\/div> --><div \n        data-industry=\"government, manufacturing\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">FAR 52.204-21<\/span>       \n            <div class=\"s-text search-text\">Federal Acquisition Regulation: Basic Safeguarding of Covered Contractor Information Systems<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Government<\/span>,<span> Manufacturing<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>FAR 52.204-21<\/li>\n                <\/ul>\n    \n                <span>FAR 52.204-21<\/span>       \n                <h4>Federal Acquisition Regulation: Basic Safeguarding of Covered Contractor Information Systems<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"government\">Government<\/li>\n                                                                        <li data-val=\"manufacturing\"> Manufacturing<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            15                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>FAR 52.204-21 At a Glance<\/h5>\n                                            <p>\n                                The Federal Acquisition Regulation (FAR) is a set of regulations that establishes the rules that the Government has to follow to acquire goods and services with procurement contracts.                         <\/p>\n                                                <p>\n                                FAR 52.204-21, \u201cBasic Safeguarding of Covered Contractor Information Systems,\u201d is a contract clause to the Federal Acquisition Regulation (FAR) that applies to all federal contracts, not just those with the Department of Defense. It lays out a set of 15 cybersecurity controls for safeguarding contractor information systems that store, process or transmit federal contract information.                        <\/p>\n                                                <p>\n                                This clause also corresponds to Cybersecurity Maturity Model Certification (CMMC) Level 1.                         <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>FAR 52.204-21 REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>Limit information system access to authorized users.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Limit information systems to the types of transactions and functions that authorized users are permitted to execute.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Verify and control\/limit connections to and use of external information systems.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Control information posted or processed on publicly accessible information systems.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Identify information system users, processes acting on behalf of users, or devices.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Verify the identities of those users, processes, or devices as a prerequisite to allowing access to organization information systems.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span>Sanitize or destroy information system media containing federal contract information before disposal or release for reuse.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">8<\/span>Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">9<\/span>Escort visitors and monitor visitor activity; maintain audit logs of physical access; control and manage physical access devices.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">10<\/span>Monitor, control, and protect organizational communications.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">11<\/span>Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">12<\/span>Identify, report, and correct information and information system flaws in a timely manner.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">13<\/span>Provide protection from malicious code at appropriate locations within organizational information systems.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">14<\/span>Update malicious code protection mechanisms when new releases become available.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">15<\/span>Perform periodic scans of the information system and real-time scans of files from external sources.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Creation, Protection, retention, and review of system logs.                            <\/li>\n                                                        <li>\n                                    Develop operations to prepare for, detect, analyze, contain, recover from, and respond to incidents.                            <\/li>\n                                                        <li>\n                                    Assess the operations risk associated with processing, storage, and transmission of CUI.                            <\/li>\n                                                        <li>\n                                    Monitor, assess, and correct deficiencies and reduce or eliminate vulnerabilities in organizational information systems.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/www.acquisition.gov\/far\/52.204-21\">52.204-21 Basic Safeguarding of Covered Contractor Information Systems<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"education\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">FERPA<\/span>       \n            <div class=\"s-text search-text\">Family Educational Rights and Privacy Act (FERPA)<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Education<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>FERPA<\/li>\n                <\/ul>\n    \n                <span>FERPA<\/span>       \n                <h4>Family Educational Rights and Privacy Act (FERPA)<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"education\">Education<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            3                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>FERPA At a Glance<\/h5>\n                                            <p>\n                                FERPA gives parents of students under 18 specific rights with regards to student records, and those rights transfer to the students when they reach age 18.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>FERPA REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>Inspect the student records maintained by the institution                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Request the correction of records that they believe are inaccurate                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Provide written permission for the records to be disclosed                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Perform continuous vulnerability scanning of internal and external networks, and endpoints                             <\/li>\n                                                        <li>\n                                    Identify and prioritize vulnerabilities based on threat exposure, assets, and severity                            <\/li>\n                                                        <li>\n                                    Audit system access, authentication, and other security controls to detect policy violations                            <\/li>\n                                                        <li>\n                                    Detect and scan new devices as they enter the network                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/guides\/cybersecurity-compliance-guide#main-content\">Cybersecurity Compliance Guide<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"financial services\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">FFIEC<\/span>       \n            <div class=\"s-text search-text\">Federal Financial Institutions Examination Council<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Financial Services<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>FFIEC<\/li>\n                <\/ul>\n    \n                <span>FFIEC<\/span>       \n                <h4>Federal Financial Institutions Examination Council<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"financialservices\">Financial Services<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            6                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>FFIEC At a Glance<\/h5>\n                                            <p>\n                                The Federal Financial Institutions Examination Council (FFIEC) is the inter-agency body of the United States government empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions. FFIEC guidance applies to federally supervised financial institutions.                         <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>FFIEC REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>Objectives include identifying the institution\u2019s inherent risk profile and determining the organization\u2019s maturity level.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Domain 1 Cyber Risk Management and Oversight                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Domain 2 Threat Intelligence and Collaboration                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Domain 3 Cybersecurity Controls                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Domain 4 External Dependency Management                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Domain 5 Cyber Incident Management and Resilience                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Deliver Risk management and managed threat detection and response delivered from security experts                            <\/li>\n                                                        <li>\n                                    Provide dedicated security expertise for your IT team                            <\/li>\n                                                        <li>\n                                    Offer 24\u00d77 continuous cybersecurity monitoring and vulnerability assessment                            <\/li>\n                                                        <li>\n                                    For more information in every domain, control objective, and control activity, check out the full summary of FFIEC-NCUA Compliance.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/white-papers\/arctic-wolf-platform-for-ffiec-information-security\">Arctic Wolf Platform for FFIEC Information Security<\/a><\/li>\n                            \n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/how-arctic-wolf-improves-security-for-financial-institutions\">How Arctic Wolf Improves Security for Financial Institutions<\/a><\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"government\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">FISMA 2014<\/span>       \n            <div class=\"s-text search-text\">Federal Information Security Modernization Act of 2014<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Government<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>FISMA 2014<\/li>\n                <\/ul>\n    \n                <span>FISMA 2014<\/span>       \n                <h4>Federal Information Security Modernization Act of 2014<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"government\">Government<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            8                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>FISMA 2014 At a Glance<\/h5>\n                                            <p>\n                                The Federal Information Security Modernization Act of 2014 (FISMA 2014) codifies the Department of Homeland Security\u2019s role in administering the implementation of information security policies for federal executive branch civilian agencies, overseeing agency compliance with those policies, and assisting the Office of Management and Budget (OMB) in developing those policies.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>FISMA REQUIREMENTS <\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>NIST develops the standards and guidelines for FISMA compliance using a risk-based approach. It uses a framework that includes seven core steps, some of which map to specific NIST Special Publications (SPs):                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Prepare Conducting the essential activities to help prepare for risk management under the framework.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Categorize Classifying the information and systems that must be protected                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Select Establishing the baseline controls for protecting the categorized systems and data.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Implement Deploying the appropriate controls and documenting them.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Assess Determining if controls are working correctly and leading to desired outcomes.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span>Authorize Authorizing the operation of the system based on the risk determination.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">8<\/span>Monitor Continuously monitoring and assessing the security controls for effectiveness.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Monitor access and account changes to in-scope applications in the cloud                            <\/li>\n                                                        <li>\n                                    Monitor for application configuration changes                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/guides\/cybersecurity-compliance-guide#main-content\">Cybersecurity Compliance Guide<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"automotive, financial services\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">FTC Safeguards Rule<\/span>       \n            <div class=\"s-text search-text\">Federal Trade Commission\u2019s Standards for Safeguarding Customer Information<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Automotive<\/span>,<span> Financial Services<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>FTC Safeguards Rule<\/li>\n                <\/ul>\n    \n                <span>FTC Safeguards Rule<\/span>       \n                <h4>Federal Trade Commission\u2019s Standards for Safeguarding Customer Information<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"automotive\">Automotive<\/li>\n                                                                        <li data-val=\"financialservices\"> Financial Services<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            9                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>FTC Safeguards Rule At a Glance<\/h5>\n                                            <p>\n                                The FTC Safeguards rule applies to a wide range of businesses that provide any type of financial services to customers and aren't regulated by other agencies under GLBA\u2014including such organizations as auto dealerships, retailers that offer credit cards, and more.                        <\/p>\n                                                <p>\n                                The Safeguards rule requires these businesses to develop, implement, and maintain an information security program to protect customer information.                         <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>The revised Safeguards rule has 9 key components:<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>Organizations must designate a \u2018qualified individual\u2019 who will serve as the overseer of their cybersecurity program and provide written reports to a governing board                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>They will need to conduct regular risk assessments of both their own security systems and the security systems of their vendors to ensure that all customer and client data is kept encrypted                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>They must implement safeguards to control the risks identified, such as identity and access management, encryption, and multi-factor authentication                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>They must test and monitor effectiveness of key controls, through practices such as continuous monitoring and vulnerability assessments                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>They must ensure that all employees are provided with security awareness training, updated as necessary to reflect risks                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>They must require their own service providers to maintain appropriate safeguards, through selection, contract requirements, and assessments                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span>They must continue to adjust their security program based on the results of their monitoring and any changes to the busines                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">8<\/span>They must establish a written incident response plan, outlining roles, responsibilities, and remediation actions taken in the event of an incident                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">9<\/span>Finally, the qualified individual must report, in writing, on the overall status of the security program                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Arctic Wolf's security operations solutions will streamline many of the activities required under the safeguards rule                            <\/li>\n                                                        <li>\n                                    Arctic Wolf MDR provides monitoring of key security controls, including access controls, system inventory, multi-factor authentication, and more                            <\/li>\n                                                        <li>\n                                    Arctic Wolf Managed Risk provides regular vulnerability assessments                            <\/li>\n                                                        <li>\n                                    Arctic Wolf Managed Awareness provides security awareness training to employees                            <\/li>\n                                                        <li>\n                                    Arctic Wolf MDR and Tetra can play a key role in an incident response plan                            <\/li>\n                                                        <li>\n                                    Reporting and guidance from the Concierge Security Team can support the risk assessment, and the qualified individual in managing the overall information security program                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/car-dealerships-dealers-must-bolster-data-security-under-new-ftc-rule\/\">Car Dealerships: Dealers Must Bolster Data Security Under New FTC Rule<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"all\"\n        data-location=\"europeanunion\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">GDPR<\/span>       \n            <div class=\"s-text search-text\">General Data Protection Regulation<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>European Union<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"europeanunion\">European Union<\/a><\/li>\n                    <li>GDPR<\/li>\n                <\/ul>\n    \n                <span>GDPR<\/span>       \n                <h4>General Data Protection Regulation<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>European Union<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            5                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>GDPR At a Glance<\/h5>\n                                            <p>\n                                The General Data Protection Rule (GDPR), established by the European Commission, regulates data protection for entities that store or process personal data of EU citizens. In addition to protecting personal data, the GDPR gives consumers broad rights regarding their information, and imposes steep penalties for noncompliance. You don\u2019t need to have a business presence in the European Union to be subject to GDPR.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>GDPR REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span> Appointing a data protection officer                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span> Using a \u201cprivacy by design\u201d approach                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span> Implementing data security measures                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span> Notifying regulators of data breaches within 72 hours                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>GDPR also gives consumers the right to access their data, be informed about data that\u2019s being collected, restrict processing of their data, and more.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Provide data security through vulnerability management, detection and response, and user training                            <\/li>\n                                                        <li>\n                                    Offer guidance and consulting by the CST on other data security measures organizations may implement                            <\/li>\n                                                        <li>\n                                    Facilitate rapid notification of data breaches through prompt detection and response                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/gdpr-info.eu\/\">General Data Protection Regulation (GDPR) Information<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div\n        data-industry=\"financial services\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\">\n        <div class=\"col-name\">\n            <span class=\"search-text\">GLBA<\/span>\n            <div class=\"s-text search-text\">Gramm-Leach-Bliley Act<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Financial Services<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>GLBA<\/li>\n                <\/ul>\n    \n                <span>GLBA<\/span>\n                <h4>Gramm-Leach-Bliley Act<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"financialservices\">Financial Services<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            8                    <\/p>\n                    <\/div>\n    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>GLBA At a Glance<\/h5>\n                    <p>Under the Gramm-Leach-Bliley Act (GLBA), organizations defined as \u201cfinancial institutions\u201d must keep customer information secure and confidential. The Safeguards Rule, one of three sections of the GLBA, was updated December 9, 2021. With this update, the Federal Trade Commission (FTC) notes that an organization \u201cengaging in an activity that is financial in nature or incidental to such financial activities\u201d is considered a \u201cfinancial institution\u201d and must comply.<\/p>\n    \n                    <p>Key changes to the Safeguards Rule will take effect December 6, 2022. Who must comply with the Safeguards Rule?<\/p>\n    \n                    <p>Consider these examples of organizations deemed to be \u201cfinancial institutions\u201d under the Safeguards Rule:<\/p>\n    \n                    <ul style=\"list-style-type: disc; margin-bottom: 30px;\n        font-weight: 400; font-size: 17px; line-height: 27px; color: #444444;\">\n                    <li>Retailers extending a credit card<\/li>\n                    <li>Dealerships leasing a car long term \u2014 longer than 90 days<\/li>\n                    <li>Organizations appraising real estate or personal property<\/li>\n                    <li>Counselors helping individuals associated with a financial institution<\/li>\n                    <li>Businesses printing and selling checks on behalf of customers or wiring money<\/li>\n                    <li>Businesses engaging in cash checking services<\/li>\n                    <li>Income tax return preparers<\/li>\n                    <li>Travel agencies<\/li>\n                    <li>Real estate settlement services<\/li>\n                    <li>Mortgage brokers<\/li>\n                    <li>Colleges and universities accepting Title IV funds<\/li>\n                    <\/ul>\n                    <p><\/p>\n                                                    <\/div>\n    \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>GLBA REQUIREMENTS<\/h4>\n    \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>The Safeguards Rule requires financial institutions protect the consumer information they collect.\n                                        <br \/>\n                                        Requirements include:                             <ul style=\"list-style-type: disc;\">\n                                        <li style=\"padding: 9px 20px 9px 10px;\">Designating an individual or group to coordinate an information security program.                                <\/li>\n                                        <li style=\"padding: 9px 20px 9px 10px;\"> Identifying and assessing risks to customer data and evaluating the effectiveness of the existing controls.                                <\/li>\n                                        <li style=\"padding: 9px 20px 9px 10px;\">\n                                        Implementing, monitoring, and testing a safeguards program.                                <\/li>\n                                        <li style=\"padding: 9px 20px 9px 10px;\">\n                                        Evaluating the program when changes take place in business operations and other circumstances.                       <\/li>\n                                        <li style=\"padding: 9px 20px 9px 10px;\">\n                                        Ensuring service providers can maintain the appropriate safeguards.                                <\/li>\n                                        <\/ul>\n                                        <\/li>\n                                        <li>\n                                        <span class=\"no-count\">2<\/span>The Privacy of Consumer Information Rule (or Privacy Rule) requires regulated entities to inform consumers about their information-collection practices and to explain their rights to opt out. The rule includes requirements for the contents of the notices, delivery methods, and frequency.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n    \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Provide broad visibility to threats targeting customer data on remote endpoints, the corporate network, and in cloud applications                            <\/li>\n                                                        <li>\n                                    Deliver 24\/7\/365 threat detection and response to attacks targeting customer non-public information (NPI)                            <\/li>\n                                                        <li>\n                                    Proactive cyber risk assessments and strategic security advice to bolster their security posture                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n    \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/a-simplified-regulatory-checklist-for-financial-institutions\">A Simplified Regulatory Checklist for Financial Institutions<\/a><\/li>\n    \n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/guides\/cybersecurity-compliance-guide#main-content\">Cybersecurity Compliance Guide<\/a><\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"healthcare\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">HIPAA<\/span>       \n            <div class=\"s-text search-text\">Health Insurance Portability and Accountability Act <\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Healthcare<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>HIPAA<\/li>\n                <\/ul>\n    \n                <span>HIPAA<\/span>       \n                <h4>Health Insurance Portability and Accountability Act <\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"healthcare\">Healthcare<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            7                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>HIPAA At a Glance<\/h5>\n                                            <p>\n                                The U.S. Department of Health and Human Services created the Health Insurance Portability and Accountability Act (HIPAA) in 1996 to protect the confidentiality and integrity of electronic protected health electronic protected health information (ePHI) data. The Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009 imposed mandatory audits and fines for non-compliance.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>HIPAA REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>HIPAA  requires implementation of three types of safeguards: 1) administrative, 2) physical, and 3) technical.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Administrative safeguard provisions                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Requires a risk analysis to determine what security measures are reasonable and appropriate for your organization, including the following activites: Evaluating the likelihood and impact of potential risks to ePHI, implementing appropriate security measures to address the risks identified in the risk analysis, documenting the chosen security measures and, where required, the rationale for adopting those measures, and maintaining continuous, reasonable, and appropriate security protections                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Physical safeguard control and security measures                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Includes Facility Access and Control Measures: Covered entities and business associates must limit physical access to facilities, while allowing authorized access to ePHI; Workstation and Device Security: Covered entities and business associates must: Implement policies and procedures to specify proper use of and access to workstations and electronic media. Have policies and procedures for the transfer, removal, disposal, and re-use of electronic media.                                  <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Technical safeguards                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span>Include measures \u2013 including firewalls, encryption, and data backup \u2013 to implement to keep ePHI secure. These safeguards consist of the following: Access Controls: Implementing technical policies and procedures that allow only authorized persons to access ePHI. Audit Controls: Implementing hardware, software, and\/or procedural mechanisms to record and examine access in information systems that contain or use ePHI. Integrity Controls: Implementing policies and procedures to ensure that ePHI has not been, and will not be, improperly altered or destroyed. Transmission Security: Implement technical security measures that guard against unauthorized access to ePHI that is transmitted over an electronic network.                                 <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Third-party compliance analyst firm Coalfire found that Arctic Wolf can assist with eleven out of twelve technical safeguards, and provide additional compliance value.                             <\/li>\n                                                        <li>\n                                                                 <\/li>\n                                                        <li>\n                                    Simplify HIPAA compliance with customized reporting.                             <\/li>\n                                                        <li>\n                                    Monitor access to electronic patient health information (ePHI) data on premises and in the cloud.                             <\/li>\n                                                        <li>\n                                    Provide real-time alerts on unauthorized access of ePHI data.                              <\/li>\n                                                        <li>\n                                    Monitor end user and administrative access and configuration changes to all systems that create, receive, maintain, and transmit ePHI data.                             <\/li>\n                                                        <li>\n                                    Monitor activities of active and inactive user accounts, escalates de-provisioning of in-active accounts through manual\/automated means.                             <\/li>\n                                                        <li>\n                                    Audit changes in Active Directory (AD), Group Policies, Exchange, and file servers, and flags unauthorized actions.                             <\/li>\n                                                        <li>\n                                    Monitor failed\/successful logins\/logoffs and all password changes to prevent excessive help desk calls.                             <\/li>\n                                                        <li>\n                                    Investigate all attack vectors (e.g. phishing, ransomware, etc.), and generate security incidents to initiate response actions.                             <\/li>\n                                                        <li>\n                                    Audit anomalous login activity, and changes, including before\/after values for immediate data recovery.                             <\/li>\n                                                        <li>\n                                    Scan endpoints for unpatched vulnerabilities and collects log information from endpoint security solutions when unauthorized access or advanced malware is detected.                             <\/li>\n                                                        <li>\n                                    Monitor and report user logins\/ logouts in Active Directory, all user activity on endpoints, and continuously monitors network traffic to detect anomalous activity.                             <\/li>\n                                                        <li>\n                                    Provide reports for account creations and deletions, data retention policies, admin lockouts, configuration changes, and about who, what, where, and when these changes were made.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resource\/healthcare\/the-healthcare-cybersecurity-checklist\">The Healthcare Cybersecurity Checklist<\/a><\/li>\n                            \n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/white-papers\/arctic-wolf-platform-for-the-hipaa-security-rule\">Arctic Wolf Platform for the HIPAA Security Rule <\/a><\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"healthcare\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">HITRUST<\/span>       \n            <div class=\"s-text search-text\">Healthcare Information Trust Alliance<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Healthcare<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>HITRUST<\/li>\n                <\/ul>\n    \n                <span>HITRUST<\/span>       \n                <h4>Healthcare Information Trust Alliance<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"healthcare\">Healthcare<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            4                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>HITRUST At a Glance<\/h5>\n                                            <p>\n                                The Healthcare Information Trust Alliance (HITRUST) developed the Common Security Framework (CSF) based on a variety of federal and state regulations, frameworks, and standards. The HITRUST CSF provides regulated healthcare organizations with a common set of standards they can adopt as well as use for evaluating their vendors.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>HITRUST CSF REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span> Organizational factors such as geographic scope and business volume                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span> Regulatory factors that are based on compliance requirements specific to the organization\u2019s circumstances, including sector and geography                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span> System factors that impact data management risks, such as data storage and transmission, internet access, third-party access, number of users, and number of daily transactions                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>The framework also has allowances for alternate management, technical, or operational controls that can be applied under specific conditions.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Arctic Wolf  MDR produces reports related to the HITRUST controls presented as our services maps to logs sources related to authentication and authorization.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/simplified-regulatory-checklist-for-healthcare-organizations\">A Simplified Regulatory Checklist for Healthcare Organizations<\/a><\/li>\n                            \n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/case-study\/jackson-parish\">Case Study: Jackson Parish Hospital & Arctic Wolf<\/a><\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"government\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">IRS Pub 1075<\/span>       \n            <div class=\"s-text search-text\">IRS Pub 1075<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Government<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>IRS Pub 1075<\/li>\n                <\/ul>\n    \n                <span>IRS Pub 1075<\/span>       \n                <h4>IRS Pub 1075<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"government\">Government<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            9                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>IRS Pub 1075 At a Glance<\/h5>\n                                            <p>\n                                Internal Revenue Service Publication 1075 (IRS 1075) provides guidance for US government agencies and their agents that access federal tax information (FTI) to ensure that they use policies, practices, and controls to protect its confidentiality. IRS 1075 aims to minimize the risk of loss, breach, or misuse of FTI held by external government agencies.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>IRS PUB 1075 REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>To protect FTI, IRS 1075 prescribes security and privacy controls for application, platform, and datacenter services.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Some of the controls needed are as follows. These include both electronic and physical:                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Record Keeping Requirements:  Maintain a persistent system of all FTI records and anything related to it, including access rights.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Secure Storage: Details about the physical and electronic security of place where FTI data is kept. It includes things like restricted area, authorized access, locks & keys, safes\/vaults, transportation security, security of computers and storage media.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Restricting Access: Details related to access of FTI data.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Reporting Requirements: Periodic reports like SAR (Safeguard Activity Report) and SPR (Safeguard Procedures Report) need to be sent to IRS.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span>Training and Inspections: Awareness about security and annual certification of employees. Annual inspections are also needed to validate proper implementation.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">8<\/span>Disposal: Proper standards related to FTI data disposal for physical and electronic media.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">9<\/span>Computer System Security: Probably the most complex and detailed section of this regulation related to everything from access control, cryptography, emails, networking to wireless technologies and any emerging technologies.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Arctic Wolf can provide evidence and artifacts related to data access, security training for employees, and support for computer system security programs.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/www.irs.gov\/privacy-disclosure\/safeguards-program\">IRS Safeguards Program<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"all\"\n        data-location=\"international\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">ISO 27002<\/span>       \n            <div class=\"s-text search-text\">International Organization for Standardization: Information Security Standard<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>International<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"international\">International<\/a><\/li>\n                    <li>ISO 27002<\/li>\n                <\/ul>\n    \n                <span>ISO 27002<\/span>       \n                <h4>International Organization for Standardization: Information Security Standard<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>International<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            15                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>ISO 27002 At a Glance<\/h5>\n                                            <p>\n                                This document, the International Organization for Standardization: Information Security Standard 2022, provides a reference set of generic information security controls including implementation guidance. This document is designed to be used by organizations:                        <\/p>\n                                                <p>\n                                A) Within the context of an information security management system (ISMS) based on ISO\/IEC27001                        <\/p>\n                                                <p>\n                                B) For implementing information security controls based on internationally recognized best practices                        <\/p>\n                                                <p>\n                                C) For developing organization-specific information security management guidelines.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>ISO 27002:2022 REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>Annex A of ISO 27001 lists 114 security controls divided into 14 control sets, each of which is expanded upon in Clauses 5\u201318 of ISO 27002:                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>A.5 Information security policies                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>A.6 Organization of information security                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>A.7 Human resource security                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>A.8 Asset management                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>A.9 Access control                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span>A.10 Cryptography                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">8<\/span>A.11 Physical and environmental security                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">9<\/span>A.12 Operations security                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">10<\/span>A.13 Communications security                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">11<\/span>A.14 System acquisition, development, and maintenance                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">12<\/span>A.15 Supplier relationships                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">13<\/span>A.16 Information security incident management                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">14<\/span>A.17 Information security aspects of business continuity management                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">15<\/span>A.18 Compliance                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Arctic Wolf can provide evidence and artifacts related to asset management, access control, system maintenance, and more. Arctic Wolf MDR provides support for information security incidents.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/www.iso.org\/standard\/75652.html\">ISO\/IEC 27002:2022<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"arms\/defense\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">ITAR<\/span>       \n            <div class=\"s-text search-text\">International Traffic in Arms Regulations<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Arms\/Defense<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>ITAR<\/li>\n                <\/ul>\n    \n                <span>ITAR<\/span>       \n                <h4>International Traffic in Arms Regulations<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"arms\/defense\">Arms\/Defense<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            6                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>ITAR At a Glance<\/h5>\n                                            <p>\n                                The United States' International Traffic in Arms Regulations (ITAR) control the manufacture, sale, and distribution of defense and space-related articles and services                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>ITAR REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                                                                <a href=\"https:\/\/www.ecfr.gov\/current\/title-22\/part-121\">Regulations are simple: only U.S. citizens can access items on the USML list. There are 21 categories of Defense Articles in the USML.  <\/a>\n                                                                        <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Follow these basic principles to secure your ITAR data:                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>- Discover and Classify Sensitive Data                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>- Map Data and Permissions                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>- Manage Access Control                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>- Monitor Data, File Activity, and User Behavior                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Monitor data, file activty, and user behavior                            <\/li>\n                                                        <li>\n                                    Audit assets across systems                            <\/li>\n                                                        <li>\n                                    Monitor and log access controls and access activity                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/cmmc-certification-what-you-need-to-know\">CMMC Certification: What You Need to Know<\/a><\/li>\n                            \n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/guides\/cybersecurity-compliance-guide#main-content\">Cybersecurity Compliance Guide<\/a><\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"all\"\n        data-location=\"germany\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">KRITIS<\/span>       \n            <div class=\"s-text search-text\">IT Security Act 2.0<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>Germany<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"germany\">Germany<\/a><\/li>\n                    <li>KRITIS<\/li>\n                <\/ul>\n    \n                <span>KRITIS<\/span>       \n                <h4>IT Security Act 2.0<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>Germany<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            6                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>KRITIS At a Glance<\/h5>\n                                            <p>\n                                In Germany, special regulations apply to operators of critical infrastructures under the Federal Office for Information Security \/ Bundesamt f\u00fcr Sicherheit in der Informationstechnik (BSI) Act.                        <\/p>\n                                                <p>\n                                Critical infrastructures (KRITIS) are organizations or facilities with important significance for the state community, the failure or impairment of which would result in lasting supply bottlenecks, significant disruptions to public safety or other dramatic consequences. Which of these are to be regarded as critical infrastructures is regulated by the KRITIS Ordinance within the BSI Act.                         <\/p>\n                                                <p>\n                                The IT Security Act 2.0 in May 2021 added the waste management sector to the group of potential operators of critical infrastructure alongside the energy, information technology and telecommunications, transport and traffic, health, water, food, and finance and insurance sectors.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>IT SECURITY ACT 2.0 REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>If it has been determined on the basis of a review that a company is clearly to be assigned to the critical infrastructure, it must fulfill the following requirements in accordance with the regulations of the BSI Act:                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Report to and register with the BSI as a critical infrastructure operator.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Establish a point of contact as an interface to the BSI                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Reliably detect critical security incidents and report them immediately to the BSI                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Implement IT security in accordance with the state of the art                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Conduct an IT security audit every two years                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Detect and respond to security incidents                            <\/li>\n                                                        <li>\n                                    Deliver concierge guidance on an organization's security journey                            <\/li>\n                                                        <li>\n                                    Provide evidence, artifacts and reporting on security controls and practices for audit and review                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <!-- <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/guides\/cybersecurity-compliance-guide#main-content\">Cybersecurity Compliance Guide<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div> -->\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"all\"\n        data-location=\"massachusetts\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">Massachusetts General Law Chapter 93H: Security Breach<\/span>       \n            <div class=\"s-text search-text\">Massachusetts General Law Chapter 93H: Security Breach<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>Massachussets - US<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"massachusetts\">Massachussets - US<\/a><\/li>\n                    <li>Massachusetts General Law Chapter 93H: Security Breach<\/li>\n                <\/ul>\n    \n                <span>Massachusetts General Law Chapter 93H: Security Breach<\/span>       \n                <h4>Massachusetts General Law Chapter 93H: Security Breach<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>Massachussets - US<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            9                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>Massachusetts General Law Chapter 93H: Security Breach At a Glance<\/h5>\n                                            <p>\n                                Chapter 93H requires that a person or agency that owns or licenses data that includes personal information about a resident of the commonwealth shall provide notice, as soon as practicable and without unreasonable delay, when such person or agency (1) knows or has reason to know of a breach of security or (2) when the person or agency knows or has reason to know that the personal information of such resident was acquired or used by an unauthorized person or used for an unauthorized purpose, to the Attorney General, to the Office of Consumer Affairs and Business Regulation (OCABR) and to the affected resident(s).                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>MASSACHUSETTS GENERAL LAW CHAPTER 93H REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>The notice provided to the Attorney General and the OCABR must include, in addition to the nature of the breach and number of MA residents, the following information:                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span> The name and address of the person or agency that experienced the breach of security                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span> Name and title of the person or agency reporting the breach of security                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span> Their relationship to the person or agency that experienced the breach of security                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span> The type of person or agency reporting the breach of security                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span> The person responsible for the breach of security, if known                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span> The type of personal information compromised, including, but not limited to, social security number, driver\u2019s license number, financial account number, credit or debit card number or other data                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">8<\/span> Whether the person or agency maintains a WISP (written information security program)                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">9<\/span> Any steps the person or agency has taken or plans to take relating to the incident, including whether they have updated the written information security program.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Arctic Wolf MDR can help rapidly identify a security incident, facilitate a response to such an incident, and provide evidence on the scope and impact of the incident.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/guides\/cybersecurity-compliance-guide#main-content\">Cybersecurity Compliance Guide<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"financial services \"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">NCUA<\/span>       \n            <div class=\"s-text search-text\">National Credit Union Administration<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Financial Services <\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>NCUA<\/li>\n                <\/ul>\n    \n                <span>NCUA<\/span>       \n                <h4>National Credit Union Administration<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"financialservices\">Financial Services <\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            2                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>NCUA At a Glance<\/h5>\n                                            <p>\n                                The National Credit Union Administration (NCUA) uses a risk-based approach to examining and supervising credit unions.                        <\/p>\n                                                <p>\n                                All federally insured credit unions receive an NCUA examination on a periodic basis. To ensure both compliance with applicable laws and regulations, as well as safety and soundness, a review of the credit union\u2019s information security program is performed at each examination.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>NCUA REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>Although the NCUA uses a variety of resources and frameworks for their risk-based examination, credit unions supervised by the NCUA should follow the Federal Financial Institutions Examination Council (FFIEC) compliance standards.                                 <\/li>\n                                                                <li>\n                                                                                <a href=\"https:\/\/www.ncua.gov\/regulation-supervision\/regulatory-compliance-resources\/cybersecurity-resources\">See more from the NCUA here  or check the FFIEC Compliance Standards.<\/a>\n                                                                        <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Deliver Risk management and managed threat detection and response delivered from security experts                            <\/li>\n                                                        <li>\n                                    Provide dedicated security expertise for your IT team                            <\/li>\n                                                        <li>\n                                    Offer 24\u00d77 continuous cybersecurity monitoring and vulnerability assessment                            <\/li>\n                                                        <li>\n                                    For more information in every domain, control objective, and control activity, check out the full summary of FFIEC-NCUA Compliance.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/simplify-compliance-for-ffiec-ncua\">Simplify Compliance for FFIEC-NCUA<\/a><\/li>\n                            \n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/credit-unions-cybersecurity-challenges\/\">Why Credit Unions Need to Improve Their Cybersecurity<\/a><\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"energy\"\n        data-location=\"unitedstates canada\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">NERC CIP<\/span>       \n            <div class=\"s-text search-text\">Federal Energy Regulatory Commission\/North American Electric Reliability Corporation Critical Infrastructure Protection<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Energy<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>,<span> Canada<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates,canada\">United States, Canada<\/a><\/li>\n                    <li>NERC CIP<\/li>\n                <\/ul>\n    \n                <span>NERC CIP<\/span>       \n                <h4>Federal Energy Regulatory Commission\/North American Electric Reliability Corporation Critical Infrastructure Protection<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                                        <li> Canada<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"energy\">Energy<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            11                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>NERC CIP At a Glance<\/h5>\n                                            <p>\n                                The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring, and managing the security of the Bulk Electric System (BES) in North America. These standards apply specifically to the cybersecurity aspects of BES. The NERC CIP standards provide a cybersecurity framework to identify and secure critical assets that can impact the efficient and reliable supply of electricity of North America's BES.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>NERC CIP REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>CIP-002-5.1a  Cyber Security  BES Cyber System Categorization                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>CIP-003-8  Cyber Security  Security Management Controls                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>CIP-004-6  Cyber Security  Personnel & Training                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>CIP-005-6  Cyber Security  Electronic Security Perimeter(s)                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>CIP-006-6  Cyber Security  Physical Security of BES Cyber Systems                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>CIP-007-6  Cyber Security  System Security Management                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span>CIP-008-6  Cyber Security  Incident Reporting and Response Planning                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">8<\/span>CIP-009-6  Cyber Security  Recovery Plans for BES Cyber Systems                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">9<\/span>CIP-010-3  Cyber Security  Configuration Change Management and Vulnerability Assessments                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">10<\/span>CIP-011-2  Cyber Security  Information Protection                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">11<\/span>CIP-013-1  Cyber Security  Supply Chain Risk Management                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Support incident response activities                            <\/li>\n                                                        <li>\n                                    Monitor and provide evidence and artifacts on system and security management                            <\/li>\n                                                        <li>\n                                    Provide visibility, benchmarking, and reporting of vulnerabilities, misconfigurations, and risks                            <\/li>\n                                                        <li>\n                                    Deliver managed security awareness training                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <!-- <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/www.nerc.com\/pa\/Stand\/Pages\/CIPStandards.aspx\">NER CIP Compliance Standards<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div> -->\n                        <\/div>\n        <\/div>\n    <\/div>\n    \n    <!--- NIS2 -->\n    <div \n        data-industry=\"all\"\n        data-location=\"europeanunion\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">NIS2  <\/span>       \n            <div class=\"s-text search-text\">Network and Information Systems 2<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>European Union<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>NIS2  <\/li>\n                <\/ul>\n    \n                <span>NIS2  <\/span>       \n                <h4>Network and Information Systems 2<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>European Union<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            6                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>NIS2 At a Glance<\/h5>\n                                            <p>\n                                                The Network and Information Systems 2 (NIS2) directive is a Directive of the European Union to improve the security and resilience of networks and information systems and achieve a high common level of cybersecurity across the member countries in the EU. <\/p>\n    \n                                                <p>The previous Network and Information Systems (NIS) directive (EU-2016\/1148) was updated and expanded to form the new NIS2 (EU 2022\/2555) directive that was enacted on 14th December 2022, and comes into force, when transposed into local law in each member state, by 17 October 2024.<\/p>\n                                                \n                                                <p>NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity. It builds on the previous NIS Directive and represents a further development of measures to meet the challenges of an increasingly digitalised world.                          <\/p>\n                                                    <\/div>            \n                \n                \n                        \n        \n        <div class=\"content-list requirements\">\n            <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n            <div class=\"list\">\n                                            <h4>NIS2 REQUIREMENTS<\/h4>\n                    \n                    <ul>\n                                                        <li>\n                                <span class=\"no-count\">1<\/span>Risk Assessment and Management: Organizations must conduct regular risk assessments of their network and information systems and implement appropriate technical and organizational security measures to manage those risks.<\/li>\n                                                        <li>\n                                <span class=\"no-count\">2<\/span>Risk Assessment and Management: Organizations must conduct regular risk assessments of their network and information systems and implement appropriate technical and organizational security measures to manage those risks.<\/li>\n                                                        <li>\n                                <span class=\"no-count\">3<\/span>Business Continuity: Entities must develop and maintain business continuity and disaster recovery plans to ensure the continuity of essential services in the event of a disruptive incident.<\/li>\n                                                        <li>\n                                <span class=\"no-count\">4<\/span>Supply Chain Security: Organizations are responsible for managing\u00a0cybersecurity\u00a0risks across their supply chains. They must implement appropriate security measures for relationships with direct suppliers and service providers.<\/li>\n                                                        <li>\n                                <span class=\"no-count\">5<\/span>Governance and Accountability: NIS2 places greater emphasis on the role of management in overseeing cybersecurity.<\/li>\n                                                        <li>\n                                <span class=\"no-count\">6<\/span>Compliance and Enforcement: Failure to comply with the NIS2 requirements can result in significant penalties, including fines of up to 10 million euros or 2% of global annual turnover for \u201cessential entities\u201d and up to 7 million euros or 1.4% of global annual turnover for \u201cimportant\u201d entities. Authorities also have the power to impose other sanctions, such as temporary service suspensions.<\/li>\n                                                <\/ul>\n                                <\/div>\n        <\/div>\n    \n        <div class=\"content-list help\">\n            <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n            <div class=\"list\">\n                <ul>\n                                                <li><strong>Risk Analysis and Assessment<\/strong><br \/>\n                                                    The Arctic Wolf Cyber Resilience Assessment uses industry standard frameworks, like NIST\n                                                    CSF (both 1.1 and 2.0) and CIS Controls, to help organisations measure their own cyber risk\n                                                    and security maturity. As security gaps are identified, organisations can prepare actionable\n                                                    recommendations using our Security Posture in Depth Reviews (SPiDRs) that support\n                                                    mitigating security gaps and improving their overall cybersecurity maturity.<\/li>\n                                                <li><strong>Risk Analysis and Vulnerability Management<\/strong><br \/>\n                                                    Arctic Wolf\u00ae Managed Risk helps customers to carry out the necessary risk analysis for assets\n                                                    that fall under the scope of NIS2. We enable you to discover, assess, and harden your\n                                                    environment against digital risk, including vulnerability prioritisation for remediation.<\/li>\n                                                <li><strong>Security Awareness<\/strong><br \/>\n                                                    Arctic Wolf Managed Security Awareness\u00ae delivers cybersecurity awareness training through\n                                                    a streamlined process that delivers content and training on a regular cadence. The programme\n                                                    also delivers continuous individual testing of employees and offers training adapted to the real\n                                                    needs of an organisation depending on their industry and the threat landscape.<\/li>\n                                                <li><strong>Incident Handling and Incident Response<\/strong><br \/>\n                                                    Arctic Wolf\u00ae Managed Detection and Response (MDR) provides detection and response to\n                                                    threats through 24x7 monitoring of network, endpoint, cloud, and identity sources. In addition\n                                                    to detection, through managed investigations, the Arctic Wolf Security Teams can work with\n                                                    customers to contain immediate threats before they escalate.<br \/>\n                                                    Additionally, Arctic Wolf\u00ae Incident Response offers a full-service incident response (IR) services\n                                                    that help stop an attack and quickly restore your organisation to pre-incident business operations,\n                                                    while Arctic Wolf Incident Response JumpStart Retainer (IRJS) provides incident planning\n                                                    and review with experts, access to battle-tested runbooks, and an online portal where your\n                                                    organisation can store your IR documents, plans, and more.<\/li>\n                                                <li><strong>Proactive Security Solutions<\/strong><br \/>\n                                                    Arctic Wolf partners can design, implement, support, and operate Arctic Wolf solutions that align\n                                                    with the technical security requirements of NIS2, all of which are further supported by the Arctic\n                                                    Wolf CST within individual customer environments.<\/li>\n                                                <li><strong>Reporting<\/strong><br \/>\n                                                    Arctic Wolf supports the customer\u2019s obligation to report to the central CSIRT, with the ability to\n                                                    provide content that will assist their internal teams in filing incidents required by NIS2 with the\n                                                    regulatory body.<br \/>\n                                                    Arctic Wolf also offers Data Explorer, which enables log retention and search, allowing customers\n                                                    to access and gather necessary information for compliance reports, compile artifacts for third-party\n                                                    stakeholders, and collect logs for security posture validation.<\/li>\n                                        <\/ul>\n            <\/div>\n        <\/div>\n        \n            <div class=\"content-list resources\">\n                <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                <div class=\"list\">\n                    <ul>\n                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/uk\/what-does-the-nis2-directive-mean-for-organisations\/\">What does the NIS2 directive mean for organisations?<\/a><\/li>\n                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resource\/aw-uk\/nis2-why-european-boards-need-to-raise-their-cyber-risk-game?lb-mode=overlay\">NIS2: Why European Boards Need to Raise Their Cyber-risk Game<\/a><\/li>\n                    <\/ul>\n                <\/div>\n            <\/div>\n    \n    <\/div>\n    <\/div><\/div>\n    <!-- end nis2 -->\n    \n    \n    \n    \n    <!--<div \n        data-industry=\"all, federal contractors, government\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">NIST 800-171B <\/span>       \n            <div class=\"s-text search-text\">Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>,<span> Federal Contractors<\/span>,<span> Government<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>NIST 800-171B <\/li>\n                <\/ul>\n    \n                <span>NIST 800-171B <\/span>       \n                <h4>Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                                        <li data-val=\"federalcontractors\"> Federal Contractors<\/li>\n                                                                        <li data-val=\"government\"> Government<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            33                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>NIST 800-171B  At a Glance<\/h5>\n                                            <p>\n                                NIST SP 800-171B is an entirely new publication that introduces 33 enhanced security requirements designed to help protect DoD contractors (specifically, their high-value-assets and critical programs including CUI) from modern attack tactics and techniques related to Advanced Persistent Threats (APTs).                        <\/p>\n                                                <p>\n                                The enhanced security requirements are only applicable for a nonfederal system or organization when mandated by a federal agency in a contract, grant, or other agreement.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>NIST SP 800-171B REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>1. Employ dual authorization to execute critical or sensitive system and organizational operations.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Restrict access to systems and system components to only those information resources that are owned, provisioned, or issued by the organization.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Employ secure information transfer solutions to control information flows between security domains on connected systems.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Provide awareness training focused on recognizing and responding to threats from social engineering, advanced persistent threat actors, breaches, and suspicious behaviors; update the training at least annually or when there are significant changes to the threat.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Include practical exercises in awareness training that are aligned with current threat scenarios and provide feedback to individuals involved in the training and their supervisors.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Establish and maintain an authoritative source and repository to provide a trusted source and accountability for approved and implemented system components.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span>Employ automated mechanisms to detect the presence of misconfigured or unauthorized system components and either remove the components or place them in a quarantine or remediation network that allows for patching, reconfiguration, or other mitigations.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">8<\/span>Employ automated discovery and management tools to maintain an up-to-date, complete, accurate, and readily available inventory of system components.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">9<\/span>Identify and authenticate systems and system components before establishing a network connection using bidirectional authentication that is cryptographically based and replay resistant.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">10<\/span>Employ password managers for the generation, rotation, and management of passwords for systems and system components that do not support multifactor authentication or complex account management.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">11<\/span>Employ automated mechanisms to prohibit system components from connecting to organizational systems unless the components are known, authenticated, in a properly configured state, or in a trust profile.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">12<\/span>Establish and maintain a full-time security operations center capability.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">13<\/span>Establish and maintain a cyber incident response team that can be deployed to any location identified by the organization within 24 hours.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">14<\/span>Conduct enhanced personnel screening (vetting) for individual trustworthiness and reassess individual trustworthiness on an ongoing basis.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">15<\/span>Ensure that organizational systems are protected whenever adverse information develops regarding the trustworthiness of individuals with access to CUI.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">16<\/span>Employ threat intelligence to inform the development of the system and security architectures, selection of security solutions, monitoring, threat hunting, and response and recovery activities.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">17<\/span>Establish and maintain a cyber threat hunting capability to search for indicators of compromise in organizational systems and detect, track, and disrupt threats that evade existing controls.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">18<\/span>Employ advanced automation and analytics capabilities to predict and identify risks to organizations, systems, or system components.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">19<\/span>Document or reference in the system security plan the risk basis for security solution selection, and identify the system and security architecture, system components, boundary isolation, or protection mechanisms and dependencies on external service providers.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">20<\/span>Assess the effectiveness of security solutions at least annually to address anticipated risk to the system and the organization based on current and accumulated threat intelligence.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">21<\/span>Assess, respond to, and monitor supply chain risks associated with organizational systems.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">22<\/span>Develop and update as required a plan for managing supply chain risks associated with organizational systems.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">23<\/span>Conduct penetration testing at least annually, leveraging automated scanning tools and ad hoc tests using human experts.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">24<\/span>Employ diverse system components to reduce the extent of malicious code propagation.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">25<\/span>Disrupt the attack surface of organizational systems and system components through unpredictability, moving target defense, or non-persistence.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">26<\/span>Employ technical and procedural means to confuse and mislead adversaries through a combination of misdirection, tainting, or disinformation.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">27<\/span>Employ physical and logical isolation techniques in the system and security architecture.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">28<\/span>Employ roots of trust, formal verification, or cryptographic signatures to verify the integrity and correctness of security critical or essential software.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">29<\/span>Monitor individuals and system components on an ongoing basis for anomalous or suspicious behavior.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">30<\/span>Ensure that Internet of Things (IoT), Operational Technology (OT) and Industrial Internet of Things (IIoT) systems, components, and devices are compliant with the security requirements imposed on organizational systems or are isolated in purpose-specific networks.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">31<\/span>Refresh organizational systems and system components from a known, trusted state at least twice annually.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">32<\/span>Conduct periodic reviews of persistent organizational storage locations and purge CUI that is no longer needed consistent with federal records retention policies and disposition schedules.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">33<\/span>Use threat indicator information relevant to the information and systems being protected and effective mitigations obtained from external organizations to inform intrusion detection and threat hunting.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Deliver awareness training and exercises updated and managed by the Concierge Security Team                            <\/li>\n                                                        <li>\n                                    Scan networks and environments to audit system assets and identify misconfigurations and other vulnerabilities                            <\/li>\n                                                        <li>\n                                    Provide logs, records, and evidence related to authorization and access policies and procedures                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/guides\/cybersecurity-compliance-guide#main-content\">Cybersecurity Compliance Guide<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div>--><!-- <div \n        data-industry=\"all, federal contractors, government\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">NIST 800-53<\/span>       \n            <div class=\"s-text search-text\">Security and Privacy Controls for Information Systems and Organizations<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>,<span> Federal Contractors<\/span>,<span> Government<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>NIST 800-53<\/li>\n                <\/ul>\n    \n                <span>NIST 800-53<\/span>       \n                <h4>Security and Privacy Controls for Information Systems and Organizations<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                                        <li data-val=\"federalcontractors\"> Federal Contractors<\/li>\n                                                                        <li data-val=\"government\"> Government<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            1                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>NIST 800-53 At a Glance<\/h5>\n                                            <p>\n                                The key distinction between NIST 800-171 vs 800-53 is that 800-171 refers to non-federal networks and NIST 800-53 applies directly to any federal organization.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>NIST 800-53 REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span> See the NIST SP 800-171 requirements.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Simplify NIST 800- 171 compliance with customized reporting                            <\/li>\n                                                        <li>\n                                    Protect CUI by monitoring all communications and traffic for malicious activity                            <\/li>\n                                                        <li>\n                                    Support incident response                            <\/li>\n                                                        <li>\n                                    Deliver 24\u00d77 monitoring with unlimited log source                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/what-is-nist-sp-800-171\">NIST SP 800-171: What You Need to Know<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div>--><div \n        data-industry=\"all\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">NIST CSF 2.0<\/span>       \n            <div class=\"s-text search-text\">National Institute of Standards and Technology Cybersecurity Framework<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>NIST CSF<\/li>\n                <\/ul>\n    \n                <span>NIST CSF<\/span>       \n                <h4>National Institute of Standards and Technology Cybersecurity Framework<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">ALL<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            6                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>NIST CSF At a Glance<\/h5>\n                                            <p>\n                                                The National Institute of Standards and Technology\u2019s cybersecurity framework (NIST CSF) is a risk-based compilation of guidelines that can help organizations identify, implement, and improve cybersecurity practices, and creates a common language for internal and external communication of cybersecurity issues., The NIST CSF is designed to be used by organizations of all sizes and sectors, including industry, government, academia, and nonprofit organizations, regardless of the maturity level of their cybersecurity programs. The NIST CSF is often used as a reporting tool to report security to executive leadership, since the six high-level categories of govern, identify, detect, protect, respond, and recover make it easier to report complex topics under this perspective.<\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>NIST CSF REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>Govern                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Identify                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Protect                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Detect                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Respond                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Recover                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Arctic Wolf's security operations solutions provide coverage across the NIST five functions:                            <\/li>\n                                                        <li>\n                                    MDR provides support for Detection, Response, and Recovery                            <\/li>\n                                                        <li>\n                                    Managed Risk helps businesses Identify their assets and risks and Protect their environments                            <\/li>\n                                                        <li>\n                                    Managed Security Awareness leverages people to provide security across the five functions                            <\/li>\n                                                        <li>\n                                    Incident Response helps businesses experiencing an incident Respond and Recover                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/guides\/cybersecurity-compliance-guide#main-content\">Cybersecurity Compliance Guide<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"all, federal contractors, government\"\n        data-location=\"unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">NIST SP 800-171<\/span>       \n            <div class=\"s-text search-text\">The National Institute for Standards and Technology (NIST) Special Publication (SP) 800-171<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>,<span> Federal Contractors<\/span>,<span> Government<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"unitedstates\">United States<\/a><\/li>\n                    <li>NIST SP 800-171<\/li>\n                <\/ul>\n    \n                <span>NIST SP 800-171<\/span>       \n                <h4>The National Institute for Standards and Technology (NIST) Special Publication (SP) 800-171<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                                        <li data-val=\"federalcontractors\"> Federal Contractors<\/li>\n                                                                        <li data-val=\"government\"> Government<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            13                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>NIST SP 800-171 At a Glance<\/h5>\n                                            <p>\n                                Executive Order 13556 established the Controlled Unclassified Information (CUI) program to standardize the way federal contractors handle unclassified information that requires protection, such as personally identifiable information or sensitive government assets.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>NIST SP 800-171 REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>Sec. 3.1 Access Control                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Sec 3.3 Audit and Accountability                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Sec 3.4 Configuration Management                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>Sec 3.5 Identification and Authentication                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Sec 3.6 Incident Response                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Sec 3.7 Maintenance                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span>Sec 3.8 Media Protection                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">8<\/span>Sec 3.9 Physical Protection                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">9<\/span>Sec 3.10 Personnel Security                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">10<\/span>Sec 3.11 Risk Assessment                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">11<\/span>Sec 3.12 Security Assessment                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">12<\/span>Sec 3.13 System and Communication Protection                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">13<\/span>Sec 3.14 System and Information Integrity                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Simplify NIST 800- 171 compliance with customized reporting                            <\/li>\n                                                        <li>\n                                    Protect CUI by monitoring all communications and traffic for malicious activity                            <\/li>\n                                                        <li>\n                                    Support incident response                            <\/li>\n                                                        <li>\n                                    Deliver 24\u00d77 monitoring with unlimited log source                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/what-is-nist-sp-800-171\">NIST SP 800-171: What You Need to Know<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"consumer transactions\"\n        data-location=\"international unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">PCI-DSS<\/span>       \n            <div class=\"s-text search-text\">Payment Card Industry Data Security Standard<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Consumer Transactions<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>International<\/span>,<span> United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"international,unitedstates\">International, United States<\/a><\/li>\n                    <li>PCI-DSS<\/li>\n                <\/ul>\n    \n                <span>PCI-DSS<\/span>       \n                <h4>Payment Card Industry Data Security Standard<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>International<\/li>\n                                                                        <li> United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"consumertransactions\">Consumer Transactions<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            12                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>PCI-DSS At a Glance<\/h5>\n                                            <p>\n                                While not federally mandated in the United States, PCI-DSS is an industry standard and is mandated by the Payment Card Industry Security Standard Council (PCI SSC) to protect cardholder data.                        <\/p>\n                                                <p>\n                                In March 2022, PCI SSC published the PCI Data Security Standard v4.0 replacing version 3.2.1 to address emerging threats and technologies and enable innovative methods to combat new threats.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>PCI-DSS REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>PCI-DSS 1: Install and maintain firewall configurations to protect data.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>PCI-DSS 2: Do not use vendor-supplied defaults for system passwords and security parameters.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>PCI-DSS 3: Protect stored cardholder data.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>PCI-DSS 4: Encrypt transmission of cardholder data across open, public networks.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>PCI-DSS 5: Protect all systems against malware and regularly update AV software.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>PCI-DSS 6: Develop and maintain secure systems and applications.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">7<\/span>PCI-DSS 7: Restrict access to cardholder data by business need-to-know.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">8<\/span>PCI-DSS 8: Identify and authenticate access to system components.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">9<\/span>PCI-DSS 9: Restrict physical access to cardholder data.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">10<\/span>PCI-DSS 10: Track and monitor all access to network resources and cardholder data.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">11<\/span>PCI-DSS 11: Regularly test security systems and processes.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">12<\/span>PCI-DSS 12: Maintain a policy that addresses information security.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Simplify PCI-DSS 3.2 compliance with customized reporting                            <\/li>\n                                                        <li>\n                                    Monitor access to card holder data on-premises and in the cloud                            <\/li>\n                                                        <li>\n                                    Provide real-time alerts based on business risks posed by payment card data                            <\/li>\n                                                        <li>\n                                    Perform continuous vulnerability scanning of internal and external networks, and endpoints                            <\/li>\n                                                        <li>\n                                    Implement secure configuration policies based on security controls benchmarks, such as CIS                            <\/li>\n                                                        <li>\n                                    Identify and prioritize vulnerabilities based on threat exposure, assets, and severity                            <\/li>\n                                                        <li>\n                                    Audit system access, authentication, and other security controls to detect policy violations                            <\/li>\n                                                        <li>\n                                    Automatically detect and scan new devices as they enter the network                            <\/li>\n                                                        <li>\n                                    Create, assign, track, and verify remediation tasks                            <\/li>\n                                                        <li>\n                                    Demonstrate compliance and communicate progress with reports, analytics, and live dashboards from the Arctic Wolf Concierge Security Team                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/pci-dss-checklist\">PCI-DSS Compliance Reports<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"healthcare\"\n        data-location=\"canada\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">PHIPA<\/span>       \n            <div class=\"s-text search-text\">Personal Health Information Protection Act<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Healthcare<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>Canada<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"canada\">Canada<\/a><\/li>\n                    <li>PHIPA<\/li>\n                <\/ul>\n    \n                <span>PHIPA<\/span>       \n                <h4>Personal Health Information Protection Act<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>Canada<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"healthcare\">Healthcare<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            2                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>PHIPA At a Glance<\/h5>\n                                            <p>\n                                The Personal Health Information Protection Act, also known as PHIPA, is Ontario legislation established in November 2004. PHIPA is one of two components of the Health Information Protection Act 2004                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>PHIPA REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>PHIPA contains notification requirements for both agents and custodians. If personal health information handled by an agent on behalf of a custodian is stolen, lost or accessed by unauthorized persons, the agent must notify the custodian of the breach at the first reasonable opportunity.                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>PHIPA also requires custodians to notify individuals at the first reasonable opportunity if personal health information is stolen, lost or accessed by an unauthorized person.                                 <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Arctic Wolf MDR produces reports related to the PHIPA controls presented as our services maps to logs sources related to authetication and authorization. It should be noted that each province has its own jurisdictional Health care mandate and controls.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/www.ontario.ca\/laws\/statute\/04p03\">Personal Health Information Protection Act, 2004, S.O. 2004, c. 3, Sched. A<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"all\"\n        data-location=\"international\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">SCF<\/span>       \n            <div class=\"s-text search-text\">Secure Controls Framework<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>International<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"international\">International<\/a><\/li>\n                    <li>SCF<\/li>\n                <\/ul>\n    \n                <span>SCF<\/span>       \n                <h4>Secure Controls Framework<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>International<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">ALL<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            6                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>SCF At a Glance<\/h5>\n                                            <p>\n                                The Secure Controls Framework (SCF) is a comprehensive catalog of controls that is designed to enable companies to design, build, and maintain secure processes, systems, and applications. The SCF addresses both cybersecurity and privacy, so that these principles are designed to be \u201cbaked in\u201d at the strategic, operational, and tactical levels.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>SCF REQUIREMENTS: <\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>The SCF's goal is to help organizations of all sizes implement these four principles of cybersecurity and privacy:                                 <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>CONFIDENTIALITY -  Confidentiality addresses preserving restrictions on information access and disclosure so that access is limited to only authorized users and services.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>INTEGRITY - Integrity addresses the concern that sensitive data has not been modified or deleted in an unauthorized and undetected manner.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>AVAILABILITY - Availability addresses ensuring timely and reliable access to and use of information.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>SAFETY - Safety addresses reducing risk associated with embedded technologies that could fail or be manipulated by nefarious actors.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>There are thirty-two domains that make up the SCF. There are over 1,000 controls that are categorized within these domains to make it easier to manage. Each domain has a three-letter identifier, which is included in the control name to make it easy to understand what the focus of the control is.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Arctic Wolf security operations solutions provide evidence and artifacts across SCF domains. Arctic Wolf can provide monitoring, vulnerability management, security awareness training, and more.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/www.securecontrolsframework.com\/\">SCF Security & Privacy Metaframework<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"all\"\n        data-location=\"newyork\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">SHIELD Act<\/span>       \n            <div class=\"s-text search-text\">New York State \"Stop Hacks and Improve Electronic Data Security\" Act<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>New York - US<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"newyork\">New York - US<\/a><\/li>\n                    <li>SHIELD Act<\/li>\n                <\/ul>\n    \n                <span>SHIELD Act<\/span>       \n                <h4>New York State \"Stop Hacks and Improve Electronic Data Security\" Act<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>New York - US<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            3                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>SHIELD Act At a Glance<\/h5>\n                                            <p>\n                                The Stop Hacks and Improve Electronic Data Security (SHIELD) Act went into effect on March 21, 2020. The act requires businesses that collect private information on its residents to implement reasonable cybersecurity safeguards to protect it.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>SHIELD REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>Administrative safeguards such as designating employees to coordinate the security program, identify foreseeable external and insider risks, assess existing safeguards, implement workforce cybersecurity training, and select and manage third-party service providers capable of maintaining appropriate safeguards.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Technical safeguards such as risk assessments of network design, software design, and information processing; transmission and storage; implementation of measures to detect, prevent, and respond to system failures; and regular testing and monitoring of key controls.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Physical safeguards such as detection, prevention, and response to intrusions, as well as protection against unauthorized access to (or use of) private information during or after collection, transportation, and destruction or disposal of the information.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Monitor your environment for threats and provide regular feedback on your security posture.                            <\/li>\n                                                        <li>\n                                    Provide internal and external vulnerability assessment and management capabilities to understand risks.                            <\/li>\n                                                        <li>\n                                    Act as your service provider to monitor your systems and assess\/manage vulnerabilities in those systems.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/shield-law-is-your-business-ready\">What Is the SHIELD Act And How Do You Achieve Compliance?<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><div \n        data-industry=\"all\"\n        data-location=\"international unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">SOC II Type 2<\/span>       \n            <div class=\"s-text search-text\">Service Organization Control II Type 2<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>All<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>International<\/span>,<span> United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"international,unitedstates\">International, United States<\/a><\/li>\n                    <li>SOC II Type 2<\/li>\n                <\/ul>\n    \n                <span>SOC II Type 2<\/span>       \n                <h4>Service Organization Control II Type 2<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>International<\/li>\n                                                                        <li> United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"all\">All<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            6                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>SOC II Type 2 At a Glance<\/h5>\n                                            <p>\n                                A SOC 2 Type 2 Report is a service organization control (SOC) audit on how a cloud-based service provider handles sensitive information. It covers both the suitability of a company\u2019s controls and their operating effectiveness.                        <\/p>\n                                                <p>\n                                SOC 2 is a popular security and risk framework to assess security, but companies might consider using ISO\/IEC 27001 or HITRUST instead.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>SOC II TYPE 2 REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>SOC 2 compliance is based on specific criteria for managing customer data correctly, which consists of five Trust Services Categories: security, availability, processing integrity, confidentiality, and privacy.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>When it comes to security, the most basic SOC 2 compliance checklist (which will satisfy an auditor) is detailed in the Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Document, and should address these controls:                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Logical and physical access controls: How you restrict and manage logical and physical access, to prevent any unauthorized access                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">4<\/span>System operations: How you manage your system operations to detect and mitigate deviations from set procedures                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">5<\/span>Change management: How you implement a controlled change management process and prevent unauthorized changes                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">6<\/span>Risk mitigation:How you identify and develop risk mitigation activities when dealing with business disruptions and the use of any vendor services                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Monitor and provide evidence and artifacts on the behavior of access controls and systems operations                            <\/li>\n                                                        <li>\n                                    Support risk management through vulnerability management and tracking                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/press-releases\/arctic-wolf-achieves-soc-2-type-ii-compliance-certification\">Arctic Wolf Achieves SOC 2 Type II Compliance Certification<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div><!-- <div \n        data-industry=\"education\"\n        data-location=\"california\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">SOPIPA<\/span>       \n            <div class=\"s-text search-text\">Student Online Personal Information Protection Act <\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Education<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>California - US<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"california\">California - US<\/a><\/li>\n                    <li>SOPIPA<\/li>\n                <\/ul>\n    \n                <span>SOPIPA<\/span>       \n                <h4>Student Online Personal Information Protection Act <\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>California - US<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"education\">Education<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            3                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>SOPIPA At a Glance<\/h5>\n                                            <p>\n                                SOPIPA, which came into effect in January 2016, applies to entities that operate websites, online services, and online and mobile apps that are designed and marketed primarily for K-12 educational purposes. It requires these operators to implement reasonable security practices to protect the student data, and prohibits them from sharing the data or using it for advertising for noneducational purposes.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>SOPIPA REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>Aside from non-disclosure of K-12 student data, companies are encouraged to comply with security and deletion requirements through the following:                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Implement and maintain security procedures to protect the collected information from unauthorized access, destruction, use, modification, or disclosure.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Delete a student's covered information (as defined by SOPIPA) if the school or the district requests deletion of data under the control of the school or district.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Arctic Wolf security operatiosn solutions support security procedures designed to protect covered information, and can provide evidence and artifacts documenting the procedures.                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/guides\/cybersecurity-compliance-guide#main-content\">Cybersecurity Compliance Guide<\/a><\/li>\n                            \n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div> --><div \n        data-industry=\"financial services\"\n        data-location=\"international unitedstates\"\n        class=\"col-name-item\"> \n        <div class=\"col-name\">\n            <span class=\"search-text\">SOX<\/span>       \n            <div class=\"s-text search-text\">Sarbanes\u2013Oxley Act<\/div>\n        <\/div>\n    \n        <div class=\"col-industry\">\n            <span>Financial Services<\/span>    <\/div>\n    \n        <div class=\"col-location\">\n            <span>International<\/span>,<span> United States<\/span>    <\/div>\n    \n        <div class=\"item-content\">\n    \n            <div class=\"item-content-top\">\n                <div class=\"map-panel-close-btn\"><\/div>\n    \n                <ul class=\"nav-menu\">\n                    <li><a data-val=\"default\">All Regulations<\/a><\/li>\n                                    <li><a data-val=\"international,unitedstates\">International, United States<\/a><\/li>\n                    <li>SOX<\/li>\n                <\/ul>\n    \n                <span>SOX<\/span>       \n                <h4>Sarbanes\u2013Oxley Act<\/h4>\n    \n                <div class=\"item-content-info\">\n                    <div class=\"col-location\">\n                        <span>Location<\/span>\n                        <ul>\n                                                                <li>International<\/li>\n                                                                        <li> United States<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-industry\">\n                        <span>Industry<\/span>\n                        <ul>\n                                                                <li data-val=\"financialservices\">Financial Services<\/li>\n                                                        <\/ul>\n                    <\/div>\n                    <div class=\"col-requirements\">\n                        <span>REQUIREMENTS<\/span>\n                        <p>\n                            3                    <\/p>\n                    <\/div>\n                    \n                <\/div>\n            <\/div>\n    \n            <div class=\"item-content-middle\">\n                <div class=\"copy\">\n                    <h5>SOX At a Glance<\/h5>\n                                            <p>\n                                SOX are expanded regulatory requirements governing all U.S. public companies, foreign companies with securities registered with the Securities and Exchange Commission, and public accounting firms. Its primary goal is to prevent fraudulent financial reporting and protect investors.                        <\/p>\n                                                    <\/div>            \n                            \n                <div class=\"content-list requirements\">\n                    <span>Requirements <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                                                    <h4>SOX REQUIREMENTS<\/h4>\n                            \n                            <ul>\n                                                                <li>\n                                        <span class=\"no-count\">1<\/span>Section 302 mandates that senior corporate officers personally certify in writing that the company\u2019s financial statements \u201ccomply with SEC disclosure requirements and fairly present in all material aspects the operations and financial condition of the issuer.\u201d Officers who sign off on financial statements that they know to be inaccurate are subject to criminal penalties, including prison terms.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">2<\/span>Section 404 requires that management and auditors establish internal controls and reporting methods to ensure the adequacy of those controls. Some critics of the law have complained that the requirements in Section 404 can have a negative impact on publicly traded companies because it\u2019s often expensive to establish and maintain the necessary internal controls.                                <\/li>\n                                                                <li>\n                                        <span class=\"no-count\">3<\/span>Section 802 contains the three rules that affect recordkeeping. The first deals with destruction and falsification of records. The second strictly defines the retention period for storing records. The third rule outlines the specific business records that companies need to store, which includes electronic communications.                                <\/li>\n                                                        <\/ul>\n                                        <\/div>\n                <\/div>\n                \n                            <div class=\"content-list help\">\n                    <span>How ARCTIC WOLF CAN HELP <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li>\n                                    Analyze, prioritize, and manage vulnerabilities                            <\/li>\n                                                        <li>\n                                    Maintain, monitor, and analyze audit logs                            <\/li>\n                                                        <li>\n                                    Perform regular risk assessments to identify weak points in your security                            <\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                \n                            <div class=\"content-list resources\">\n                    <span>RESOURCES <span class=\"plus-minus-toggle \"><\/span><\/span>\n                    <div class=\"list\">\n                        <ul>\n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/blog\/a-simplified-regulatory-checklist-for-financial-institutions\">A Simplified Regulatory Checklist for Financial Institutions<\/a><\/li>\n                            \n                                                        <li><a target=\"_blank\" href=\"https:\/\/arcticwolf.com\/resources\/guides\/cybersecurity-compliance-guide#main-content\">Cybersecurity Compliance Guide<\/a><\/li>\n                                                <\/ul>\n                    <\/div>\n                <\/div>\n                        <\/div>\n        <\/div>\n    <\/div>\n                                                                <\/div><!-- \/. map-panel-filter-list -->\n                                                            <\/div>\n                                                        <\/div>\n    \n                                                        <div id=\"map\" class=\"map\">\n                                                            <div class=\"info-btn\">\n                                                                <div class=\"info-btn-icon\"><svg width=\"5\" height=\"16\" viewBox=\"0 0 5 16\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M1.3 16V5.09H3.93V16H1.3ZM2.62 3.23C2.06 3.23 1.64 3.10333 1.36 2.85C1.08667 2.59667 0.95 2.24667 0.95 1.8C0.95 1.34667 1.08667 0.996666 1.36 0.749999C1.64 0.496666 2.06 0.369999 2.62 0.369999C3.18667 0.369999 3.60667 0.496666 3.88 0.749999C4.15333 0.996666 4.29 1.34667 4.29 1.8C4.29 2.24667 4.15333 2.59667 3.88 2.85C3.60667 3.10333 3.18667 3.23 2.62 3.23Z\" fill=\"white\"\/><\/svg><\/div>\n                                                            <\/div>\n                                                            <div class=\"current-location\">\n                                                                <div class=\"current-location-icon\"><svg width=\"20\" height=\"20\" viewBox=\"0 0 20 20\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path fill-rule=\"evenodd\" clip-rule=\"evenodd\" d=\"M11 0V2.069C12.7598 2.29335 14.3953 3.09574 15.6498 4.3502C16.9043 5.60466 17.7066 7.24017 17.931 9H20V11H17.931C17.7068 12.7599 16.9045 14.3955 15.65 15.65C14.3955 16.9045 12.7599 17.7068 11 17.931V20H9V17.931C7.24017 17.7066 5.60466 16.9043 4.3502 15.6498C3.09574 14.3953 2.29335 12.7598 2.069 11H0V9H2.069C2.29368 7.2403 3.09617 5.60497 4.35057 4.35057C5.60497 3.09617 7.2403 2.29368 9 2.069V0H11ZM4 10C4 13.309 6.691 16 10 16C13.309 16 16 13.309 16 10C16 6.691 13.309 4 10 4C6.691 4 4 6.691 4 10ZM14 10C14 12.2091 12.2091 14 10 14C7.79086 14 6 12.2091 6 10C6 7.79086 7.79086 6 10 6C12.2091 6 14 7.79086 14 10Z\" fill=\"white\"\/><\/svg><\/div>\n                                                                <p>use current location<\/p>\n                                                            <\/div>\n                                                            <div class=\"legend-wrapper\">\n                                                                <ul id=\"legend\">\n                                                                    <li><h6>Legend<\/h6><\/li>\n                                                                    <li class=\"ir\"><p>INTERNATIONAL<br\/>REGULATION<\/p><\/li>\n                                                                    <li class=\"cr\"><p>COUNTRY<br\/>REGULATION<\/p><\/li>\n                                                                    <li class=\"spr\"><p>US State \/ EU Member<br\/>Specific REGULATION<\/p><\/li>\n                                                                <\/ul><\/div>\n                                                            <div class=\"scroll-to-wrapper\">\n                                                                <div class=\"scroll-to-bottom\">\n                                                                <svg width=\"22\" height=\"12\" viewBox=\"0 0 22 12\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><g clip-path=\"url(#clip0_662_2219)\"><path d=\"M6.28857 1.22949L1.92057 5.59959L6.28857 9.96969\" stroke=\"#FFFFFF\" stroke-width=\"1.26\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/><path d=\"M12.062 1.22949L7.69401 5.59959L12.062 9.96969\" stroke=\"#FFFFFF\" stroke-width=\"1.26\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/><path d=\"M18.2026 1.22949L13.8346 5.59959L18.2026 9.96969\" stroke=\"#FFFFFF\" stroke-width=\"1.26\" stroke-linecap=\"round\" stroke-linejoin=\"round\"\/><\/g><\/svg>\n                                                                <\/div>\n                                                            <\/div>\n                                                            <div class=\"show-modal-button\">\n                                                                <div class=\"show-modal-button-icon\">\n                                                                    <svg width=\"14\" height=\"18\" viewBox=\"0 0 14 18\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M8.93812 0H4.2C1.88388 0 0 1.73361 0 3.86499C0 4.57639 0.626062 5.11709 1.4 5.11709C2.17394 5.11709 2.8 4.54056 2.8 3.86499C2.8 3.1548 3.42737 2.57666 4.2 2.57666H8.93812C10.185 2.57666 11.2 3.5103 11.2 4.66175C11.2 5.45568 10.7201 6.1703 9.86562 6.56727L5.59125 8.87298C5.12313 9.10649 4.9 9.52922 4.9 9.98417V11.5946C4.9 12.306 5.52606 12.8825 6.3 12.8825C7.07394 12.8825 7.7 12.306 7.7 11.5946V10.7209L11.2 8.82869C12.9268 8.03355 14 6.43642 14 4.66175C14 2.09112 11.7294 0 8.93812 0ZM6.3 14.8154C5.33356 14.8154 4.55 15.5365 4.55 16.4258C4.55 17.3152 5.33356 18 6.3 18C7.26644 18 8.05 17.2793 8.05 16.4258C8.05 15.5723 7.26687 14.8154 6.3 14.8154Z\" fill=\"white\"\/><\/svg>\n                                                                <\/div>\n                                                            <\/div>\n                                                        <\/div>\n                                                    <\/div>\n                                                <\/div><!-- \/. map-container -->\n                                                <div class=\"explore-regulation-mobile\"><p>VIEW ALL REGULATIONS<\/p><\/div>\n                                                <div class=\"mobile-disclaimer\">use two fingers to move map<\/div>\n                                                <div class=\"regulation-modal-main-wrapper\">\n                                                    <div class=\"map-modal-close-btn\"><\/div>\n                                                    <div class=\"regulation-modal\">\n                                                        <div class=\"regulation-modal-wrapper\">\n                                                            <h2>Explore the Complex World of Regulations<\/h2>\n                                                            <p>Compliance can be overwhelming. Multiple frameworks. Overlapping requirements. Let Arctic Wolf be your guide.<\/p>\n                                                            <a href=\"#\" rel=\"nofollow\">EXPLORE YOUR REGULATIONS<\/a>\n                                                        <\/div>\n                                                    <\/div>\n                                                    <div class=\"disclaimer\"><p>Click a region to view its regulations<\/p><\/div>\n                                                <\/div>\n                                            <\/section><!-- \/. aw-compliance-map -->\n    \n                                            <section style=\"display: none;\" class=\"aw-compliance-survey elementor-section elementor-section-boxed elementor-section-items-middle\">\n                                                <div class=\"elementor-container elementor-column-gap-default\">\n                                                    <div class=\"elementor-row f-align-center\">\n                                                        <div class=\"elementor-column elementor-col-50\">\n                                                            <div class=\"elementor-column-wrap\">\n                                                                <div class=\"elementor-widget-wrap\">\n                                                                    <div class=\"elementor-element\">\n                                                                        <div class=\"elementor-widget-container\">\n                                                                            <span class=\"headline\">INDUSTRY SURVEY<\/span>\n                                                                            <h2 class=\"section-title\">2022 Cybersecurity Compliance Landscape: Current State and Beyond<\/h2>\n                                                                            <p>To better understand the challenges you face, we conducted an anonymous industry survey on cybersecurity compliance.<\/p>\n                                                                        <\/div>\n                                                                    <\/div>\n                                                                <\/div>\n                                                            <\/div>\n                                                        <\/div>\n                                                        <div class=\"elementor-column elementor-col-50\">\n                                                            <div class=\"elementor-column-gap-default\">\n                                                                <div class=\"elementor-row f-align-center\">\n                                                                    <div class=\"elementor-column elementor-col-50 first-row\">\n                                                                        <div class=\"elementor-widget-wrap\">\n                                                                            <div class=\"box-wrapper\">\n                                                                                <div class=\"box box78\">\n                                                                                    <h5>78<sup>%<\/sup><\/h5>\n                                                                                    <p>implement 6 or more cybersecurity regulatory frameworks or general cybersecurity frameworks.<\/p>\n                                                                                <\/div>\n                                                                            <\/div>\n                                                                            <div class=\"box-wrapper\">\n                                                                                <div class=\"box box34\">\n                                                                                    <h5>34<sup>%<\/sup><\/h5>\n                                                                                    <p>don\u2019t have the budget or resources to make adjustments to workflow and processes for compliance-based regulations.<\/p>\n                                                                                <\/div>\n                                                                            <\/div>\n                                                                        <\/div>\n                                                                    <\/div>\n                                                                    <div class=\"elementor-column elementor-col-50\">\n                                                                        <div class=\"elementor-widget-wrap\">\n                                                                            <div class=\"box-wrapper mobile-clone\">\n                                                                                <div class=\"box box53\">\n                                                                                    <h5>53<sup>%<\/sup><\/h5>\n                                                                                    <p>don\u2019t have the time, resource or talent to help manage and maintain our compliance.<\/p>\n                                                                                <\/div>\n                                                                            <\/div>\n                                                                        <\/div>\n                                                                    <\/div>\n                                                                <\/div>\n                                                            <\/div>\n                                                        <\/div>\n                                                    <\/div>\n                                                <\/div>\n                                                <div class=\"elementor-container elementor-column-gap-default\">\n                                                    <div class=\"elementor-row f-align-center\">\n                                                        <div class=\"elementor-column elementor-col-100\">\n                                                            <div class=\"elementor-column-wrap elementor-element-populated\">\n                                                                <div class=\"elementor-column-inner\">\n                                                                    <div class=\"elementor-element\">\n                                                                        <a href=\"https:\/\/arcticwolf.com\/resource\/aw\/the-state-of-cybersecurity-2022-trends\" class=\"results-bar\">\n                                                                            <span class=\"left-side\">\n                                                                                <h6>See the full results<\/h6>\n                                                                                <p>Download the full report to see the current state of cybersecurity compliance.<\/p>\n                                                                            <\/span>\n                                                                            <span class=\"right-side\">\n                                                                                <span class=\"btn-white\" href=\"#\">GET THE REPORT<\/span>\n                                                                            <\/span>\n                                                                        <\/a>\n                                                                    <\/div>\n                                                                <\/div>\n                                                            <\/div>\n                                                        <\/div>\n                                                    <\/div>\n                                                <\/div>\n                                            <\/section><!-- \/. aw-compliance-survey -->\n    \n                                            <section class=\"aw-compliance-quote elementor-section elementor-section-boxed\">\n                                                <div class=\"elementor-container elementor-column-gap-default\">\n                                                    <div class=\"elementor-row\">\n                                                        <div class=\"elementor-column elementor-col-100\">\n                                                            <div class=\"elementor-column-wrap elementor-element-populated\">\n                                                                <div class=\"elementor-column-inner\">\n                                                                    <div class=\"elementor-element\">\n                                                                        <div class=\"quote\">\n                                                                            <div class=\"quote-bg\" style=\"background-image: url('\/wp-content\/rd\/assets\/images\/quote.jpg')\"><\/div>\n                                                                            <h3>\u201cGetting clear visibility across our infrastructure was a worrisome issue until we engaged Arctic Wolf. Collaborating with Arctic Wolf\u2019s Concierge Security<sup>&reg;<\/sup> Team lets us maintain visibility and meet compliance obligations.\u201d<\/h3>\n                                                                            <h6>Dr. Jason A. Thomas,<\/h6>\n                                                                            <p>Chief Operating Officer and Chief Information Officer, Jackson Parish Hospital<\/p>\n                                                                            <div class=\"cta-logo\">\n                                                                                <a class=\"cta\" href=\"https:\/\/arcticwolf.com\/resource\/aw\/jackson-parish\">Read the case study <i class=\"premium-icon-box-more-icon fas fa-arrow-right\" aria-hidden=\"true\"><\/i><\/a>\n                                                                                <div class=\"logo\">\n                                                                                    <img decoding=\"async\" data-src=\"\/wp-content\/rd\/assets\/images\/jackson-parish-hospital-logo.png\" alt=\"Jackson Parish Hospital\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" style=\"--smush-placeholder-width: 332px; --smush-placeholder-aspect-ratio: 332\/132;\" \/>\n                                                                                <\/div>\n                                                                            <\/div>\n                                                                        <\/div>\n                                                                    <\/div>\n                                                                <\/div>\n                                                            <\/div>\n                                                        <\/div>\n                                                    <\/div>\n                                                <\/div>\n                                            <\/section><!-- \/. aw-compliance-quote -->\n    \n                                            <section class=\"aw-compliance-how-helps elementor-section elementor-section-boxed\">\n                                                <div class=\"elementor-container elementor-column-gap-default\">\n                                                    <div class=\"elementor-row\">\n                                                        <div class=\"elementor-column elementor-col-100\">\n                                                            <div class=\"column-top\">\n                                                                <div class=\"headline\">HOW ARCTIC WOLF HELPS<\/div>\n                                                                <h2 class=\"section-title\">Arctic Wolf Helps Thousands <br> of Teams Achieve Compliance<\/h2>\n                                                            <\/div>\n                                                        <\/div>\n                                                    <\/div>\n                                                <\/div>\n                                                <div class=\"elementor-container elementor-column-gap-default\">\n                                                    <div class=\"elementor-row grid-row\">\n                                                        <div class=\"elementor-column elementor-col-25\">\n                                                            <div class=\"elementor-column-wrap elementor-element-populated\">\n                                                                <div class=\"elementor-column-inner\">\n                                                                    <div class=\"icon\"><img decoding=\"async\" data-src=\"\/wp-content\/rd\/assets\/images\/24x7x365-scanning.svg\" alt=\"24x7x365 Scanning\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" \/><\/div>\n                                                                    <h4>24x7x365 <br> Scanning<\/h4>\n                                                                    <p class=\"copy\">24x7x365 scanning of your entire IT environment for threats and vulnerabilities.<\/p>\n                                                                <\/div>\n                                                            <\/div>\n                                                        <\/div>\n    \n                                                        <div class=\"elementor-column elementor-col-25\">\n                                                            <div class=\"elementor-column-wrap elementor-element-populated\">\n                                                                <div class=\"elementor-column-inner\">\n                                                                    <div class=\"icon\"><img decoding=\"async\" data-src=\"\/wp-content\/rd\/assets\/images\/priority-context.svg\" alt=\"Priority Context\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" \/><\/div>\n                                                                    <h4>Priority <br> Context<\/h4>\n                                                                    <p class=\"copy\">Priority context to the criticality of vulnerabilities found within the organization\u2019s networks and endpoints.<\/p>\n                                                                <\/div>\n                                                            <\/div>\n                                                        <\/div>\n    \n                                                        <div class=\"elementor-column elementor-col-25\">\n                                                            <div class=\"elementor-column-wrap elementor-element-populated\">\n                                                                <div class=\"elementor-column-inner\">\n                                                                    <div class=\"icon\"><img decoding=\"async\" data-src=\"\/wp-content\/rd\/assets\/images\/prevent-unnecessary-access.svg\" alt=\"Prevent Unnecessary Access\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" \/><\/div>\n                                                                    <h4>Prevent Unnecessary <br> Access<\/h4>\n                                                                    <p class=\"copy\">Prevent unnecessary access to critical systems and infrastructure.<\/p>\n                                                                <\/div>\n                                                            <\/div>\n                                                        <\/div>\n    \n                                                        <div class=\"elementor-column elementor-col-25\">\n                                                            <div class=\"elementor-column-wrap elementor-element-populated\">\n                                                                <div class=\"elementor-column-inner\">\n                                                                    <div class=\"icon\"><img decoding=\"async\" data-src=\"\/wp-content\/rd\/assets\/images\/better-understandyour-assets.svg\" alt=\"Better Understand Your Assets\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" \/><\/div>\n                                                                    <h4>Better Understand <br> Your Assets<\/h4>\n                                                                    <p class=\"copy\">Provide a way to better understand the configuration settings of your servers and workstations\u2014preventing vulnerable services and settings from being exploited.<\/p>\n                                                                <\/div>\n                                                            <\/div>\n                                                        <\/div>\n                                                    <\/div>\n                                                <\/div>\n\n                                                <style>.disclaimer_box {font-size: 12px; color: white; width: 100%; max-width: 1304px; padding:4% 8% 8% 8%; margin: 0 auto; text-align: center; font-style: italic;}<\/style>\n                                                <div class=\"disclaimer_box\"><p><b>Legal Disclaimer:<\/b><br\/ >This information is provided for informational purposes and is not legal advice and should not be interpreted as such. Consult with your own legal counsel to determine your regulatory obligations and assess the effectiveness of your compliance programs. Arctic Wolf products and services are not compliance solutions but are tools that can support your compliance programs.<\/div>\n\n                                            <\/section><!-- \/. aw-compliance-how-helps -->\n    \n                                            <section class=\"aw-compliance-resources elementor-section elementor-section-boxed\">\n                                                <div class=\"elementor-container elementor-column-gap-default\">\n                                                    <div class=\"elementor-row\">\n                                                        <div class=\"elementor-column elementor-col-100\">\n                                                            <div class=\"elementor-column-wrap\">\n                                                                <div class=\"elementor-widget-wrap\">\n                                                                    <div class=\"elementor-element\">\n                                                                        <div class=\"elementor-widget-container\">\n                                                                            <div class=\"elementor-column elementor-col-100 col-title\">\n                                                                                <div class=\"elementor-column-wrap elementor-element-populated\">\n                                                                                    <div class=\"elementor-column-inner\">\n                                                                                        <div class=\"headline\">Resources<\/div>\n                                                                                        <h2 class=\"section-title\">Let Arctic Wolf Be Your Guide<\/h2>\n                                                                                    <\/div>\n                                                                                <\/div>\n                                                                            <\/div>\n    \n                                                                            <div class=\"elementor-column-wrap\">\n                                                                                <div class=\"elementor-widget-wrap\">\n                                                                                    <div class=\"elementor-column elementor-col-50\">\n                                                                                        <div class=\"elementor-column-wrap elementor-element-populated\">\n                                                                                            <div class=\"elementor-column-inner space-between\">\n                                                                                                <div class=\"column-top\">\n                                                                                                    <div class=\"headline blue\">Guide<\/div>\n                                                                                                    <h4>Cybersecurity Compliance Guide<\/h4>\n                                                                                                <\/div>\n                                                                                                <div class=\"column-bottom\">\n                                                                                                    <div class=\"img-column\"><a href=\"https:\/\/arcticwolf.com\/resource\/aw\/cybersecurity-compliance-guide\"><img decoding=\"async\" data-src=\"\/wp-content\/rd\/assets\/images\/cybersecurity-compliance-guide.png\" alt=\"Cybersecurity Compliance Guide\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" style=\"--smush-placeholder-width: 1258px; --smush-placeholder-aspect-ratio: 1258\/500;\" \/><\/a><\/div>\n                                                                                                    <a class=\"btn-box\" href=\"https:\/\/arcticwolf.com\/resource\/aw\/cybersecurity-compliance-guide\">\n                                                                                                        GET THE GUIDE\n                                                                                                        <i class=\"premium-icon-box-more-icon fas fa-arrow-right\" aria-hidden=\"true\"><\/i>\n                                                                                                    <\/a>\n                                                                                                <\/div>\n                                                                                            <\/div>\n                                                                                        <\/div>\n                                                                                    <\/div>\n    \n                                                                                    <div class=\"elementor-column elementor-col-50\">\n                                                                                        <div class=\"elementor-widget-wrap\">\n                                                                                            <div class=\"elementor-column elementor-col-50\">\n                                                                                                <div class=\"elementor-column-wrap elementor-element-populated\">\n                                                                                                    <div class=\"elementor-column-inner space-between\">\n                                                                                                        <div class=\"column-top\">\n                                                                                                            <div class=\"headline blue\">Webinar<\/div>\n                                                                                                            <h4>Navigating the Complex Landscape of Cybersecurity Compliance<\/h4>\n                                                                                                        <\/div>\n                                                                                                        <div class=\"column-bottom\">\n                                                                                                            <div class=\"img-column\"><a href=\"https:\/\/arcticwolf.com\/resource\/aw\/navigating-the-complex-world-of-cybersecurity-compliance-2\"><img decoding=\"async\" data-src=\"\/wp-content\/rd\/assets\/images\/navigating-the-complex-landscape-of-cybersecurity-compliance.png\" alt=\"Navigating the Complex Landscape of Cybersecurity Compliance\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" style=\"--smush-placeholder-width: 610px; --smush-placeholder-aspect-ratio: 610\/500;\" \/><\/a><\/div>\n                                                                                                            <a class=\"btn-box\" href=\"https:\/\/arcticwolf.com\/resource\/aw\/navigating-the-complex-world-of-cybersecurity-compliance-2\">\n                                                                                                                WATCH THE REPLAY\n                                                                                                                <i class=\"premium-icon-box-more-icon fas fa-arrow-right\" aria-hidden=\"true\"><\/i>\n                                                                                                            <\/a>\n                                                                                                        <\/div>\n                                                                                                    <\/div>\n                                                                                                <\/div>\n                                                                                            <\/div>\n                                                                                            <div class=\"elementor-column elementor-col-50\">\n                                                                                                <div class=\"elementor-column-wrap elementor-element-populated\">\n                                                                                                    <div class=\"elementor-column-inner space-between\">\n                                                                                                        <div class=\"column-top\">\n                                                                                                            <div class=\"headline blue\">CyberScoop Exec Video Panel<\/div>\n                                                                                                            <h4>Exploring the Foundations of Cybersecurity Compliance<\/h4>\n                                                                                                        <\/div>\n                                                                                                        <div class=\"column-bottom\">\n                                                                                                            <div class=\"img-column\"><a href=\"https:\/\/www.cyberscoop.com\/video\/exploring-the-foundations-of-cybersecurity-compliance\/\" target=\"_blank\"><img decoding=\"async\" data-src=\"\/wp-content\/rd\/assets\/images\/exploring-the-foundations-of-cybersecurity-compliance.png\" alt=\"Exploring the Foundations of Cybersecurity Compliance\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" style=\"--smush-placeholder-width: 610px; --smush-placeholder-aspect-ratio: 610\/500;\" \/><\/a><\/div>\n                                                                                                            <a class=\"btn-box\" href=\"https:\/\/www.cyberscoop.com\/video\/exploring-the-foundations-of-cybersecurity-compliance\/\" target=\"_blank\">\n                                                                                                                WATCH THE VIDEO\n                                                                                                                <i class=\"premium-icon-box-more-icon fas fa-arrow-right\" aria-hidden=\"true\"><\/i>\n                                                                                                            <\/a>\n                                                                                                        <\/div>\n                                                                                                    <\/div>\n                                                                                                <\/div>\n                                                                                            <\/div>\n                                                                                        <\/div>\n                                                                                    <\/div>\n                                                                                <\/div>\n                                                                            <\/div>\n                                                                        <\/div>\n                                                                    <\/div>\n                                                                <\/div>\n                                                            <\/div>\n                                                        <\/div>\n                                                    <\/div>\n                                                <\/div>\n                                            <\/section><!-- \/. aw-compliance-resources -->\n    \n                                            <section class=\"aw-compliance-cta-section elementor-section elementor-section-boxed\">\n                                                <div class=\"elementor-container elementor-column-gap-default\">\n                                                    <div class=\"elementor-row\">\n                                                        <div class=\"elementor-column elementor-col-100\">\n                                                            <div class=\"elementor-column-wrap\">\n                                                                <div class=\"elementor-widget-wrap\">\n                                                                    <div class=\"elementor-element\">\n                                                                        <div class=\"elementor-widget-container\">\n                                                                            <div class=\"heading-section\">\n                                                                                <h2>Ready to Understand and Meet Your Compliance Needs?<\/h2>\n                                                                            <\/div>\n                                                                            <form style=\"height: 0;overflow: hidden;\" class=\"mkto-form\" id=\"mktoForm_1002\" onsubmit=\"_6si.send(event);\"><\/form>\n                                                                            <a class=\"show-form\" href=\"https:\/\/arcticwolf.com\/request-demo\/\">Request a Demo<\/a>\n                                                                        <\/div>\n                                                                        <script src=\"https:\/\/cybersecurity.arcticwolf.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n                                                                        <script>MktoForms2.loadForm(\"\/\/cybersecurity.arcticwolf.com\", \"840-OSQ-661\", 1002, function(form) {\n     var formElement = form.getFormElem()[0];\n     formElement.addEventListener(\"submit\", function(event) {\n     window.SixSenseEvent = event;\n     console.info(\"6sense: Form submit initiated.\");\n     });\n     formElement.getElementsByTagName('button')[0].setAttribute('name', 'mktoButton_' + form.getId());\n     formElement.setAttribute('name', 'mktoForm_' + form.getId());\n     form.onSuccess(function() {\n     if (_6si) {\n     _6si.send(window.SixSenseEvent);\n     console.info(\"6sense: Form submit completed.\");\n     } else {\n     console.warn(\"6sense: Event object not found. Form fill not logged.\");\n     }\n     });\n    });<\/script>\n                                                                    <\/div>\n                                                                <\/div>\n                                                            <\/div>\n                                                        <\/div>\n                                                    <\/div>\n                                                <\/div>\n                                            <\/section><!-- \/. aw-compliance-cta-section -->\n    \t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4aa0f1e elementor-widget elementor-widget-html\" data-id=\"4aa0f1e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<script src=\"\/wp-content\/rd\/assets\/js\/leaflet\/countries.js\"><\/script>\n       <script src=\"\/wp-content\/rd\/\/assets\/js\/leaflet\/us-states.js\"><\/script>\n       <script src=\"\/wp-content\/rd\/assets\/js\/leaflet\/countries_lat_long.js\"><\/script>\n       <script src=\"https:\/\/unpkg.com\/esri-leaflet-geocoder@3.1.3\/dist\/esri-leaflet-geocoder.js\" integrity=\"sha512-mwRt9Y\/qhSlNH3VWCNNHrCwquLLU+dTbmMxVud\/GcnbXfOKJ35sznUmt3yM39cMlHR2sHbV9ymIpIMDpKg4kKw==\" crossorigin=\"\"><\/script>\n       <script src=\"\/wp-content\/rd\/assets\/js\/leaflet\/leaflet.js\"><\/script>\n       <script src=\"https:\/\/unpkg.com\/leaflet-geosearch@2.2.0\/dist\/bundle.min.js\"><\/script>\n        <script>var csv_file = [[\"\\ufeffCompliance Category\",\"Name\",\"Subset Abbreviation\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Issuing Industry\",\"Location\",\"At a Glance Blurb\",\"View Requirements\",\"How AW Can Help\",\"Additional Resource 1\",\"Additional Resource 1 URL\",\"Additional Resource 2\",\"Additional Resource 2 URL\"],[\"CIS Controls\",\"Center for Internet Security - Critical Security Controls\",\"CIS\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"All\",\"International, United States\",[\"The CIS Controls supplement almost every other security framework\\u2014including NIST, ISO 27001, PCI, and HIPAA\\u2014and are a useful baseline to develop or assess a security program.\",\"The latest version combines and consolidates the CIS Controls by activities, rather than by who manages the devices, which has resulted in a decrease of the number of controls from 20 to 18. The CIS Controls are also now task-focused and contain 153 \\u201csafeguards\\u201d\\u2014formerly known as \\u201csub-controls.\\u201d\",{\"url\":\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/unpacking-significant-changes-in-latest-version-cis-critical-security-controls\",\"title\":\"Learn more about the latest updates here. \"}],{\"title\":\"CIS CONTROLS REQUIREMENTS\",\"content\":[\"1. Inventory and Control of Enterprise Assets\",\"2. Inventory and Control of Software Assets\",\"3. Data Protection\",\"4. Secure Configuration of Enterprise Assets and Software\",\"5. Account Management\",\"6. Access Control Management\",\"7. Continuous Vulnerability Management\",\"8. Audit Log Management\",\"9. Email and Web Browser Protections\",\"10. Malware Defenses\",\"11. Data Recovery\",\"12. Network Infrastructure Management\",\"13. Network Monitoring and Defense\",\"14. Security Awareness and Skills Training\",\"15. Service Provider Management\",\"16. Application Software Security\",\"17. Incident Response Management\",\"18. Penetration Testing\"]},[\"Deliver 24\\u00d77, 365 scanning of your entire IT environment for threats and vulnerabilities.\",\"Provide priority context to the criticality of vulnerabilities found within the organization\\u2019s networks and endpoints.\",\"Prevent unnecessary access to critical systems and infrastructure.\",\"Provide a way to better understand the configuration settings of your servers and workstations\\u2014preventing vulnerable services and settings from being exploited.\"],\"The Top 18 CIS Critical Security Controls\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/white-papers\\\/address-the-top-cis-critical-security-controls-with-arctic-wolf\",\"CIS Critical Security Controls: Unpacking the Significant Changes in the Latest Version\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/unpacking-significant-changes-in-latest-version-cis-critical-security-controls\"],[\"FAR\",\"Federal Acquisition Regulation\",\"FAR  \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Government\",\"United States\",[\"The\\u00a0Federal Acquisition Regulation\\u00a0(FAR) is a set of regulations that establishes the rules that the Government has to follow to acquire goods and services with procurement contracts.\\u00a0\",\"Notably, FAR 52.204-21\\u2014a clause within FAR and its supplement, DFARS\\u2014call out specific cybersecurity regulations applying to federal contractors.  \"],{\"title\":\"\",\"content\":[]},[],\"\",\"\",\"\",\"\"],[\"\",\"Federal Acquisition Regulation: Basic Safeguarding of Covered Contractor Information Systems\",\"FAR 52.204-21\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Government, Manufacturing\",\"United States\",[\"The\\u00a0Federal Acquisition Regulation\\u00a0(FAR) is a set of regulations that establishes the rules that the Government has to follow to acquire goods and services with procurement contracts.\\u00a0\",\"FAR 52.204-21, \\u201cBasic Safeguarding of Covered Contractor Information Systems,\\u201d is a contract clause to the Federal Acquisition Regulation (FAR) that applies to all federal contracts, not just those with the Department of Defense. It lays out a set of 15 cybersecurity controls for safeguarding contractor information systems that store, process or transmit federal contract information.\",\"This clause also corresponds to Cybersecurity Maturity Model Certification (CMMC) Level 1. \"],{\"title\":\"FAR 52.204-21 REQUIREMENTS\",\"content\":[\"1. Limit information system access to authorized users.\",\"2. Limit information systems to the types of transactions and functions that authorized users are permitted to execute.\",\"3. Verify and control\\\/limit connections to and use of external information systems.\",\"4. Control information posted or processed on publicly accessible information systems.\",\"5. Identify information system users, processes acting on behalf of users, or devices.\",\"6. Verify the identities of those users, processes, or devices as a prerequisite to allowing access to organization information systems.\",\"7. Sanitize or destroy information system media containing federal contract information before disposal or release for reuse.\",\"8. Limit physical access to organizational information systems, equipment, and the respective operating environments to authorized individuals.\",\"9. Escort visitors and monitor visitor activity; maintain audit logs of physical access; control and manage physical access devices.\",\"10. Monitor, control, and protect organizational communications.\",\"11. Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.\",\"12. Identify, report, and correct information and information system flaws in a timely manner.\",\"13. Provide protection from malicious code at appropriate locations within organizational information systems.\",\"14. Update malicious code protection mechanisms when new releases become available.\",\"15. Perform periodic scans of the information system and real-time scans of files from external sources.\"]},[\"Creation, Protection, retention, and review of system logs.\",\"Develop operations to prepare for, detect, analyze, contain, recover from, and respond to incidents.\",\"Assess the operations risk associated with processing, storage, and transmission of CUI.\",\"Monitor, assess, and correct deficiencies and reduce or eliminate vulnerabilities in organizational information systems.\"],\"CMMC Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cmmc-certification-guide#main-content\",\"\",\"\"],[\"\",\"Federal Acquisition Regulation: Defense Federal Acquisition Regulation Supplement\",\"DFARS\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Government, Manufacturing\",\"United States\",[\"A supplement to the Federal Acquisition Regulation (FAR), the Defense Federal Acquisition Regulation Supplement (DFARS) has been a requirement since Dec. 31, 2017, requiring all Department of Defense (DoD) contractors and subcontractors that store or process Controlled Unclassified Information (CUI) to comply with the minimum security standards outlined in the DFARS. Failure to adhere to DFARS requirements may result in termination of existing DoD contracts.\"],{\"title\":\"DFARS REQUIREMENTS\",\"content\":[\"There are\\u00a0110 granular requirements\\u00a0contained within the 14 main sections, and DoD contractors must comply with all of them. We\\u2019ve narrowed the broader sections down to seven of the most infosec-oriented categories, and the specific requirements down to 13. These are the ones that DoD contractors will likely need the most help to manage:\",\"Section 3.1 - Access Control:\\u00a0Granting or denying permissions to access and\\\/or use information.\",\"Section 3.3 - Audit and Accountability:\\u00a0Tracking, reviewing, and examining adherence to system requirements.\",\"Section 3.5 - Identification and Authentication:\\u00a0Managing user identities and adequately authenticating those identities for use with information\\\/processes.\",\"Section 3.6 - Incident Response:\\u00a0Establishing well-tested incident-handling processes (e.g., threat detection, analysis, response, recovery) for organization information systems.\",\"Section 3.11 - Risk Assessment:\\u00a0Periodically assessing risks to information systems and data to effectively track and manage organizational risk.\",\"Section 3.13 - System and Communication Protection:\\u00a0Monitoring, controling, and protecting all organizational communications.\",\"Section 3.14 - System and Information Integrity:\\u00a0Monitoring all information and communication systems for indicators of threatening traffic and\\\/or activity.\"]},[\"Creation, Protection, retention, and review of system logs.\",\"Develop operations to prepare for, detect, analyze, contain, recover from, and respond to incidents.\",\"Assess the operations risk associated with processing, storage, and transmission of CUI.\",\"Monitor, assess, and correct deficiencies and reduce or eliminate vulnerabilities in organizational information systems.\"],\"Cybersecurity Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cybersecurity-compliance-guide#main-content\",\"CMMC Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cmmc-certification-guide#main-content\"],[\"FFIEC-NCUA\",\"National Credit Union Administration\",\"NCUA\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Financial Services \",\"United States\",[\"The National Credit Union Administration (NCUA) uses a risk-based approach to examining and supervising credit unions.\",\"All federally insured credit unions receive an NCUA examination on a periodic basis. To ensure both compliance with applicable laws and regulations, as well as safety and soundness, a review of the credit union\\u2019s information security program is performed at each examination.\"],{\"title\":\"NCUA REQUIREMENTS\",\"content\":[\"Although the NCUA uses a variety of resources and frameworks for their risk-based examination, credit unions supervised by the NCUA should follow the Federal Financial Institutions Examination Council (FFIEC) compliance standards. \",{\"url\":\"https:\\\/\\\/www.ncua.gov\\\/regulation-supervision\\\/regulatory-compliance-resources\\\/cybersecurity-resources\",\"title\":\"See more from the NCUA here  or check the FFIEC Compliance Standards.\"}]},[\"Deliver Risk management and managed threat detection and response delivered from security experts\",\"Provide dedicated security expertise for your IT team\",\"Offer 24\\u00d77 continuous cybersecurity monitoring and vulnerability assessment\",\"For more information in every domain, control objective, and control activity, check out the full summary of\\u00a0FFIEC-NCUA Compliance.\"],\"Simplify Compliance for FFIEC-NCUA\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/simplify-compliance-for-ffiec-ncua\",\"Enhancing Detection Improves Credit Union Cybersecurity and Compliance\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/enhancing-detection-improves-credit-union-cybersecurity-and-compliance\"],[\"\",\"Federal Financial Institutions Examination Council\",\"FFIEC\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Financial Services\",\"United States\",[\"The Federal Financial Institutions Examination Council (FFIEC) is the inter-agency body of the United States government empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions. FFIEC guidance applies to federally supervised financial institutions. \"],{\"title\":\"FFIEC REQUIREMENTS\",\"content\":[\"Objectives include identifying the institution\\u2019s inherent risk profile and determining the organization\\u2019s maturity level.\",\"Domain 1\\u00a0Cyber Risk Management and Oversight\",\"Domain 2\\u00a0Threat Intelligence and Collaboration\",\"Domain 3\\u00a0Cybersecurity Controls \",\"Domain 4\\u00a0External Dependency Management\",\"Domain 5\\u00a0Cyber Incident Management and Resilience\"]},[\"Deliver Risk management and managed threat detection and response delivered from security experts\",\"Provide dedicated security expertise for your IT team\",\"Offer 24\\u00d77 continuous cybersecurity monitoring and vulnerability assessment\",\"For more information in every domain, control objective, and control activity, check out the full summary of\\u00a0FFIEC-NCUA Compliance.\"],\"Arctic Wolf Platform for FFIEC Information Security\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/white-papers\\\/arctic-wolf-platform-for-ffiec-information-security\",\"How Arctic Wolf Improves Security for Financial Institutions\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/how-arctic-wolf-improves-security-for-financial-institutions\"],[\"NIST\",\"The National Institute for Standards and Technology (NIST) Special Publication (SP) 800-171\",\"NIST SP 800-171\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"All, Federal Contractors, Government\",\"United States\",[\"Executive Order 13556 established the Controlled Unclassified Information (CUI) program to standardize the way federal contractors handle unclassified information that requires protection, such as personally identifiable information or sensitive government assets.\"],{\"title\":\"NIST SP 800-171 REQUIREMENTS\",\"content\":[\"Sec. 3.1 Access Control\",\"Sec 3.3 Audit and Accountability\",\"Sec 3.4 Configuration Management\",\"Sec 3.5 Identification and Authentication\",\"Sec 3.6 Incident Response\",\"Sec 3.7 Maintenance\",\"Sec 3.8 Media Protection\",\"Sec 3.9 Physical Protection\",\"Sec 3.10 Personnel Security\",\"Sec 3.11 Risk Assessment\",\"Sec 3.12 Security Assessment\",\"Sec 3.13 System and Communication Protection\",\"Sec 3.14 System and Information Integrity\"]},[\"Simplify NIST 800- 171 compliance with customized reporting\",\"Protect CUI by monitoring all communications and traffic for malicious activity\",\"Support incident response\",\"Deliver 24\\u00d77 monitoring with unlimited log source\"],\"NIST SP 800-171: What You Need to Know\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/what-is-nist-sp-800-171\",\"\",\"\"],[\"\",\"Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems and Organizations: Enhanced Security Requirements for Critical Programs and High Value Assets\",\"NIST 800-171B\\u00a0\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"All, Federal Contractors, Government\",\"United States\",[\"NIST SP 800-171B is an entirely new publication that introduces 33 enhanced security requirements designed to help protect DoD contractors (specifically, their high-value-assets and critical programs including CUI) from modern attack tactics and techniques related to\\u00a0Advanced Persistent Threats\\u00a0(APTs).\",\"The enhanced security requirements are only applicable for a nonfederal system or organization when mandated by a federal agency in a contract, grant, or other agreement.\"],{\"title\":\"NIST CSF REQUIREMENTS\",\"content\":[\"1. Identify\",\"2. Protect\",\"3. Detect\",\"4. Respond\",\"5. Recover\"]},[\"Arctic Wolf's security operations solutions provide coverage across the NIST five functions:\",\"MDR provides support for Detection, Response, and Recovery\",\"Managed Risk helps businesses Identify their assets and risks and Protect their environments\",\"Managed Security Awareness leverages people to provide security across the five functions\",\"Incident Response helps businesses experiencing an incident Respond and Recover\"],\"Cybersecurity Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cybersecurity-compliance-guide#main-content\",\"\",\"\"],[\"CMMC\",\"Cybersecurity Maturity Model Certification\",\"CMMC\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Manufacturing, Government\",\"United States\",[\"The Cybersecurity Maturity Model Certification (CMMC) is designed to maintain the security of Controlled Unclassified Information (CUI) stored on networks of DoD contractors.\"],{\"title\":\"CMMC REQUIREMENTS\",\"content\":[\"Level 1 Performed: Basic Cyber Hygiene\",\"Level 2 Documented: Immediate Cyber Hygiene\",\"Level 3 Managed: Good Cyber Hygiene\",\"Level 4 Reviewed: Proactive Cyber Hygiene\",\"Level 5 Optimizing: Advanced \\\/ Progressive Cyber Hygiene\"]},[\"Third-party compliance analyst firm Coalfire found that Arctic Wolf can assist with 84% of CMMC 1.0 controls.\",\"Hold third party audited SOC II Type 2 and ISO 27001-2013 certifications.\"],\"CMMC Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cmmc-certification-guide#main-content\",\"How Arctic Wolf Helps with CMMC Certification\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/how-arctic-wolf-helps-with-cmmc-certification\"],[\"HIPAA\",\"Health Insurance Portability and Accountability Act \",\"HIPAA\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Healthcare\",\"United States\",[\"The U.S. Department of Health and Human Services created the Health Insurance Portability and Accountability Act (HIPAA) in 1996 to protect the confidentiality and integrity of electronic protected health electronic protected health information (ePHI) data. The Health Information Technology for Economic and Clinical Health Act (HITECH) of 2009 imposed mandatory audits and fines for non-compliance.\"],{\"title\":\"HIPAA REQUIREMENTS\",\"content\":[\"HIPAA  requires implementation of three types of safeguards: 1) administrative, 2) physical, and 3) technical. \",\"1. Administrative safeguard provisions \",\"Requires a risk analysis to determine what security measures are reasonable and appropriate for your organization, including the following activites: Evaluating the likelihood and impact of potential risks to ePHI, implementing appropriate security measures to address the risks identified in the risk analysis, documenting the chosen security measures and, where required, the rationale for adopting those measures, and maintaining continuous, reasonable, and appropriate security protections\",\"2. Physical safeguard control and security measures\",\"Includes Facility Access and Control Measures: Covered entities and business associates must limit physical access to facilities, while allowing authorized access to ePHI; Workstation and Device Security: Covered entities and business associates must: Implement policies and procedures to specify proper use of and access to workstations and electronic media. Have policies and procedures for the transfer, removal, disposal, and re-use of electronic media.  \",\"3. Technical safeguards\",\"Include measures \\u2013 including firewalls, encryption, and data backup \\u2013 to implement to keep ePHI secure. These safeguards consist of the following: Access Controls: Implementing technical policies and procedures that allow only authorized persons to access ePHI. Audit Controls: Implementing hardware, software, and\\\/or procedural mechanisms to record and examine access in information systems that contain or use ePHI. Integrity Controls: Implementing policies and procedures to ensure that ePHI has not been, and will not be, improperly altered or destroyed. Transmission Security: Implement technical security measures that guard against unauthorized access to ePHI that is transmitted over an electronic network. \"]},[\"Third-party compliance analyst firm Coalfire found that Arctic Wolf can assist with eleven out of twelve technical safeguards, and provide additional compliance value. \",\" \",\"Simplify HIPAA compliance with customized reporting. \",\"Monitor access to electronic patient health information (ePHI) data on premises and in the cloud. \",\"Provide real-time alerts on unauthorized access of ePHI data.  \",\"Monitor end user and administrative access and configuration changes to all systems that create, receive, maintain, and transmit ePHI data. \",\"Monitor activities of active and inactive user accounts, escalates de-provisioning of in-active accounts through manual\\\/automated means. \",\"Audit changes in Active Directory (AD), Group Policies, Exchange, and file servers, and flags unauthorized actions. \",\"Monitor failed\\\/successful logins\\\/logoffs and all password changes to prevent excessive help desk calls. \",\"Investigate all attack vectors (e.g. phishing, ransomware, etc.), and generate security incidents to initiate response actions. \",\"Audit anomalous login activity, and changes, including before\\\/after values for immediate data recovery. \",\"Scan endpoints for unpatched vulnerabilities and collects log information from endpoint security solutions when unauthorized access or advanced malware is detected. \",\"Monitor and report user logins\\\/ logouts in Active Directory, all user activity on endpoints, and continuously monitors network traffic to detect anomalous activity. \",\"Provide reports for account creations and deletions, data retention policies, admin lockouts, configuration changes, and about who, what, where, and when these changes were made.\"],\"The Healthcare Cybersecurity Checklist\",\"https:\\\/\\\/arcticwolf.com\\\/resource\\\/healthcare\\\/the-healthcare-cybersecurity-checklist\",\"Arctic Wolf Platform for the HIPAA Security Rule \",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/white-papers\\\/arctic-wolf-platform-for-the-hipaa-security-rule\"],[\"PCI-DSS\",\"Payment Card Industry Data Security Standard\",\"PCI-DSS\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Consumer Transactions\",\"International, United States\",[\"While not federally mandated in the United States, PCI-DSS is an industry standard and is mandated by the Payment Card Industry Security Standard Council (PCI SSC) to protect cardholder data.\",\"In March 2022, PCI SSC published the PCI Data Security Standard v4.0 replacing version 3.2.1 to address emerging threats and technologies and enable innovative methods to combat new threats.\"],{\"title\":\"PCI-DSS REQUIREMENTS\",\"content\":[\"PCI-DSS 1: Install and maintain firewall configurations to protect data.\",\"PCI-DSS 2: Do not use vendor-supplied defaults for system passwords and security parameters.\",\"PCI-DSS 3: Protect stored cardholder data.\",\"PCI-DSS 4: Encrypt transmission of cardholder data across open, public networks.\",\"PCI-DSS 5: Protect all systems against malware and regularly update AV software.\",\"PCI-DSS 6: Develop and maintain secure systems and applications.\",\"PCI-DSS 7: Restrict access to cardholder data by business need-to-know.\",\"PCI-DSS 8: Identify and authenticate access to system components.\",\"PCI-DSS 9: Restrict physical access to cardholder data.\",\"PCI-DSS 10: Track and monitor all access to network resources and cardholder data.\",\"PCI-DSS 11: Regularly test security systems and processes.\",\"PCI-DSS 12: Maintain a policy that addresses information security.\"]},[\"Simplify PCI-DSS 3.2 compliance with customized reporting\",\"Monitor access to card holder data on-premises and in the cloud\",\"Provide real-time alerts based on business risks posed by payment card data\",\"Perform continuous vulnerability scanning of internal and external networks, and endpoints\",\"Implement secure configuration policies based on security controls benchmarks, such as CIS\",\"Identify and prioritize vulnerabilities based on threat exposure, assets, and severity\",\"Audit system access, authentication, and other security controls to detect policy violations\",\"Automatically detect and scan new devices as they enter the network\",\"Create, assign, track, and verify remediation tasks\",\"Demonstrate compliance and communicate progress with reports, analytics, and live dashboards from the Arctic Wolf Concierge Security Team\"],\"PCI-DSS Compliance Reports\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/pci-dss-checklist\",\"\",\"\"],[\"SHIELD Act\",\"New York State \\\"Stop Hacks and Improve Electronic Data Security\\\" Act\",\"SHIELD Act\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"All\",\"New York - US\",[\"The Stop Hacks and Improve Electronic Data Security (SHIELD) Act went into effect on March 21, 2020. The act requires businesses that collect private information on its residents to implement reasonable cybersecurity safeguards to protect it.\"],{\"title\":\"SHIELD REQUIREMENTS\",\"content\":[\"1. Administrative safeguards such as designating employees to coordinate the security program, identify foreseeable external and insider risks, assess existing safeguards, implement workforce cybersecurity training, and select and manage third-party service providers capable of maintaining appropriate safeguards.\",\"2. Technical safeguards such as risk assessments of network design, software design, and information processing; transmission and storage; implementation of measures to detect, prevent, and respond to system failures; and regular testing and monitoring of key controls.\",\"3. Physical safeguards such as detection, prevention, and response to intrusions, as well as protection against unauthorized access to (or use of) private information during or after collection, transportation, and destruction or disposal of the information.\"]},[\"Monitor your environment for threats and provide regular feedback on your security posture.\",\"Provide internal and external vulnerability assessment and management capabilities to understand risks.\",\"Act as your service provider to monitor your systems and assess\\\/manage vulnerabilities in those systems.\"],\"New York State\\u2019s SHIELD Law: Is Your Business Ready?\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/shield-law-is-your-business-ready\",\"\",\"\"],[\"GLBA\",\"Gramm-Leach-Bliley Act\",\"GLBA\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Financial Services\",\"United States\",[\"Under the Gramm-Leach-Bliley Act (GLBA), organizations defined as \\u201cfinancial institutions\\u201d must keep customer information secure and confidential. The Safeguards Rule, one of three sections of the GLBA, was updated December 9, 2021. With this update, the Federal Trade Commission (FTC) notes that an organization \\u201cengaging in an activity that is financial in nature or incidental to such financial activities\\u201d is considered a \\u201cfinancial institution\\u201d and must comply.\",\"Key changes to the Safeguards Rule will take effect December 6, 2022.Who must comply with the Safeguards Rule?\",\"Consider these examples of organizations deemed to be \\u201cfinancial institutions\\u201d under the Safeguards Rule:\",\"* Retailers extending a credit card\",\"Dealerships leasing a car long term \\u2014 longer than 90 days\",\"Organizations appraising real estate or personal property\",\"Counselors helping individuals associated with a financial institution\",\"Businesses printing and selling checks on behalf of customers or wiring money\",\"Businesses engaging in cash checking services\",\"Income tax return preparers\",\"Travel agencies\",\"Real estate settlement services\",\"Mortgage brokers\",\"Colleges and universities accepting Title IV funds\"],{\"title\":\"GLBA REQUIREMENTS\",\"content\":[\"1.\\u00a0The Safeguards Rule\\u00a0requires financial institutions protect the consumer information they collect. \",\"Requirements include:\",\"- Designating an individual or group to coordinate an information security program.\",\"- Identifying and assessing risks to customer data and evaluating the effectiveness of the existing controls.\",\"- Implementing, monitoring, and testing a safeguards program.\",\"- Evaluating the program when changes take place in business operations and other circumstances.\",\"- Ensuring service providers can maintain the appropriate safeguards.\",\"2.\\u00a0The Privacy of Consumer Information Rule (or Privacy Rule)\\u00a0requires regulated entities to inform consumers about their information-collection practices and to explain their rights to opt out. The rule includes requirements for the contents of the notices, delivery methods, and frequency.\"]},[\"Provide broad visibility to threats targeting customer data on remote endpoints, the corporate network, and in cloud applications\",\"Deliver 24\\\/7\\\/365 threat detection and response to attacks targeting customer non-public information (NPI)\",\"Proactive cyber risk assessments and strategic security advice to bolster their security posture\"],\"A Simplified Regulatory Checklist for Financial Institutions\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/a-simplified-regulatory-checklist-for-financial-institutions\",\"Cybersecurity Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cybersecurity-compliance-guide#main-content\"],[\"FISMA\",\"Federal Information Security Modernization Act of 2014\",\"FISMA 2014\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Government\",\"United States\",[\"The Federal Information Security Modernization Act of 2014 (FISMA 2014) codifies the Department of Homeland Security\\u2019s role in administering the implementation of information security policies for federal executive branch civilian agencies, overseeing agency compliance with those policies, and assisting the Office of Management and Budget (OMB) in developing those policies.\"],{\"title\":\"FISMA REQUIREMENTS \",\"content\":[\"NIST develops the standards and guidelines for FISMA compliance using a risk-based approach. It uses a framework that includes seven core steps, some of which map to specific NIST Special Publications (SPs):\",\"1. Prepare Conducting the essential activities to help prepare for risk management under the framework.\",\"2. Categorize Classifying the information and systems that must be protected\",\"3. Select Establishing the baseline controls for protecting the categorized systems and data.\",\"4. Implement Deploying the appropriate controls and documenting them.\",\"5. Assess Determining if controls are working correctly and leading to desired outcomes.\",\"6. Authorize Authorizing the operation of the system based on the risk determination.\",\"7. Monitor Continuously monitoring and assessing the security controls for effectiveness.\"]},[\"Monitor access and account changes to in-scope applications in the cloud\",\"Monitor for application configuration changes\"],\"Cybersecurity Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cybersecurity-compliance-guide#main-content\",\"\",\"\"],[\"SOX\",\"Sarbanes\\u2013Oxley Act\",\"SOX\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Financial Services\",\"International, United States\",[\"SOX are expanded regulatory requirements governing all U.S. public companies, foreign companies with securities registered with the Securities and Exchange Commission, and public accounting firms. Its primary goal is to prevent fraudulent financial reporting and protect investors.\"],{\"title\":\"SOX REQUIREMENTS\",\"content\":[\"Section 302\\u00a0mandates that senior corporate officers personally certify in writing that the company\\u2019s financial statements \\u201ccomply with SEC disclosure requirements and fairly present in all material aspects the operations and financial condition of the issuer.\\u201d Officers who sign off on financial statements that they know to be inaccurate are subject to criminal penalties, including prison terms.\",\"Section 404\\u00a0requires that management and auditors establish internal controls and reporting methods to ensure the adequacy of those controls. Some critics of the law have complained that the requirements in Section 404 can have a negative impact on publicly traded companies because it\\u2019s often expensive to establish and maintain the necessary internal controls.\",\"Section 802\\u00a0contains the three rules that affect recordkeeping. The first deals with destruction and falsification of records. The second strictly defines the retention period for storing records. The third rule outlines the specific business records that companies need to store, which includes electronic communications.\"]},[\"Analyze, prioritize, and manage vulnerabilities\",\"Maintain, monitor, and analyze audit logs\",\"Perform regular risk assessments to identify weak points in your security\"],\"A Simplified Regulatory Checklist for Financial Institutions\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/a-simplified-regulatory-checklist-for-financial-institutions\",\"Cybersecurity Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cybersecurity-compliance-guide#main-content\"],[\"FERPA\",\"Family Educational Rights and Privacy Act (FERPA)\",\"FERPA\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Education\",\"United States\",[\"FERPA gives parents of students under 18 specific rights with regards to student records, and those rights transfer to the students when they reach age 18.\"],{\"title\":\"FERPA REQUIREMENTS\",\"content\":[\"1. Inspect the student records maintained by the institution\",\"2. Request the correction of records that they believe are inaccurate\",\"3. Provide written permission for the records to be disclosed\"]},[\"Perform continuous vulnerability scanning of internal and external networks, and endpoints \",\"Identify and prioritize vulnerabilities based on threat exposure, assets, and severity\",\"Audit system access, authentication, and other security controls to detect policy violations\",\"Detect and scan new devices as they enter the network\"],\"Cybersecurity Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cybersecurity-compliance-guide#main-content\",\"\",\"\"],[\"23 NYCRR Part 500 - Cybersecurity\",\"The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR 500)\",\"23 NYCRR Part 500\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Financial Services, Insurance\",\"New York - US\",[\"The intention of the New York State Department of Financial Services (23 NYCRR 500) is to establish minimum regulatory standards to promote the protection of customer information, as well as protect the information technology systems of regulated entities.\"],{\"title\":\"23 NYCRR PART 500 REQUIREMENTS\",\"content\":[\"Section 500.02: Cybersecurity Program\",\"Section 500.05: Penetration Testing and Vulnerability Assessments\",\"Section 500.06: Audit Trail\",\"Section 500.07: Access Privileges\",\"Section 500.09: Risk Assessment\",\"Section 500.10: Cybersecurity Personnel and Intelligence\",\"Section 500.11: Third-Party Service Provider Security Policy\",\"Section 500.13: Limitations on Data Retention\",\"Section 500.14: Training and Monitoring\",\"Section 500.15: Encryption of Nonpublic Information\",\"Section 500.16: Incident Response Plan\"]},[\"Provide incident response plans that include responding to cyberthreats and data breaches\",\"Audit trails designed to record and respond to cyber attacks\",\"Create reports covering the risks faced, all material events, and the impact on protected data\",\"Conduct risk Assessments to identify and document security deficiencies and remediation plans\"],\"23 NYCRR 500: Why It's Important for Your Organization\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/23-nycrr-500-why-its-important\",\"Simplify Compliance for NY DFS Cybersecurity Requirements (23 NYCRR 500)\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/briefs-2\\\/simplifies-compliance-for-ny-dfs-cybersecurity-requirements-23-nycrr-500\"],[\"ITAR\",\"International Traffic in Arms Regulations\",\"ITAR\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Arms\\\/Defense\",\"United States\",[\"The United States' International Traffic in Arms Regulations (ITAR) control the manufacture, sale, and distribution of defense and space-related articles and services\"],{\"title\":\"ITAR REQUIREMENTS\",\"content\":[{\"url\":\"https:\\\/\\\/www.ecfr.gov\\\/current\\\/title-22\\\/part-121\",\"title\":\"Regulations are simple: only U.S. citizens can access items on the USML list. There are 21 categories of Defense Articles in the USML.  \"},\"Follow these basic principles to secure your ITAR data:\",\"- Discover and Classify Sensitive Data\",\"- Map Data and Permissions\",\"- Manage Access Control\",\"- Monitor Data, File Activity, and User Behavior\"]},[\"Monitor data, file activty, and user behavior\",\"Audit assets across systems\",\"Monitor and log access controls and access activity\"],\"CMMC Certification: What You Need to Know\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/cmmc-certification-what-you-need-to-know\",\"Cybersecurity Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cybersecurity-compliance-guide#main-content\"],[\"SOC II Type 2\",\"Service Organization Control II Type 2\",\"SOC II Type 2\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"All\",\"International, United States\",[\"A SOC 2 Type 2 Report is a service organization control (SOC) audit on how a cloud-based service provider handles sensitive information. It covers both the suitability of a company\\u2019s controls and their operating effectiveness.\",\"SOC 2 is a popular security and risk framework to assess security, but companies might consider using ISO\\\/IEC 27001 or HITRUST instead.\"],{\"title\":\"SOC II TYPE 2 REQUIREMENTS\",\"content\":[\"SOC 2 compliance is based on specific criteria for managing customer data correctly, which consists of five Trust Services Categories: security, availability, processing integrity, confidentiality, and privacy.\",\"When it comes to security, the most basic SOC 2 compliance checklist (which will satisfy an auditor) is detailed in the Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Document, and should address these controls:\",\"1. Logical and physical access controls: How you restrict and manage logical and physical access, to prevent any unauthorized access\",\"2. System operations: How you manage your system operations to detect and mitigate deviations from set procedures\",\"3. Change management: How you implement a controlled change management process and prevent unauthorized changes\",\"4. Risk mitigation:How you identify and develop risk mitigation activities when dealing with business disruptions and the use of any vendor services\"]},[\"Monitor and provide evidence and artifacts on the behavior of access controls and systems operations\",\"Support risk management through vulnerability management and tracking\"],\"Arctic Wolf Achieves SOC 2 Type II Compliance Certification\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/press-releases\\\/arctic-wolf-achieves-soc-2-type-ii-compliance-certification\",\"\",\"\"],[\"GDPR\",\"General Data Protection Regulation\",\"GDPR\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"All\",\"European Union\",[\"The General Data Protection Rule (GDPR), established by the European Commission, regulates data protection for entities that store or process personal data of EU citizens. In addition to protecting personal data, the GDPR gives consumers broad rights regarding their information, and imposes steep penalties for noncompliance. You don\\u2019t need to have a business presence in the European Union to be subject to GDPR.\"],{\"title\":\"GDPR REQUIREMENTS\",\"content\":[\"\\u2022 Appointing a data protection officer \",\"\\u2022 Using a \\u201cprivacy by design\\u201d approach \",\"\\u2022 Implementing data security measures \",\"\\u2022 Notifying regulators of data breaches within 72 hours\",\"GDPR also gives consumers the right to access their data, be informed about data that\\u2019s being collected, restrict processing of their data, and more.\"]},[\"Provide data security through vulnerability management, detection and response, and user training\",\"Offer guidance and consulting by the CST on other data security measures organizations may implement\",\"Facilitate rapid notification of data breaches through prompt detection and response\"],\"General Data Protection Regulation (GDPR) Information\",\"https:\\\/\\\/gdpr-info.eu\\\/\",\"\",\"\"],[\"CJIS\",\"Criminal Justice Information Services\",\"CJIS\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Government\",\"United States\",[\"Criminal Justice Information Services (CJIS) released a security policy that outlines 13 policy areas all government agencies should follow to stay compliant and protected from hackers with malintent.\",\"Government entities that access or manage sensitive information from the US Justice Department need to ensure that their processes and systems comply with CJIS policies for wireless networking, data encryption, and remote access\\u2014especially since phishing, malware, and hacked VPNs or credentials are the most common attack vectors used to hack into government networks. The CJIS compliance requirements help proactively defend against these attack methods and protect national security (and citizens) from cyber threats. \"],{\"title\":\"CJIS REQUIREMENTS\",\"content\":[\"The\\u00a0CJIS Security Policy document\\u2013a hefty 230-page read\\u2013defines implementation requirements and standards for the following 13 security policy areas:\",\"1. Information exchange agreements\",\"2. Security awareness training\",\"3. Incident Response\",\"4. Auditing and accountability\",\"5. Access control \",\"6. Identification and authentication\",\"7. Configuration management\",\"8. Media protection\",\"9. Physical protection \",\"10. Systems and communications protection and information integrity\",\"11. Formal audits\",\"12. Personnel security\",\"13. Mobile audits\"]},[\"Monitor and provide evidence and artifacts for access control, identificationn and authentication, etc.\",\"Support incident response activities\",\"Provide standard and custom reporting for audit and review\",\"Deliver managed security awareness training\"],\"Criminal Justice Information Services (CJIS) Information\",\"https:\\\/\\\/www.fbi.gov\\\/services\\\/cjis\",\"\",\"\"],[\"HITRUST\",\"Healthcare Information Trust Alliance\",\"HITRUST\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Healthcare\",\"United States\",[\"The Healthcare Information Trust Alliance (HITRUST) developed the Common Security Framework (CSF) based on a variety of federal and state regulations, frameworks, and standards. The HITRUST CSF provides regulated healthcare organizations with a common set of standards they can adopt as well as use for evaluating their vendors.\"],{\"title\":\"HITRUST CSF REQUIREMENTS\",\"content\":[\"\\u2022 Organizational factors such as geographic scope and business volume\",\"\\u2022 Regulatory factors that are based on compliance requirements specific to the organization\\u2019s circumstances, including sector and geography\",\"\\u2022 System factors that impact data management risks, such as data storage and transmission, internet access, third-party access, number of users, and number of daily transactions\",\"The framework also has allowances for alternate management, technical, or operational controls that can be applied under specific conditions.\"]},[\"Arctic Wolf  MDR produces reports related to the HITRUST controls presented as our services maps to logs sources related to authentication and authorization.\"],\"A Simplified Regulatory Checklist for Healthcare Organizations\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/simplified-regulatory-checklist-for-healthcare-organizations\",\"Case Study: Jackson Parish Hospital & Arctic Wolf\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/case-study\\\/jackson-parish\"],[\"NERC CIP\",\"Federal Energy Regulatory Commission\\\/North American Electric Reliability Corporation Critical Infrastructure Protection\",\"NERC CIP\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Energy\",\"United States, Canada\",[\"The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring, and managing the security of the Bulk Electric System (BES) in North America. These standards apply specifically to the\\u00a0cybersecurity\\u00a0aspects of BES. The NERC CIP standards provide a cybersecurity\\u00a0framework\\u00a0to identify and secure critical assets that can impact the efficient and reliable supply of electricity of North America's BES.\"],{\"title\":\"NERC CIP REQUIREMENTS\",\"content\":[\"CIP-002-5.1a  Cyber Security  BES Cyber System Categorization\",\"CIP-003-8  Cyber Security  Security Management Controls\",\"CIP-004-6  Cyber Security  Personnel & Training\",\"CIP-005-6  Cyber Security  Electronic Security Perimeter(s)\",\"CIP-006-6  Cyber Security  Physical Security of BES Cyber Systems\",\"CIP-007-6  Cyber Security  System Security Management\",\"CIP-008-6  Cyber Security  Incident Reporting and Response Planning\",\"CIP-009-6  Cyber Security  Recovery Plans for BES Cyber Systems\",\"CIP-010-3  Cyber Security  Configuration Change Management and Vulnerability Assessments\",\"CIP-011-2  Cyber Security  Information Protection\",\"CIP-013-1  Cyber Security  Supply Chain Risk Management\"]},[\"Support incident response activities\",\"Monitor and provide evidence and artifacts on system and security management\",\"Provide visibility, benchmarking, and reporting of vulnerabilities, misconfigurations, and risks\",\"Deliver managed security awareness training\"],\"NER CIP Compliance Standards\",\"https:\\\/\\\/www.nerc.com\\\/pa\\\/Stand\\\/Pages\\\/CIPStandards.aspx\",\"\",\"\"],[\"CERT RMM\",\"CERT Resilience Management Model\",\"CERT RMM\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"All\",\"International\",[\"CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help organizations actively direct, control, and manage operational resilience and risk.\"],{\"title\":\"CERT-RMM REQUIREMENTS\",\"content\":[\"The Asset Definition and Management process area has three specific goals: to inventory assets, associate the assets with services, and manage the assets. To meet these goals, the organization must engage in the following practices:\",\"\\u2022 Establish a means to identify and document assets.\",\"\\u2022 Establish ownership and custodianship for the assets.\",\"\\u2022 Link assets to the services they support.\",\"\\u2022 Establish resilience requirements (including those for protecting and sustaining) fo rassets and associated services. (This is addressed in the Resilience Requirements Definition and Resilience Requirements Management process areas.)\",\"\\u2022 Provide change management processes for assets as they change and as the inventory of assets changes.\"]},[\"Arctic Wolf Managed Risk helps identify and audit assets, and supports certain change management activities.\"],\"Cybersecurity Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cybersecurity-compliance-guide#main-content\",\"\",\"\"],[\"ISO 27002:2022\",\"International Organization for Standardization: Information Security Standard\",\"ISO 27002\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"All\",\"International\",[\"This document, the International Organization for Standardization: Information Security Standard 2022, provides a reference set of generic information security controls including implementation guidance. This document is designed to be used by organizations:\",\"A) Within the context of an information security management system (ISMS) based on ISO\\\/IEC27001\",\"B) For implementing information security controls based on internationally recognized best practices\",\"C) For developing organization-specific information security management guidelines.\"],{\"title\":\"ISO 27002:2022 REQUIREMENTS\",\"content\":[\"Annex A of ISO 27001 lists 114 security controls divided into 14 control sets, each of which is expanded upon in Clauses 5\\u201318 of ISO 27002:\",\"A.5 Information security policies\",\"A.6 Organization of information security\",\"A.7 Human resource security\",\"A.8 Asset management\",\"A.9 Access control\",\"A.10 Cryptography\",\"A.11 Physical and environmental security\",\"A.12 Operations security\",\"A.13 Communications security\",\"A.14 System acquisition, development, and maintenance\",\"A.15 Supplier relationships\",\"A.16 Information security incident management\",\"A.17 Information security aspects of business continuity management\",\"A.18 Compliance\"]},[\"Arctic Wolf can provide evidence and artifacts related to asset management, access control, system maintenance, and more. Arctic Wolf MDR provides support for information security incidents.\"],\"Cybersecurity Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cybersecurity-compliance-guide#main-content\",\"\",\"\"],[\"SCF\",\"Secure Controls Framework\",\"SCF\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"ALL\",\"International\",[\"The Secure Controls Framework (SCF) is a comprehensive catalog of controls that is designed to enable companies to design, build, and maintain secure processes, systems, and applications. The SCF addresses both cybersecurity and privacy, so that these principles are designed to be \\u201cbaked in\\u201d at the strategic, operational, and tactical levels.\"],{\"title\":\"SCF REQUIREMENTS: \",\"content\":[\"The SCF's goal is to help organizations of all sizes implement these four principles of cybersecurity and privacy: \",\"CONFIDENTIALITY -  Confidentiality addresses preserving restrictions on information access and disclosure so that access is limited to only authorized users and services.\",\"INTEGRITY - Integrity addresses the concern that sensitive data has not been modified or deleted in an unauthorized and undetected manner.\",\"AVAILABILITY - Availability addresses ensuring timely and reliable access to and use of information.\",\"SAFETY - Safety addresses reducing risk associated with embedded technologies that could fail or be manipulated by nefarious actors.\",\"There are thirty-two domains that make up the SCF. There are over 1,000 controls that are categorized within these domains to make it easier to manage. Each domain has a three-letter identifier, which is included in the control name to make it easy to understand what the focus of the control is.\"]},[\"Arctic Wolf security operations solutions provide evidence and artifacts across SCF domains. Arctic Wolf can provide monitoring, vulnerability management, security awareness training, and more.\"],\"SCF Security & Privacy Metaframework\",\"https:\\\/\\\/www.securecontrolsframework.com\\\/\",\"\",\"\"],[\"Basel III\",\"Basel III IT Operational Controls\",\"Basel III\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Financial Services\",\"International\",[\"The Basel Committee on Banking Supervision (BCBS) is an international supervisory authority that maintains several standards and voluntary frameworks for financial institutions. Basel III (and Standard 239), in particular, affects IT infrastructure and operations, as it includes principles related to data architecture and IT infrastructure, as well as accuracy and integrity of risk data.\"],{\"title\":\"CCPA REQUIREMENTS\",\"content\":[\"The CCPA applies to any business that sells products and services to Californians\\u2014and even displaying a website could count as advertising in the state. The law, however, exempts entities that have $25 million or less in revenues, collect data on fewer than 50,000 consumers, and derive less than half of their revenues from selling consumer data. \",\"AB 375 is light on requirements around security and breach response when compared to the GDPR. Businesses are not required to report breaches under AB 375, and consumers must file complaints before fines are possible. The law does define penalties for companies that expose consumer data due to a breach or security lapse.\",\"Businesses should know what data AB 375 defines as private data and take steps to secrure it. Any organization that complies with the GDPR likely does not need to take further action to comply with AB 375 in terms of securing data.\"]},[\"Detect and respond to security incidents\",\"Deliver concierge guidance on an organization's security journey\",\"Provide evidence, artifacts and reporting on security controls and practices for audit and review\"],\"Cybersecurity Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cybersecurity-compliance-guide#main-content\",\"\",\"\"],[\"Alabama Data Breach Notification Act of 2018 (S.B. 318)\",\"Alabama Data Breach Notification Act of 2018 (S.B. 318)\",\"Alabama Data Breach Notification Act of 2018 (S.B. 318)\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"All\",\"\",[\"Requires entities to provide notice to certain persons upon a breach of security that results in the unauthorized acquisition of sensitive personally identifying information.\"],{\"title\":\"MASSACHUSETTS GENERAL LAW CHAPTER 93H REQUIREMENTS\",\"content\":[\"The notice provided to the Attorney General and the OCABR must include, in addition to the nature of the breach and number of MA residents, the following information: \",\"\\u2022 The name and address of the person or agency that experienced the breach of security\",\"\\u2022 Name and title of the person or agency reporting the breach of security\",\"\\u2022 Their relationship to the person or agency that experienced the breach of security\",\"\\u2022 The type of person or agency reporting the breach of security \",\"\\u2022 The person responsible for the breach of security, if known\",\"\\u2022 The type of personal information compromised, including, but not limited to, social security number, driver\\u2019s license number, financial account number, credit or debit card number or other data\",\"\\u2022 Whether the person or agency maintains a WISP (written information security program)\",\"\\u2022 Any steps the person or agency has taken or plans to take relating to the incident, including whether they have updated the written information security program.\"]},[\"Arctic Wolf MDR can help rapidly identify a security incident, facilitate a response to such an incident, and provide evidence on the scope and impact of the incident.\"],\"Cybersecurity Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cybersecurity-compliance-guide#main-content\",\"\",\"\"],[\"SOPIPA\",\"Student Online Personal Information Protection Act \",\"SOPIPA\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Education\",\"California - US\",[\"SOPIPA, which came into effect in January 2016, applies to entities that operate websites, online services, and online and mobile apps that are designed and marketed primarily for K-12 educational purposes. It requires these operators to implement reasonable security practices to protect the student data, and prohibits them from sharing the data or using it for advertising for noneducational purposes.\"],{\"title\":\"IRS PUB 1075 REQUIREMENTS\",\"content\":[\"To protect FTI, IRS 1075 prescribes security and privacy controls for application, platform, and datacenter services.\",\"Some of the controls needed are as follows. These include both electronic and physical:\",\"1. Record Keeping Requirements:  Maintain a persistent system of all FTI records and anything related to it, including access rights.\",\"2. Secure Storage: Details about the physical and electronic security of place where FTI data is kept. It includes things like restricted area, authorized access, locks & keys, safes\\\/vaults, transportation security, security of computers and storage media.\",\"3. Restricting Access: Details related to access of FTI data.\",\"4. Reporting Requirements: Periodic reports like SAR (Safeguard Activity Report) and SPR (Safeguard Procedures Report) need to be sent to IRS.\",\"5. Training and Inspections: Awareness about security and annual certification of employees. Annual inspections are also needed to validate proper implementation.\",\"6. Disposal: Proper standards related to FTI data disposal for physical and electronic media.\",\"7. Computer System Security: Probably the most complex and detailed section of this regulation related to everything from access control, cryptography, emails, networking to wireless technologies and any emerging technologies.\"]},[\"Arctic Wolf can provide evidence and artifacts related to data access, security training for employees, and support for computer system security programs.\"],\"IRS Safeguards Program\",\"https:\\\/\\\/www.irs.gov\\\/privacy-disclosure\\\/safeguards-program\",\"\",\"\"],[\"PHIPA\",\"Personal Health Information Protection Act\",\"PHIPA\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"Healthcare\",\"Canada\",[\"The Personal Health Information Protection Act, also known as PHIPA, is Ontario legislation established in November 2004. PHIPA is one of two components of the Health Information Protection Act 2004\"],{\"title\":\"PHIPA REQUIREMENTS\",\"content\":[\"PHIPA contains notification requirements for both agents and custodians. If personal health information handled by an agent on behalf of a custodian is stolen, lost or accessed by unauthorized persons, the agent must notify the custodian of the breach at the first reasonable opportunity. \",\"PHIPA also requires custodians to notify individuals at the first reasonable opportunity if personal health information is stolen, lost or accessed by an unauthorized person. \"]},[\"Arctic Wolf  MDR produces reports related to the PHIPA controls presented as our services maps to logs sources related to authetication and authorization. It should be noted that each province has its own jurisdictional Health care mandate and controls.\"],\"Cybersecurity Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cybersecurity-compliance-guide#main-content\",\"\",\"\"],[\"KRITIS\",\"IT Security Act 2.0\",\"KRITIS\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"All\",\"Germany\",[\"In Germany, special regulations apply to operators of critical infrastructures under the Federal Office for Information Security \\\/ Bundesamt f\\u00fcr Sicherheit in der Informationstechnik (BSI) Act.\",\"Critical infrastructures (KRITIS) are organizations or facilities with important significance for the state community, the failure or impairment of which would result in lasting supply bottlenecks, significant disruptions to public safety or other dramatic consequences. Which of these are to be regarded as critical infrastructures is regulated by the KRITIS Ordinance within the BSI Act. \",\"The IT Security Act 2.0 in May 2021 added the waste management sector to the group of potential operators of critical infrastructure alongside the energy, information technology and telecommunications, transport and traffic, health, water, food, and finance and insurance sectors.\"],{\"title\":\"IT SECURITY ACT 2.0 REQUIREMENTS\",\"content\":[\"If it has been determined\\u00a0on the basis of\\u00a0a review that a company is clearly to be assigned to the critical infrastructure, it must fulfill the following requirements in accordance with the regulations of the BSI Act:\",\"Report to and register with the BSI as a critical infrastructure operator.\",\"Establish a point of contact as an interface to the BSI\",\"Reliably detect critical security incidents and report them immediately to the BSI\",\"Implement IT security in accordance with the state of the art\",\"Conduct an IT security audit every two years\"]},[\"Detect and respond to security incidents\",\"Deliver concierge guidance on an organization's security journey\",\"Provide evidence, artifacts and reporting on security controls and practices for audit and review\"],\"Cybersecurity Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cybersecurity-compliance-guide#main-content\",\"\",\"\"],[\"Cyber Essentials Certification\",\"Cyber Essentials\",\"Cyber Essentials Certification\",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\" \",\"All\",\"United Kingdom \",[\"The Cyber Essentials certification is a UK government-backed framework\\u00a0supported by the NCSC (National Cyber Security Centre). It sets out five basic security controls that can protect organizations against 80% of common cyber attacks.\",\"The certification is designed to help organizations of any size demonstrate their commitment to cyber security\\u2013while keeping the approach simple and the costs low.\",\"The Cyber Essentials certification process is managed by the IASME Consortium (IASME), which licenses certification bodies to carry out Cyber Essentials and Cyber Essentials Plus certifications.\"],{\"title\":\"CYBER ESSENTIALS REQUIREMENTS\",\"content\":[\"It sets out five basic security controls that can protect organisations against 80% of common cyber attacks.\",\"1. Firewalls & routers\",\"2. Software updates\",\"3. Malware protection\",\"4. Access control \",\"5. Secure configuration\"]},[\"Detect and respond to malware and other cybersecurity incidents\",\"Provide monitoring, evidence, and artifacts related to access control and network infrastructure\",\"Deliver visibility, benchmarking, reporting and guidance on configurations and vulnerabilities\"],\"Cybersecurity Compliance Guide\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/guides\\\/cybersecurity-compliance-guide#main-content\",\"\",\"\"],[\"FTC Safeguards Rule\",\"Federal Trade Commission\\u2019s Standards for Safeguarding Customer Information\",\"FTC Safeguards Rule\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"\",\"Automotive, Financial Services\",\"United States\",[\"The FTC Safeguards rule applies to a wide range of businesses that provide any type of financial services to customers and aren't regulated by other agencies under GLBA\\u2014including such organizations as auto dealerships, retailers that offer credit cards, and more.\",\"The Safeguards rule requires these businesses to develop, implement, and maintain an information security program to protect customer information. \"],{\"title\":\"The revised Safeguards rule has 9 key components:\",\"content\":[\"Organizations must designate a \\u2018qualified individual\\u2019 who will serve as the overseer of their cybersecurity program and provide written reports to a governing board\",\"They will need to conduct regular risk assessments of both their own security systems and the security systems of their vendors to ensure that all customer and client data is kept encrypted\",\"They must implement safeguards to control the risks identified, such as identity and access management, encryption, and multi-factor authentication\",\"They must test and monitor effectiveness of key controls, through practices such as continuous monitoring and vulnerability assessments\",\"They must ensure that all employees are provided with security awareness training, updated as necessary to reflect risks\",\"They must require their own service providers to maintain appropriate safeguards, through selection, contract requirements, and assessments\",\"They must continue to adjust their security program based on the results of their monitoring and any changes to the busines\",\"They must establish a written incident response plan, outlining roles, responsibilities, and remediation actions taken in the event of an incident\",\"Finally, the qualified individual must report, in writing, on the overall status of the security program\"]},[\"Arctic Wolf's security operations solutions will streamline many of the activities required under the safeguards rule\",\"Arctic Wolf MDR provides monitoring of key security controls, including access controls, system inventory, multi-factor authentication, and more\",\"Arctic Wolf Managed Risk provides regular vulnerability assessments\",\"Arctic Wolf Managed Awareness provides security awareness training to employees\",\"Arctic Wolf MDR and Tetra can play a key role in an incident response plan\",\"Reporting and guidance from the Concierge Security Team can support the risk assessment, and the qualified individual in managing the overall information security program\"],\"Car Dealerships: Dealers Must Bolster Data Security Under New FTC Rule\",\"https:\\\/\\\/arcticwolf.com\\\/resources\\\/blog\\\/car-dealerships-dealers-must-bolster-data-security-under-new-ftc-rule\\\/\",\"\",\"\"]];<\/script>\n      \n       <script id=\"injected-js-1658243654806\" src=\"\/wp-content\/rd\/assets\/js\/compliance.js\"><\/script>\n       <!-- End Redonk assets -->\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f73fc1a elementor-widget elementor-widget-html\" data-id=\"f73fc1a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<style>\n#onetrust-banner-sdk.otFloatingRounded {\n    min-width: inherit !important;\n    max-width: 500px !important;\n}\n.redonk-outer-wrapper .elementor-widget:not(:last-child) {\n    margin-bottom: 0;\n}\n.mktoForm label#LblState {\n    display: block;\n    padding-bottom: 0px;\n}\n.mkto-form.mktoForm .mktoCheckboxList label {\n    display: block;\n}\n<\/style>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4544aef elementor-widget elementor-widget-html\" data-id=\"4544aef\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"html.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<style>\n.elementor-widget:not(:last-child) {\n    margin-block-end: 0px;\n}\n    .elementor-row {\n        width: 100%;\n    }\n    \n    .elementor-column {\n        display: unset;\n    }\n    \n    .aw-compliance-how-helps .elementor-row {\n        display: flex;\n        width: 100%;\n    }\n.mb-0.elementor-widget:not(:last-child) {\n    margin-bottom: 0px !important;\n    margin-block-end:0px;\n}\n\n@media (min-width:1280px){\n    .aw-compliance-how-helps .grid-row .elementor-column .elementor-column-inner{min-height: 475px;}\n}\n    @media (max-width:767px){\n        .aw-compliance-how-helps .elementor-row {flex-wrap: wrap;}\n    }\n<\/style>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>VIEW ALL REGULATIONS All Regulations All Tracked Regulations Regulations 38 Industries arms\/defense 1 automotive 1 consumer transactions 1 education 2 energy 1 federal contractors 3 financial services 7 government 10 healthcare 3 insurance 1 manufacturing 3 Locations International United States New York California Alabama massachusetts Canada European Union Germany United Kingdom Filter Regulations (38) Name <a href=\"https:\/\/arcticwolf.com\/uk\/compliance\/\" class=\"more-link\">&#8230;<span class=\"screen-reader-text\">  Solutions &#8211; Industries &#8211; Compliance<\/span><\/a><\/p>\n","protected":false},"author":64,"featured_media":60961,"parent":0,"menu_order":3,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-22462","page","type-page","status-publish","has-post-thumbnail","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Industry Compliance | Arctic Wolf<\/title>\n<meta name=\"description\" content=\"Industry Compliance by Arctic Wolf. Safeguarding customer data, trade secrets, intellectual property, and other valuable data has never been more effective.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/arcticwolf.com\/uk\/compliance\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Industry Compliance | Arctic Wolf\" \/>\n<meta property=\"og:description\" content=\"Industry Compliance by Arctic Wolf. Safeguarding customer data, trade secrets, intellectual property, and other valuable data has never been more effective.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/arcticwolf.com\/uk\/compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"Arctic Wolf\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ArcticWolfNetworks\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-05T16:51:18+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/arcticwolf.com\/wp-content\/uploads\/2022\/08\/AW-Compliance-Redesign-OG-image-220812.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@AWNetworks\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/compliance\\\/\",\"url\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/compliance\\\/\",\"name\":\"Industry Compliance | Arctic Wolf\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/compliance\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/compliance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/arcticwolf.com\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/AW-Compliance-Redesign-OG-image-220812.jpg\",\"datePublished\":\"2020-04-13T21:59:41+00:00\",\"dateModified\":\"2025-05-05T16:51:18+00:00\",\"description\":\"Industry Compliance by Arctic Wolf. Safeguarding customer data, trade secrets, intellectual property, and other valuable data has never been more effective.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/compliance\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/compliance\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/compliance\\\/#primaryimage\",\"url\":\"https:\\\/\\\/arcticwolf.com\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/AW-Compliance-Redesign-OG-image-220812.jpg\",\"contentUrl\":\"https:\\\/\\\/arcticwolf.com\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/AW-Compliance-Redesign-OG-image-220812.jpg\",\"width\":1200,\"height\":630},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/compliance\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Solutions &#8211; Industries &#8211; Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/#website\",\"url\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/\",\"name\":\"Arctic Wolf\",\"description\":\"The Leaders in Security Operations\",\"publisher\":{\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/#organization\",\"name\":\"Arctic Wolf Networks\",\"alternateName\":\"Arctic Wolf\",\"url\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/arcticwolf.com\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/AW-Logo-Main-AuroraFY25.png\",\"contentUrl\":\"https:\\\/\\\/arcticwolf.com\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/AW-Logo-Main-AuroraFY25.png\",\"width\":655,\"height\":232,\"caption\":\"Arctic Wolf Networks\"},\"image\":{\"@id\":\"https:\\\/\\\/arcticwolf.com\\\/uk\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/ArcticWolfNetworks\",\"https:\\\/\\\/x.com\\\/AWNetworks\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/arcticwolf\",\"https:\\\/\\\/www.youtube.com\\\/ArcticWolfNetworks\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Industry Compliance | Arctic Wolf","description":"Industry Compliance by Arctic Wolf. Safeguarding customer data, trade secrets, intellectual property, and other valuable data has never been more effective.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/arcticwolf.com\/uk\/compliance\/","og_locale":"en_GB","og_type":"article","og_title":"Industry Compliance | Arctic Wolf","og_description":"Industry Compliance by Arctic Wolf. Safeguarding customer data, trade secrets, intellectual property, and other valuable data has never been more effective.","og_url":"https:\/\/arcticwolf.com\/uk\/compliance\/","og_site_name":"Arctic Wolf","article_publisher":"https:\/\/www.facebook.com\/ArcticWolfNetworks","article_modified_time":"2025-05-05T16:51:18+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/arcticwolf.com\/wp-content\/uploads\/2022\/08\/AW-Compliance-Redesign-OG-image-220812.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_site":"@AWNetworks","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/arcticwolf.com\/uk\/compliance\/","url":"https:\/\/arcticwolf.com\/uk\/compliance\/","name":"Industry Compliance | Arctic Wolf","isPartOf":{"@id":"https:\/\/arcticwolf.com\/uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/arcticwolf.com\/uk\/compliance\/#primaryimage"},"image":{"@id":"https:\/\/arcticwolf.com\/uk\/compliance\/#primaryimage"},"thumbnailUrl":"https:\/\/arcticwolf.com\/wp-content\/uploads\/2022\/08\/AW-Compliance-Redesign-OG-image-220812.jpg","datePublished":"2020-04-13T21:59:41+00:00","dateModified":"2025-05-05T16:51:18+00:00","description":"Industry Compliance by Arctic Wolf. Safeguarding customer data, trade secrets, intellectual property, and other valuable data has never been more effective.","breadcrumb":{"@id":"https:\/\/arcticwolf.com\/uk\/compliance\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/arcticwolf.com\/uk\/compliance\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/arcticwolf.com\/uk\/compliance\/#primaryimage","url":"https:\/\/arcticwolf.com\/wp-content\/uploads\/2022\/08\/AW-Compliance-Redesign-OG-image-220812.jpg","contentUrl":"https:\/\/arcticwolf.com\/wp-content\/uploads\/2022\/08\/AW-Compliance-Redesign-OG-image-220812.jpg","width":1200,"height":630},{"@type":"BreadcrumbList","@id":"https:\/\/arcticwolf.com\/uk\/compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/arcticwolf.com\/uk\/"},{"@type":"ListItem","position":2,"name":"Solutions &#8211; Industries &#8211; Compliance"}]},{"@type":"WebSite","@id":"https:\/\/arcticwolf.com\/uk\/#website","url":"https:\/\/arcticwolf.com\/uk\/","name":"Arctic Wolf","description":"The Leaders in Security Operations","publisher":{"@id":"https:\/\/arcticwolf.com\/uk\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/arcticwolf.com\/uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/arcticwolf.com\/uk\/#organization","name":"Arctic Wolf Networks","alternateName":"Arctic Wolf","url":"https:\/\/arcticwolf.com\/uk\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/arcticwolf.com\/uk\/#\/schema\/logo\/image\/","url":"https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/01\/AW-Logo-Main-AuroraFY25.png","contentUrl":"https:\/\/arcticwolf.com\/wp-content\/uploads\/2025\/01\/AW-Logo-Main-AuroraFY25.png","width":655,"height":232,"caption":"Arctic Wolf Networks"},"image":{"@id":"https:\/\/arcticwolf.com\/uk\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ArcticWolfNetworks","https:\/\/x.com\/AWNetworks","https:\/\/www.linkedin.com\/company\/arcticwolf","https:\/\/www.youtube.com\/ArcticWolfNetworks"]}]}},"_links":{"self":[{"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/pages\/22462","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/users\/64"}],"replies":[{"embeddable":true,"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/comments?post=22462"}],"version-history":[{"count":0,"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/pages\/22462\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/media\/60961"}],"wp:attachment":[{"href":"https:\/\/arcticwolf.com\/uk\/wp-json\/wp\/v2\/media?parent=22462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}