Resources

Guide

Governance, Risk, and Compliance

Governance, Risk & Compliance, or Generating Real Capability! How do we use GRC as a business enabler, and focus on the benefits it brings?
Guide

FISMA SI-7 Buyer's Guide

The FISMA SI-7 Buyer’s Guide focuses on one of the most difficult security controls agencies must adhere to: NIST 800-53 SI-7. Learn what solutions to look for.
Guide

Essential PCI DSS v4.0 Transition Checklist

The proliferation of online transactions isn’t the only reason the PCI Council created the new 4.0 standard. Recent years have also seen increasingly sophisticated methods among cybercriminals, a surge in cloud use, and the rise of contactless payments. This spurred the need for an updated set of PCI DSS requirements, which were released in March 2022 and will become mandatory in March 2024 for...
Guide

The Executive's Guide to the CIS Controls

See how simple and effective security controls can create a framework that helps you protect your organization and data from known cyber attack vectors. This publication was designed to assist executives by providing guidance for implementing broad baseline technical controls that are required to ensure a robust network security posture. In this guide, we will cover a wide range of topics...
Guide

Closing the Integrity Gap with NIST's Cybersecurity Framework

When the National Institute of Standards and Technology (NIST) announced that it had released its new Cybersecurity Framework in 2014, it appeared on the surface to be just one more option for organizations looking to develop a cohesive and effective cyber risk management strategy. Indeed, there are dozens of choices available and organizations have been all over the map when it comes to deciding...
Guide

How to Achieve Compliance with the NIS Directive

Network and information systems (NIS) and the essential functions they support play a vital role in society from ensuring the supply of electricity, water, oil and gas to the provisioning of healthcare and the safety of passenger and freight transport. In addition, computerized systems are performing vital safety-related functions designed to protect human lives. For example, such systems are...
Guide

9 Steps for Maturing Beyond Checkbox Compliance

A common mistake many organizations make is approaching cybersecurity as a series of actions taken in order to check the right compliance boxes. If this sounds familiar, it’s likely that you’ve witnessed something similar to the cycle of crisis-driven audit preparation, a suspenseful audit, remediating based on those findings, and waiting until the next hurried audit preparation phase returns. ...
Datasheet

The Tripwire NERC CIP Solution Suite

The North American Electric Reliability Corporation (NERC) maintains comprehensive reliability standards that define requirements for planning and operating the bulk electric system (BES). Among these are the Critical Infrastructure Protection (CIP) Cyber Security Standards, which specify a minimum set of controls and processes for power generation and transmission companies to follow to ensure...
Datasheet

Tripwire ExpertOps and SOX

The Sarbanes-Oxley Act (SOX) requires all publicly held companies to establish internal controls and procedures for financial reporting to reduce the possibility of corporate fraud. SOX is not specific on the types of controls that are required, but points to the COBIT framework to provide organizations’ guidance on their IT governance. The Challenge Change is ever occurring in your systems...
Datasheet

Tripwire ExpertOps and HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) was enacted to safeguard Protected Health Information (PHI) by mandating procedures and controls to assure the public that critical and private information is controlled from loss of confidentiality, integrity or availability. With few exceptions, an organization is subject to HIPAA if it exchanges data related to the health care...
Datasheet

Tripwire ExpertOps and NIST 800-171

Federal security managers expect that most federally run systems are actively engaging with FISMA compliance for protecting federal data and systems. However, as we all know, federal information does not remain only in federally operated systems. Data and IT systems connect via the Internet and other networks for business, operations and research. Information about citizens, banking and finance,...
Datasheet

Tripwire ExpertOps and PCI

The Payment Card Industry Data Security Standard (PCI DSS) was created to help organizations that process credit card payments, secure the cardholder environment to prevent credit card fraud, cyber threats and other security vulnerabilities. The latest version, 4.0, provides specific security guidance on handling, processing, transmitting and storing credit card data to minimize the theft,...
Datasheet

IRS 1075 Compliance Solutions with Tripwire

The IRS 1075 publication lays out a framework of compliance regulations to ensure federal tax information (FTI) is treated with adequate security provisioning to protect its confidentiality. This may sound simple enough, but IRS 1075 puts forth a complex set of managerial, operational and technical security controls you must continuously follow in order to maintain ongoing compliance. Any...
Datasheet

The National Cybersecurity Authority (NCA) Compliance with Tripwire Enterprise

The National Cybersecurity Authority (NCA) is the government entity in charge of cybersecurity in Saudi Arabia, encompassing both regulatory and operational functions related to cybersecurity. National Cybersecurity Authority Essential Cybersecurity Controls The NCA works closely with public and private entities to improve the cybersecurity posture of the country in order to safeguard its...
Datasheet

National Information Assurance (NIA) Certification with Tripwire Enterprise

Keeping sensitive data and assets safe is the goal of regulatory cybersecurity frameworks such as the NIA. The National Information Assurance Policy provides organizations with the necessary foundation and the relevant tools to enable the implementation of a full-fledged Information Security Management System. The NIA policy guides organizations in classifying the impact of information security...
Datasheet

Implementing FISMA SI-7

To enhance your Federal Information Security Management Act (FISMA) compliance grade, you must implement one of the most challenging controls in NIST SP 800-53: the Controls, Family: System Information & Integrity (SI) 7 requirement. SI-7 states that organizations must employ automated and centrally managed integrity verification tools to detect unauthorized change. This level of visibility can be...
Datasheet

The Tripwire HIPAA Solution

The United States Health Insurance Portability and Accountability Act of 1996, or HIPAA, was enacted to safeguard Protected Health Information (PHI) by mandating procedures and controls to assure the public that critical and private information is controlled from loss of confidentiality, integrity or availability. With few exceptions, an organization is subject to HIPAA if it exchanges data...
Datasheet

Tripwire and HITRUST

The HITRUST CSF rationalizes relevant regulations and standards (such as NIST, CIS, and HIPAA) into a single overarching security and privacy framework. Now, with Tripwire® Enterprise, organizations can automate HITRUST CSF assessment and reduce the burden of compliance. Any organization that collects or stores personally identifiable information (PII) faces a relentless stream of cyberattacks....
Datasheet

CMMC Compliance with Tripwire

The U.S. Department of Defense (DoD) is implementing the Cybersecurity Maturity Model Certification (CMMC) program to standardize the level of cybersecurity implemented throughout its 300,000 suppliers. In practice, this means that every member of the Defense Industrial Base (DIB) will be required to pass an audit in order to win DoD contracts. Compliance for a small number of contracts began in...