Almost every organization, regardless of industry, faces compliance mandates. For example, the utility industry has the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) program, which outlines cyber security standards intended to protect the bulk power system on which U.S. and Canada’s citizens rely.
In the international banking and finance industry, the Monetary Authority of Singapore (MAS) issued requirements to ensure the stability of financial transactions that occur in a country that has rapidly become a hub for international banking. And for the US healthcare sector, the Health Insurance Portability and Accountability Act (HIPAA) aims to protect certain protected patient health information.
Without a doubt, compliance is here to stay. Why? Because at its roots, the real goal of any compliance mandate is to protect systems and data, and therefore an organization’s customers and their data. That’s why you can examine almost any compliance regulation with a technology component and find common requirements.
And it’s easy to find examples of organizations that need to comply with several regulations. Publicly traded healthcare companies, for instance, need to comply with SOX, HIPAA, PCI DSS and possibly even state level privacy requirements.
And while the terms used to describe those requirements may vary, in the end they all lead back to a security strategy that incorporates the most effective controls. Organizations aiming to meet compliance mandates must implement those controls and be able to provide proof to auditors.
In this white paper, we’ll give an overview of NERC, MAS and HIPAA. Plus we’ll discuss the common controls and requirements that these regulations share.
Finally, we’ll describe how Tripwire VIA solutions—alone, or as part of the Tripwire VIA platform—help meet and prove compliance with many of requirements of these mandates and others.
- Five Steps for Utilities to Reduce Risk Management Framework Fatigue
- From Compliance To Security: Making PCI Earn Its Keep
- How a Growing Grocery Chain Turned Compliance Checkboxes into IT Security
- State and Local Governments: Assuring Citizens Their Data is Secure
- Securing ePHI for HIPAA/HITECH Compliance
- Top Strategies to Reduce the Cost of Compliance
- The Zero-Trust Model of Information Security
- HIPAA 2011: Five Security Strategies to Protect ePHI