Resources

SOX Compliance in the Age of Cyber Threats
Blog

SOX Compliance in the Age of Cyber Threats

By Steven Sletten on Tue, 09/10/2024
Achieving Sarbanes-Oxley (SOX) Act compliance is becoming more difficult. While the Act is primarily a financial reporting regulation, it requires all publicly traded companies operating in the United States to maintain the integrity, accuracy, and reliability of financial reporting, which those organizations can only achieve through robust cybersecurity measures. As such, an effective...
Cybersecurity
Compliance
SOX
Exploring the Impact of NIST SP 800-53 on Federal IT Systems
Blog

Exploring the Impact of NIST SP 800-53 on Federal IT Systems

By David Henderson on Thu, 08/15/2024
NIST SP 800-53 is a framework developed by the National Institute of Standards and Technology (NIST) that provides guidelines and best practices for securing federal information systems and protecting the privacy of individuals whose information these systems handle.The Special Publication has gone by several different names. NIST initially released Special Publication 800-53 in 2005 under the...
Cybersecurity
Compliance
NIST
Updates and Evolution of the NIST Cybersecurity Framework: What’s New?
Blog

Updates and Evolution of the NIST Cybersecurity Framework: What’s New?

By Josh Breaker-Rolfe on Wed, 08/14/2024
The NIST Cybersecurity Framework (CSF), published by the US National Institute of Standards and Technology (NIST), is a widely used set of guidelines for mitigating organizational cybersecurity risks. It contains recommendations and standards to help organizations identify and detect cyberattacks and advice on how to respond, prevent, and recover from cybersecurity incidents.Since Version 1.0’s...
Cybersecurity
Compliance
NIST
Cybersecurity: The Unsung Hero of SOX Compliance
Blog

Cybersecurity: The Unsung Hero of SOX Compliance

By Kirsten Doyle on Mon, 08/05/2024
The Sarbanes-Oxley Act of 2002 (SOX) was enacted to restore public confidence in the wake of major corporate and accounting scandals. The legislation aims to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws.One key aspect of SOX compliance is ensuring the integrity and security of financial data. In the digital age,...
Compliance
SOX
Cybersecurity Best Practices for SOX Compliance
Blog

Cybersecurity Best Practices for SOX Compliance

By Anthony Israel-Davis on Wed, 07/03/2024
The Sarbanes-Oxley Act (SOX), enacted by the United States Congress in 2002, is a landmark piece of legislation that aims to improve transparency, accountability, and integrity in financial reporting and corporate governance. The act was a response to high-profile corporate scandals, such as those involving Enron, WorldCom, and Tyco International, which shook investor confidence and underscored...
Compliance
SOX
How to Spot a Winning NERC CIP Project
Blog

How to Spot a Winning NERC CIP Project

By Paul Stewart on Wed, 06/19/2024
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) regulations often make exacting demands of Fortra Tripwire's customers, requiring them to update or create new change processes and document those processes in order to comply. In any NERC CIP-centered IT\OT project, there are always crucial indicators of success - even before the project gets...
Compliance
NERC CIP
Guide

What Experts Have to Say About Choosing the Right Cybersecurity Frameworks

Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.While these cybersecurity frameworks aren’t mandatory...
Cybersecurity
Compliance
CIS Controls
NIST
The Impact of NIST SP 800-171 on SMBs
Blog

The Impact of NIST SP 800-171 on SMBs

By Josh Breaker-Rolfe on Mon, 05/06/2024
From more broad laws like GDPR to industry-specific regulations like HIPAA, most organizations today must comply with some kind of data protection guideline. Some businesses may even have to comply with numerous data protection regulations. As such, compliance with data protection regulations has become increasingly complicated. National Institute...
Cybersecurity
Compliance
NIST
Resolving Top Security Misconfigurations: What you need to know
Blog

Resolving Top Security Misconfigurations: What you need to know

By Jeff Moline on Mon, 01/22/2024
One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are. ...
Cybersecurity
Compliance
CIS Controls
NIST
Security Configuration Management
Expert Insight for Securing Your Critical Infrastructure
Blog

Expert Insight for Securing Your Critical Infrastructure

By Ted Rassieur on Mon, 01/15/2024
At Tripwire's recent Energy and NERC Compliance Working Group, we had the opportunity to speak with the Manager of Gas Measurement, Controls, & Cybersecurity at a large energy company. More specifically, we focused on SCADA and field assets of gas Operational Technology. The experience at the management level of such an organization provided a...
Compliance
NERC CIP
Industrial Control Systems
Tips for Achieving Success With a NERC CIP Audit
Blog

Tips for Achieving Success With a NERC CIP Audit

By Jim Fisher on Wed, 12/13/2023
Electrical utilities are responsible for just about everything we do. This presents a tremendous burden on those who operate those utilities. One way these organizations offer assurance is through the audit process. While audits can generate tremendous anxiety, good planning, and tools can help make the entire process go smoothly. Moreover, these...
Cybersecurity
Compliance
NERC CIP
NIST CSF 2.0: What you need to know
Blog

NIST CSF 2.0: What you need to know

By Antonio Sanchez on Mon, 12/11/2023
Organizations looking to protect their sensitive data and assets against cyberattacks may lack the ability to build a cybersecurity strategy without any structured help. The National Institute of Standards and Technology (NIST) has a free, public framework to help any organization mature its IT security posture. Recently, the institute published an...
Compliance
NIST
Guarding the Grid: Navigating the Current and Future Landscape of Utility Cybersecurity
Blog

Guarding the Grid: Navigating the Current and Future Landscape of Utility Cybersecurity

By Travis Emerson on Mon, 11/27/2023
Tripwire recently held its annual Energy and NERC Compliance Working Group. This year's attendees included more than 200 Tripwire customer utility personnel representing over 80 different registered entities from all across the US and Canada. The company sizes ranged from public utility districts and city municipalities to medium and larger-sized...
Vulnerability & Risk Management
Cybersecurity
Compliance
NERC CIP
What is NERC? Everything you need to know
Blog

What is NERC? Everything you need to know

By Michael Betti on Tue, 10/03/2023
Electric grids are part of every nation’s critical infrastructure. Every societal activity and business depends on reliable and safe electricity distribution. The US electric grid is a huge network of powerlines, distribution hubs, and renewable and non-renewable energy generators that is increasingly exposed to cyber-physical risks due to the...
Compliance
NERC CIP
Industrial Control Systems
Closing Integrity Gaps with NIST CSF
Blog

Closing Integrity Gaps with NIST CSF

By Lane Thames on Wed, 09/27/2023
The then-new 2014 NIST Cybersecurity Framework (CSF) was designed to plug security gaps in operational technology. It’s still in use today and more relevant than ever. Fortra’s whitepaper provides a cohesive review of this security staple and how to glean the best out of it for your strategy. A Brief History of NIST CSF “The full maximum NIST...
Cybersecurity
Compliance
NIST
On-Demand Webinar

Expert Compliance Automation Tips for Financial Services

Thu, 08/17/2023
Cybersecurity compliance standards like the Payment Card Industry Data Security Standard (PCI DSS) and Society for Worldwide Interbank Financial Telecommunications (SWIFT) do an excellent job of hardening systems against breaches. This is especially important in the financial services sector, a common target for cybercriminals. This on-demand webinar presented by Senior Solutions Engineer Dan...
Compliance
CIS Controls
FISMA
GDPR
PCI DSS
SOX
Guide

How Managed Services Can Help With Cybersecurity Compliance

Organizations are often overburdened with managing complex tools to handle their most important compliance responsibilities, and in many cases lack the internal headcount to manage those tools with highly-trained expertise. Managed services can solve your security staffing and resource challenges by arming your team with security expertise to maintain optimal compliance. Managed service providers...
Compliance
CIS Controls
FISMA
GDPR
HIPAA
NERC CIP
NIST
PCI DSS
SOX
Guide

Getting in Control of Financial Services Cybersecurity Regulations

Organizations in the financial sector are all too aware that their industry continues to be one of the top targets for cyber criminals. Among financial services and insurance organizations, the leading cause of breaches is system intrusion. That’s why so many cybersecurity compliance regulations have sprung up to ensure systems are kept hardened against attack. This guide will cover the main...
Compliance
GDPR
PCI DSS
SOX
Pylon and cables
Blog

The State of the US National Cybersecurity Strategy for the Electric Grid

By Anastasios Arampatzis on Wed, 02/01/2023
The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks, in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not fully understood....
Compliance
NIST
Industrial Control Systems
Getting started with Zero Trust: What you need to consider
Blog

Getting started with Zero Trust: What you need to consider

By David Bruce on Mon, 11/07/2022
Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by careless error which...
Cybersecurity
Compliance
NIST
Security Configuration Management