Cygilant Blog
Compliance Requirements for Cybersecurity in 2021

Compliance Requirements for Cybersecurity in 2021

Posted by Kevin Landt on Dec 17, 2020

Cybersecurity and compliance are often intertwined. IT/security teams working on 2021 plans should remember to consider any regulatory mandates that may affect their organization’s cybersecurity posture. To help busy IT/security professionals get started, we’ve compiled some of the most common cybersecurity regulatory requirements expected to impact enterprises in 2021, along with links to resources to learn more about the laws.

 

State Data Privacy Regulations

 

Data privacy rules are different from state-to-state, but cybersecurity will continue to be a priority in state legislatures in 2021. According to the National Conference of State Legislatures, “at least 38 states, Washington, D.C., and Puerto Rico introduced or considered more than 280 bills or resolutions that deal significantly with cybersecurity.” One of the most well-known state cybersecurity laws is the California Consumer Privacy Act (CCPA). The CCPA, which went into effect this year, mandates that “organizations maintain reasonable cybersecurity related to the sensitivity of the data that needs protecting.

 

Resources

iapp.org

By Sarah Rippy

March 12, 2020

 

www.ncsl.org

National Conference of State Legislatures

September 13, 2020

 

Cybersecurity Maturity Model (CMMC)

 

In the fall of 2020, the Department of Defense (DoD) rolled out its new Cybersecurity Maturity Model Certification (CMMC). The CMMC is a unified standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). Any company that works with the U.S. DoD will be required to meet CMMC requirements to bid on contracts. According to an article in CSO, “this includes all suppliers at all tiers along the supply chain, small businesses, commercial item contractors and foreign suppliers.”

 

Resources

CSO

By Abigail Stokes and Marcus Childress from Miller & Chevalier

April 8, 2020

 

www.acq.osd.mil

Office of the Under Secretary of Defense for
Acquisition & Sustainment

 

General Data Protection Regulation (GDPR)

 

The Europe Union (EU) General Data Protection Regulation (GDPR) is a regulatory framework for data protection and privacy. The GDPR the strictest privacy and security law in the world and “requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory” (gdpr.edu). Any company that collects data on citizens in EU countries is required to comply with the GDPR. The regulation requires the implementation of seven principles of data protection and facilitation of eight privacy rights. In addition, meeting compliance with GDPR requires third-party oversight.

 

Resources:

GDPR.EU

Horizon 2020 Framework Programme of the European Union

 

aub.edu.lb.libguides.com

American University of Beirut

August 4, 2020

 

Internet of Things (IoT) Cybersecurity Improvement Act of 2020

 

IoT security vulnerabilities are well-known threats to networks. The IoT Cybersecurity Improvement Act of 2020, which was signed into law on December 4, 2020, is meant “to establish minimum security standards for Internet of Things devices owned or controlled by the Federal Government, and for other purposes.” As of right now, the law applies only to devices owned or controlled by the federal government. The hope, however, is that by increasing cybersecurity for IoT devices owned or controlled by the federal government, device manufacturers will adopt the same standards designed to limit IoT vulnerabilities in consumer IoT devices.

 

Resources:

FCW

By Justin Katz

November 18, 2020

 

JD Supra

By Daniel Pepper and Adam I. Cohen from Baker & Hostetler LLP

December 11, 2020

 

Together, these compliance requirements represent just the tip of the iceberg when it comes to cybersecurity compliance. In addition to general cybersecurity regulations, there are many industry-specific compliance regulations that organizations must maintain compliance with, including HIPAA for healthcare organizations, PCI Security Council standards for financial institutions, and the Cybersecurity Assessment Tool (CAT) for credit unions.

 

Fortunately, new technology has helped produce free online resources such as some of the links above, and Cybersecurity-as-a-Service providers have grown in prominence and are available to help resource-constrained small and medium-size enterprises (SMEs). These outside resources are key to navigating some of the thorny compliance issues and cybersecurity challenges your business is facing in the year ahead.

 

Cygilant Technical Brief Best of Breed Technologies Meet the Human Element for Maximum Protection

Tags: Cybersecurity-as-a-Service

Most Recent Posts

Subscribe to the Cygilant Newsletter