Highest Voted 'compliance' Questions - IT Security Stack Exchange

1

vote

3 answers

Information Security standards in corporations

I'm developing a web based application. I want to create it so that it could be adopted by teams within corporations and large organisations that have tight IS standards. The initial organisations targeted are not in specifically regulated…

web-application compliance

asked Feb 20 '12 at 14:26

Boz

595
1
4
8

0

votes

1 answer

Enterprise Encryption Considerations

What are the different aspects to consider for Enterprise Encryption policy? So far the resources I have…

cryptography encryption compliance public-key-infrastructure databases

asked Dec 19 '11 at 00:26

Epoch Win

922
2
7
14

0

votes

3 answers

Are penetration and vulnerability testing required for PCI compliance?

If a company needs to be PCI compliant, are there any fines levied on them if they don't do penetration or vulnerability testing? If yes, is it an automatic fine, or is it only if they are caught?

penetration-test pci-dss compliance

asked May 13 '15 at 17:16

pzirkind

707
6
12

0

votes

1 answer

Is PCI SAQ A or A-EP applicable for my use case?

I read the FAQ over here andI feel that we do not need to be PCI Compliance but I have read many other posts, articles etc which seem to contradict my assumption. So I was wondering if any of you guys can throw some light on it. Here is my use…

pci-dss credit-card compliance pci-scope

asked May 11 '15 at 19:22

Chantz

103
4

0

votes

1 answer

Viewing PCI data via 3rd party sites securely

I'm working on a project that requires PCI protected data (card PIN numbers) to be made visible to customers, via a Third Party (a non PCI compliant) company site. The hierarchy is as follows: Us > PCI Complaint > Platform Provider Third-party >…

tls compliance credit-card

asked Jan 05 '15 at 11:54

Jonny Wilson

3
1

0

votes

1 answer

What is the danger or downside of using online/cloud web app scanner vs on premise ones?

Cloud scanners are becoming more common these days. Pricing is a lot cheaper than on premise scanners. My concern with cloud scanners is that they store sensitive information on 3rd party network. (I am not sure if the sensitive information only…

web-application compliance vulnerability

asked Sep 04 '14 at 17:49

DoodleKana

329
2
4
12

0

votes

1 answer

HIPAA compliant on Azure cloud?

We are using WebRoles to host our api, Table storage to persist PHI and Blob Storage to persist MRIs and CT images. What is required to become HIPAA Compliant? -- Edit 2014-02-17 -- I just want to know where to start

compliance cloud-computing hipaa

asked Feb 16 '14 at 13:51

Mahmoud Samy

101
3

0

votes

1 answer

When does a PA-DSS certified application expire?

When you search the PCI website for validated payment applications it shows a re-validation date and an expiry date. There is also two categories of payment applications, "Acceptable for new Deployments" and "Acceptable only for Pre-Existing…

pci-dss compliance

asked Dec 31 '13 at 17:52

Timee

591
2
9

0

votes

1 answer

How to enforce NTFS permission compliance?

I have to enforce NTFS permissions based on business roles. Each role (group in ADS) can be granted the permission to read or write a file server directory. I do not care about share permissions. I care about permissions stored in the NTFS. I have…

windows compliance ntfs

asked Feb 21 '13 at 09:22

ceving

462
2
7

0

votes

3 answers

How do you monitor the security control compliance for third party providers?

I wonder what a small startup would typically do concerning third-party compliance? Are you expected to send third-party vendors a security questionnaire? Do you need to do that regularly?

compliance third-party

asked Jun 07 '21 at 14:20

sk904861

101

0

votes

1 answer

Do the organisational policies need to have ownership to ensure accountability?

Policies are the high-level statement from Senior Management. It's a philosophy for the management to be guided by, and management has the direction to plan, build, run and monitor the activities to achieve the enterprise objectives from the…

audit compliance corporate-policy

asked Apr 24 '21 at 11:15

Reasad Amin

13
2

0

votes

0 answers

SCAP Implementation In Industrial Setting

I work in an industry that uses manufacturing equipment that typically run on Windows or unix-like OS. An industry body is developing security standards and plans to require the use of Security Content Automation Protocol so I was wondering about…

compliance

asked Mar 25 '21 at 14:25

dvd940

1

0

votes

1 answer

What is the NIST/FIPS publication process? How long does it usually take for drafts to become final?

I'm specifically concerned with EdDSA being made FIPS compliant, which I realize might take longer with the concerns raised with ECDSA, but I'm curious what the process actually is. Is it all internal to NIST with just the Public Comment Period…

encryption cryptography compliance fips nist

asked Sep 21 '20 at 21:50

joshhemphill

111
3

0

votes

1 answer

Software update process (dependencies) in organization

Wondering how other organizations manage software update process. We are a startup, were we try to define components owners, which should update them (security updates etc). This does not to seem to work well. People leave, components are left not…

compliance software risk-management updates software-engineering

asked Jul 23 '20 at 15:44

dev

937
1
8
23

0

votes

1 answer

Is sending an Email without any PHI violates HIPAA privacy rule?

I am evaluating options to choose email providers for a HIPAA compliant web application. I understand that, if the email contains any form of PHI, it would be violating the HIPAA rule especially if the email is not encrypted. What if the email that…

compliance hipaa

asked May 17 '20 at 15:54

Ajeesh Joshy

111
2

Questions tagged [compliance]