The National Institute of Standards and Technology (NIST) sets the information security standards for federal agencies. Through its Special Publication (SP) 800-series, NIST helps organizations meet regulatory compliance requirements such as HIPAA, and SOX. The recent update to the... Read More
Specops uReset and GDPR compliance
With the introduction of Specops uReset (version 8.1 or later) in the Microsoft EU data center, organizations can now choose which instance of Specops uReset they want to use. Specops uReset is a hybrid password reset solution. The cloud... Read More
How do I create HITRUST compliant password policies?
The HITRUST CSF clarifies guidelines on security standards for the healthcare industry with specific feature recommendations where the password management system is concerned. Read More
How and why the NHS should transform password policy for greater security
The password policy guidance from the NHS doesn't stand a chance against today's attacks. With a single breach opening the door to other systems, the NHS needs to stop users from using vulnerable passwords. Read More
Why are organisations at risk of password leaks and password dictionary attacks?
As long as people reuse their passwords, dictionary attacks will work. Password blacklisting is an effective way to shift the burden from users and prevent dictionary attacks. Read More
NCSC password recommendations ignored – survey reveals obsolete practices
Since assuming its role as UK’s weapon in security IT, the National Cyber Security Centre (NCSC) has published various best practice guides on topics related to IT infrastructure, most notably a Password Guidance to help organizations simplify their approach.... Read More
What breach disclosure requirements mean for your organization
Following a data breach incident, organizations following compliance standards, such as HIPAA, need to follow certain data breach notification requirements. This post will summarize some of these requirements, as well as regional-specific disclosure responsibilities. For the purposes of this... Read More
New MFA requirements for PCI password compliance
The Payment Card Industry Data Security Standard (PCI DSS) regulates security practices to protect cardholder data. Password compliance plays an important role in the PCI standards by dictating password complexity to strengthen defense against unauthorized access. New requirements coming... Read More
The role of passwords in HIPAA compliance
Healthcare is a high value target for hackers given the nature of the data and its poor security stance – ranking the sixth lowest, in security performance across industries. Passwords are the first line of defense against cyberattacks and... Read More
NIST and password compliance guidelines
The new password guidelines from National Institute of Standards and Technology (NIST) are changing how companies and organizations view password security. The guidelines say: Do allow for longer passwords and choosing original secret questions, Don’t allow users to choose... Read More