OSCAL and CMMC: Exploring the Relationship - This article delves into the relationship between OSCAL (Open Security Controls Assessment Language) and CMMC (Cybersecurity Maturity Model Certification), examining how OSCAL is utilized within the context of CMMC and discussing the potential impact of OSCAL on streamlining compliance processes, improving security controls implementation, and enhancing assessment methodologies within the CMMC framework.
Safeguarding Controlled Unclassified (CUI) Under CMMC 2.0
Controlled Unclassified Information (CUI) plays a pivotal role in government operations, encompassing government-owned or created information that necessitates safeguarding through information security controls, even though it is not classified.
The highly anticipated NIST Cybersecurity Framework, v2.0 document is out and we have it mapped. US National Institute of Standards and Technology's release on February 26, 2024 is now part of the Common Controls Hub. Check it out here!
Newsletters: Read Past Editions
Want to read the news released about Unified Compliance? All released newsletters are posted the same day they are emailed. Check out past-UCF news. Read our Newsletters.
Upcoming Documents
The UCF team has plans to map the following Documents:
GAO Yellow Book
OWASP Application Security Verification Standard 4.0.3
16 CFR Part 318, Health Breach Notification Rule
SWISS-U.S. DATA PRIVACY FRAMEWORK
ISO/IEC 27005:2022
Blueprint for an AI Bill of Rights
ISO/IEC TS 27110:2021
UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK
Code of Virginia Title 59.1, Chapter 53, Consumer Data Protection Act, April 11, 2022
Authority Documents
What's new and popular in the CCH?
See the list below for Authority Documents published since our last newsletter.
Cybersecurity
45 CFR Part 164 Subpart D, Notification in the Case of Breach of Unsecured Protected Health Information [AD 3729]
COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework [AD 3712]
EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES [AD 3723]
Health IT
45 CFR Part 164 Subpart D, Notification in the Case of Breach of Unsecured Protected Health Information [AD 3729]
IT Security
45 CFR Part 164 Subpart D, Notification in the Case of Breach of Unsecured Protected Health Information [AD 3729]
COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework [AD 3712]
SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022 [AD 3647]
Monitoring and Reporting
45 CFR Part 164 Subpart D, Notification in the Case of Breach of Unsecured Protected Health Information [AD 3729]
SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022 [AD 3647]
Operational Management
EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES [AD 3723]
Privacy
COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework [AD 3712]
EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES [AD 3723]
SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, October 15, 2022 [AD 3647]
Third Party and Supply Chain Management
EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES [AD 3723]
Which Authority Documents are most important to you?
Here's this month's list of the 50 most selected Authority Documents, including how many groups and initiatives each Authority Document has been assigned!
Thanks for Reading our newsletter. If you have any suggestions or comments, pleaseemail us.