Compliance Guides

PCI DSS Version 3.0 Compliance Guide

PCI DSS Version 3.0 Compliance Guide

Negative media coverage, a loss of customer confidence, and the resulting loss in sales can cripple a business. As a result, all entities that handle credit cardholder information are being challenged to adopt more effective data protection measures. The Payment Card Industry (PCI) Data Security Standard (DSS) was created to confront the rising threat to credit cardholder personal information. This compliance guide will provide readers with an overview of the requirements as well as suggested steps in achieving PCI compliance.

HIPAA and HITECH Act Compliance Guide

Rapid7 HIPAA and HITECH Act Compliance Guide

When private medical records are breached, healthcare service providers suffer damage to their brand, reputation, loss of trust from their patients, and severe financial repercussions. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates that appropriate administrative, technical, and physical safeguards be used to protect the privacy and security of sensitive health information. This compliance guide will provide readers with an overview of the requirements as well as suggested steps in achieving HIPAA compliance.

NERC Compliance Guide

Rapid7 NERC-CIP Compliance Guide

The North American Electric Reliability Corporation (NERC) introduced Critical Infrastructure Protections (CIPs) as mandatory cyber security regulations, intended to protect the bulk electric grid. This compliance guide, updated according to NERC CIP version 4 (applicable as of June 25, 2012), provides an overview of the compliance requirements as well as steps to achieve NERC compliance.

FISMA Compliance Guide

Rapid7 FISMA Compliance Guide

All government agencies, government contractors, and organizations that exchange data directly with government systems must be FISMA compliant. This may include such diverse entities as data clearinghouses, state government departments, and government military subcontractors if data is exchanged directly with Federal government systems. Coverage may expand to include public and private sector entities that utilize manage or run critical infrastructures if FISMA security controls are combined with the Consensus Audit Guidelines as part of the new U.S. Information and Communications Enhancement (ICE) Act.

CAG Compliance Guide

Rapid7 SANS Top 20 Controls Compliance Guide

In 2008, the SANS Institute, a research and education organization for security professionals, developed the Top 20 Critical Security Controls (CSCs) to address the need for a risk-based approach to security. Prior to this, security standards and requirements frameworks were predominantly compliance-based, with little relevance to the real-world threats they are intended to address. The Top 20 Controls are prioritized to help organizations focus security efforts to have the greatest impact in improving their risk posture. This compliance guide will provide readers with an overview of the requirements as well as how Rapid7 can help organizations apply the Top 20 Controls to their security program.

Massachusetts Privacy Law Compliance Guide

Rapid7 Massachusetts Privacy Law Compliance Guide

In an effort to protect Massachusetts residents from the rising incidence of fraud and identity theft from data loss, the State of Massachusetts has implemented aggressive regulatory requirements to protect personal information. The state now requires mandatory compliance with 201 CMR 17.00 - Standards for the Protection of Personal Information of Residents of the Commonwealth (also known as just 201 CMR 17, or the Massachusetts Privacy Law). This compliance guide will provide readers with an overview of the requirements as well as suggested steps in achieving compliance with the Massachusetts Data Privacy Law (Mass 201 CMR 17).