https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/tags/standards/Recent content in Standards onHugo -- gohugo.ioen-USWed, 23 Jul 2025 01:24:23 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/pci-dss-4/intro-pci-dss-4/Wed, 21 Aug 2024 14:05:09 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/pci-dss-4/intro-pci-dss-4/PCI DSS 4.0, or Payment Card Industry Data Security Standard, is a global standard in the payments industry that includes a set of foundational technical and operational requirements surrounding the protection of payment data. Its goal is to ensure the security of information involved when payment cards are used and while those payments are processed. PCI DSS 4.0 replaces the earlier PCI DSS 3.2.1, which was retired in March 2024.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/cmmc-2/intro-cmmc-2/Fri, 09 Aug 2024 19:10:09 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/cmmc-2/intro-cmmc-2/CMMC 2.0, or Cybersecurity Maturity Model Certification, is a cybersecurity framework established by the U.S. Department of Defense (DoD). It aims to ensure that contractors and subcontractors within the Defense Industrial Base (DIB) comply with rigorous cybersecurity standards. CMMC 2.0 replaces the previous CMMC model with a streamlined and updated version that incorporates lessons learned and feedback from industry stakeholders. If you are a contractor, subcontractor, or supplier contracting with the DoD, you will need to meet the requirements of CMMC 2.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/cmmc-2/cmmc-2-levels/Fri, 09 Aug 2024 19:10:09 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/cmmc-2/cmmc-2-levels/The Cybersecurity Maturity Model Certification (CMMC) 2.0 integrates various cybersecurity standards and best practices into a unified model that encompasses three maturity levels. Each level builds upon the previous one, with increasing rigor in cybersecurity practices and processes. In this article, we’ll provide an overview of the three levels of maturity and example practices that are representative of their requirements. Level 1: Foundational Contractors and subcontractors who handle only Federal Contract Information (FCI) typically need this level of certification.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/pci-dss-4/pci-dss-practices/Wed, 21 Aug 2024 14:05:09 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/pci-dss-4/pci-dss-practices/PCI DSS 4.0, or Payment Card Industry Data Security Standard is intended for all entities that store, process, or transmit cardholder data and/or authentication data that could impact the security of the cardholder data environment. This includes all entities interacting with information such as the following: Cardholder Data Primary account number Cardholder name Expiration date Authentication Data Full track data, such as on a magnetic stripe or chip Card verification code (the number on the back) PINs PCI DSS 4.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/cmmc-2/cmmc-practices/Fri, 09 Aug 2024 19:10:09 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/cmmc-2/cmmc-practices/Cybersecurity Maturity Model Certification (CMMC) 2.0 requires a progressive set of practices. Level 1 has 17 practices. Level 2 includes Level 1 practices plus an additional 110 practices. Level 3 practices include Level 2 practices, plus additional practices that are still being determined. These practices are divided into 14 domains, each of which covers a different aspect of cybersecurity. Wait, you may be wondering. Are “practices” the same as “controls” or “requirements?https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/pci-dss-4/pci-dss-chainguard/Wed, 21 Aug 2024 14:05:09 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/pci-dss-4/pci-dss-chainguard/Compliance with PCI DSS 4.0, or Payment Card Industry Data Security Standard, requires adherence to strong security standards. Rigorous requirements must be met in order to secure your networks, systems, storage, and access according to the guidelines. Chainguard doesn’t build images specifically for PCI DSS, but our images can help you meet the requirements in many ways, easing your burden in the process of achieving compliance. Securing your software supply chain provides a solid foundation for minimizing vulnerabilities.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/cmmc-2/cmmc-chainguard/Fri, 09 Aug 2024 19:10:09 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/cmmc-2/cmmc-chainguard/Achieving Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2 or Level 3 certification can be a complex and resource-intensive process, particularly for organizations managing containerized environments and addressing vulnerabilities. Chainguard simplifies this journey by offering specialized solutions that drastically reduce the time and effort needed to meet compliance requirements. Our FIPS-compliant Federal Information Processing Standard images, combined with detailed SBOM (Software Bill of Materials) and STIG-hardened (Security Technical Implementation Guide) configurations, provide a strong foundation for meeting the requirements of CMMC 2.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/slsa/slsa-chainguard/Wed, 23 Jul 2025 01:24:23 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/slsa/slsa-chainguard/SLSA (pronounced “salsa”), or Supply chain Levels for Software Artifacts, is a security framework consisting of standards and controls that prevent tampering, improve integrity, and secure packages and infrastructure. It is described in depth in What is SLSA?. All Chainguard products — including Chainguard Containers, Guarded VMs, and Chainguard Libraries — are SLSA Level 3 compliant to provide confidence in the security of these products. This page describes what we have done to bring Chainguard products into full SLSA Level 3 compliance.https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/cis-benchmarks/Wed, 18 Sep 2024 14:05:09 +0000https://deploy-preview-3174--ornate-narwhal-088216.netlify.app/compliance/cis-benchmarks/The Center for Internet Security (CIS) is a nonprofit organization dedicated to enhancing the cybersecurity posture of organizations worldwide. Founded in 2000, CIS aims to develop best practices and guidelines that help organizations protect themselves against cyber threats. CIS’s mission is to foster collaboration among security professionals, policymakers, and industry leaders to safeguard both public and private organizations against cyber threats. One of the ways it does this is by publishing CIS Benchmarks: a set of recommendations that, when applied to a given tool, can help to harden it against threats.