Discover how ACU-Serve turned to RISCPoint and AWS to reinforce compliance, mitigate threats, and protect patient data with unparalleled rigor. Gain insight into their HITRUST certification journey and the key strategies that keep sensitive healthcare information secure.

CLEVELAND, November 7, 2024 – RISCPoint Advisory Group, a leading cybersecurity and compliance services provider, proudly announces its elevation to AWS Advanced Tier Services Partner status within the AWS Partner Network (APN). This milestone reflects RISCPoint's demonstrated technical expertise and consistent delivery of successful client outcomes in cloud security and compliance.

RISCPoint Advisory Group, a leader in cybersecurity and compliance, is pleased to announce the promotion of several outstanding team members across our organization. These promotions reflect RISCPoint's commitment to recognizing talent and fostering a culture of growth and excellence for those who reflect our core values of Listening to Understand, Owning the Objective, Putting in the Work, and Aspiring to Greatness.

RISCPoint Advisory Group, a leader in custom-tailored security and compliance services, today announced the launch of RADAR, an innovative all-in-one cybersecurity platform. Combining continuous threat discovery with expert-led Penetration Testing as a Service (PTaaS), RADAR represents a significant leap forward in proactive security and risk management. Launched at Blackhat, during one of the cybersecurity industry's most exciting weeks, RADAR has made an instant impact, leveraging artificial intelligence to provide real-time vulnerability detection across multiple attack surfaces. The platform offers continuous scanning and on-demand penetration testing by certified ethical hackers, ensuring comprehensive security assessments and compliance reporting.

Achieving FedRAMP authorization is just the beginning for Cloud Service Providers (CSPs). Maintaining this authorization requires continuous compliance with stringent security standards and regular assessments to ensure cloud environments remain secure. Key tasks include monitoring security incidents, conducting vulnerability scans, effective patch management, maintaining secure configurations, performing regular security control assessments, and managing Plans of Action and Milestones (POA&M). Notably, CSPs must transition their hardening standards to DISA STIGs or CIS Level 2 as per Revision 5 requirements to avoid losing authorization. Continuous diligence in these areas ensures ongoing authorization and the ability to serve federal agencies securely.

RISCPoint attended AWS re:Inforce 2024 to gain insights into the latest advancements in cloud security. Key highlights included AWS's new security features such as Amazon GuardDuty Malware Protection for Amazon S3 and passkey MFA for IAM users, emphasizing the integration of AI in security practices. Additionally, AWS CISO Chris Betz's keynote on the importance of a robust security culture and networking opportunities through the AWS Global Security and Compliance Acceleration Program underscored the collaborative efforts in driving industry standards forward.

Security and compliance are paramount concerns for businesses of all sizes, however, small and medium-sized businesses (SMBs), in particular, face unique challenges in navigating these complex topics while striving for innovation and growth. On the latest Cloudy with a Chance of AWSome podcast episode “Security & Compliance for SMBs”, RISCPoint’s CEO, Jake Nix, and COO, Matt Drewyor, explore how RISCPoint and AWS are reshaping the security and compliance landscape for SMBs with podcast hosts Hayden Chase Kuzma and Benjamin King, SMB Account Managers at AWS.

Regulation S-K § 229.106 (Item 106) requires companies to proactively manage and transparently disclose their cybersecurity risks and countermeasures, recognizing that cyber incidents can significantly impact a company's financial health and investor trust. This SEC rule mandates comprehensive risk assessments and the engagement of external consultants, emphasizing cybersecurity as a crucial, immediate concern for regulatory compliance and protection against cyber threats.

RISCPoint has partnered with anecdotes to offer enterprise-grade cybersecurity and compliance management solutions tailored for startups and SMBs, leveraging a data-driven approach and RISCPoint's expertise to enable rapid adoption of compliance frameworks and build trust-based security programs. This collaboration, which emphasizes flexibility, customization, and client-centric solutions, aims to empower businesses to meet regulatory requirements confidently and thrive in the digital landscape.

New red team requirement introduced in FedRAMP Revision 5 and NIST SP 800-53 Rev 5 emphasize proactive defense mechanisms in cybersecurity. It explores the concept of red teaming, the challenges of implementing these exercises without explicit guidance, and suggests approaches for internal execution and partnering with external experts like RISCPoint. The post also speculates on future guidance from the FedRAMP Program Management Office, emphasizing the importance of integrating red team findings into continuous improvement processes for enhanced cybersecurity resilience.

RISCPoint is thrilled to announce the launch of an upcoming webinar series focused on the latest trends, insights, and best practices in cybersecurity and compliance. The series will cover a wide range of topics including the intricacies of FedRAMP, securing cloud environments, navigating compliance challenges for frameworks like SOC 2, ISO 27001, HIPAA, and GDPR, understanding threat intelligence and incident response, and building a resilient security program. This is a valuable opportunity to expand your cybersecurity knowledge and enhance your organization's security posture with expert guidance from RISCPoint.

RISCPoint outlines five essential steps to bolster cybersecurity during the holiday season, emphasizing vigilance against phishing, securing remote work, being cautious of smishing, keeping devices updated, and the importance of continuous education to protect businesses from increased cyber threats.

RISCPoint highlights the critical roles of compliance and risk management in safeguarding organizations from cybersecurity threats, advocating for a nuanced understanding and application of both. It offers customized support to businesses in meeting diverse compliance standards and enhancing their risk management strategies, aiming for improved security and operational continuity.

RISCPoint joins the AWS Global Security & Compliance Acceleration Program, showcasing its cybersecurity and compliance expertise. Through specialized consulting services and innovative offerings, including a collaborative HITRUST initiative, RISCPoint aims to enhance AWS customers' compliance journeys and expand its impact in the cybersecurity domain.

Insightin Health announces its population analytics platform, inGAGE™ on Microsoft Azure, as the first to achieve NIST SP 800-171 compliance, enhancing security for Tricare military members' data. This milestone, achieved in collaboration with RISCPoint, underscores their commitment to advanced cybersecurity standards, benefiting active and retired military families with secure, HIPAA-compliant healthcare solutions.

Exploring the challenges of achieving FedRAMP authorization: Unveiling the critical pain points faced by Cloud Service Providers (CSPs) in navigating the complex assessment process to unlock federal marketplace opportunities.

RISCPoint Advisory Group Welcomes Matt Wiese as Director of Cybersecurity Operations Services: Enhancing Cybersecurity Capabilities with Platform Security Expertise.

RISCPoint proudly achieves FedRAMP® and StateRAMP 3PAO accreditation, reinforcing its commitment to cybersecurity excellence and serving as a trusted extension of FedRAMP's mission to secure the cloud. With this recognition, RISCPoint continues to elevate its advisory services, offering unparalleled expertise in compliance across various industries.

Amid cyber breaches at MGM Resorts and Caesars Entertainment, RISCPoint delves into the details, exploring the culprits, methods, and potential aftermath of these high-profile attacks. With insights into the intricate workings of cybercrime and its ramifications, RISCPoint underscores the urgent need for robust cybersecurity measures in today's interconnected world.

Delve into the security challenges posed by the Bring Your Own Device (BYOD) model, citing the potential for compromised personal computers to leak sensitive data and open doors for cyber threats. RISCPoint offers strategic approaches like access restriction, education, and implementing a zero-trust architecture to navigate these risks and ensure a more secure organizational environment.

The EU-U.S. Data Privacy Framework, endorsed by the European Commission on July 12, 2023, establishes a new standard for transatlantic data transfers, ensuring GDPR-compliant data protection. RISCPoint highlights the framework's impact, offering compliance guidance for organizations to navigate this revised data privacy landscape effectively.

The draft of NIST SP 800-171 Revision 3 introduces crucial updates for federal contractors, aiming to enhance protection of Controlled Unclassified Information (CUI) in nonfederal systems. RISCPoint emphasizes the importance of understanding these changes, including new control families and refined security requirements, to ensure compliance and secure federal contracts effectively.

RISCPoint demystifies the differences between penetration testing and red teaming, crucial methodologies for assessing an organization's security posture. While penetration testing focuses on identifying technical vulnerabilities within a controlled environment, red teaming provides a comprehensive, real-world attack simulation, assessing both technical defenses and human factors. This article elucidates the importance of both approaches in forming a robust cybersecurity strategy, especially with new FedRAMP requirements emphasizing red teaming's role in security assessments.

Outsourcing internal audits to third-party experts offers unparalleled value, objectivity, and specialized knowledge, enhancing an organization's risk management, security, and compliance. RISCPoint highlights how leveraging external expertise not only ensures a thorough and unbiased assessment but also optimizes resources, offering a cost-effective strategy for continuous improvement in today's evolving cybersecurity landscape.

Partnering with an implementation expert for ISO/IEC 27001 can transform the complex process into a streamlined, efficient, and customized journey, offering organizations expertise, cost savings, and a tailored Information Security Management System (ISMS) that meets specific needs and future challenges. RISCPoint emphasizes the value of such partnerships in overcoming implementation hurdles and achieving sustainable success in information security management.

RISCPoint Advisory Group is excited to welcome Adam Lubbert as the new Director of Cybersecurity Compliance Services, bringing his extensive background in security and compliance leadership from Fortune 50 companies and startups to enhance RISCPoint's advisory services. Adam's expertise and leadership are set to make significant contributions to the firm's growth and client service excellence.

RISCPoint offers essential guidance for Cloud Service Providers navigating the FedRAMP Rev. 4 to Rev. 5 transition, emphasizing the importance of identifying gaps by September 1, 2023, and outlining a clear, strategic approach to compliance with the new baselines. This move ensures CSPs maintain their FedRAMP authorization efficiently, reinforcing RISCPoint's commitment to supporting clients through complex cybersecurity and compliance challenges.

RISCPoint Advisory Group proudly welcomes Jason Kor as the new Director of Cybersecurity Compliance Services. With his extensive expertise in healthcare security, governance, and risk management, Jason is set to strengthen RISCPoint's commitment to delivering top-notch security and compliance solutions to its clients.

RISCPoint highlights the importance of penetration testing as a cornerstone of cybersecurity, outlining essential steps for a successful first test. From defining the scope and securing permissions to choosing the right partner, this guide ensures your organization is well-prepared to identify vulnerabilities, evaluate security controls, and enhance your overall security posture.

RISCPoint Advisory Group is thrilled to announce Bennett Warner as the new leader of our Cybersecurity Services Practice. With a rich background in offensive security, software development, and national defense, Bennett is set to enhance our offerings in penetration testing, vulnerability management, and security engineering, furthering our mission to safeguard organizations against evolving cyber threats.

RISCPoint breaks down the critical updates and transition plan for FedRAMP Revision 5 Baselines, highlighting the key considerations for Cloud Solution Providers. With a focus on alignment with NIST SP 800-53, Rev. 5, this guide outlines the phases of Planning, Initiation, and Continuous Monitoring to ensure compliance and enhance cybersecurity frameworks for federal government cloud services.

RISCPoint Advisory Group is excited to welcome Tony Bai as the new Executive Vice President for the Public Sector. With his extensive background in US Federal Cybersecurity and Compliance, and his experience as a military cyber professional, Tony is set to bolster RISCPoint's commitment to helping clients achieve their cybersecurity and compliance goals, particularly in areas such as FedRAMP, StateRAMP, and CMMC.

Penetration testing, or "pen testing," is an essential tool for safeguarding your organization's sensitive information and ensuring robust cybersecurity. By simulating real-world attacks, pen testing identifies vulnerabilities in your systems and evaluates the effectiveness of your security measures. RISCPoint's custom-tailored penetration tests offer a proactive approach to identifying and mitigating potential threats, ensuring your organization's security framework is as strong and resilient as possible.

RISCPoint highlights the critical importance of understanding and preventing social engineering attacks in today's digital landscape. From phishing and vishing to smishing and whaling, these deceptive tactics exploit human trust to compromise sensitive information. Learn how to safeguard your organization against these increasingly sophisticated threats and consider the role of regular penetration testing in fortifying your cybersecurity defenses.

RISCPoint demystifies the Federal Information Security Management Act (FISMA) for organizations involved with the federal government. Learn the key provisions, requirements, and benefits of FISMA compliance, and discover how partnering with a virtual CISO like RISCPoint can ensure your security and compliance needs are met, safeguarding sensitive federal information and enhancing your chances of securing federal contracts.

RISCPoint explores the advantages of adopting the National Institute of Standards and Technology's Cybersecurity Framework (NIST CSF) for organizations of all sizes and sectors. Discover how this voluntary framework provides a structured approach to cybersecurity, offering benefits such as a common organizing structure, flexibility, privacy considerations, and workforce development, ultimately enhancing your organization's cybersecurity maturity and posture.

RISCPoint explores the crucial role of a virtual Chief Information Security Officer (vCISO) in providing expert security and compliance guidance for organizations. Discover how a vCISO can offer flexible, on-demand expertise to enhance your security foundation, compliance posture, and overall cybersecurity hygiene, while also representing your company's best interests to customers and stakeholders.

RISCPoint outlines key factors to consider when selecting a FedRAMP consultant for your organization's authorization journey. From assessing the depth of expertise and communication skills to evaluating cost and experience with the Program Management Office, these considerations are crucial in ensuring a smooth and successful path to FedRAMP compliance.

RISCPoint identifies crucial cybersecurity threats in 2022, including ransomware and software supply chain attacks, emphasizing the importance of a strong defensive strategy. Learn about the financial and repetitional impacts of breaches and discover key practices like security awareness training, regular backups, and continuous penetration testing to safeguard your organization against these evolving threats.

RISCPoint highlights the alarming increase in ransomware attacks worldwide, emphasizing the critical need for organizations to stay vigilant. Learn three key strategies to enhance your cybersecurity defenses, including minimizing human vulnerabilities through continuous training, bringing in an expert like a virtual CISO, and staying informed about industry-specific threats, especially in sectors like healthcare where breaches are surging.

RISCPoint sheds light on the significant updates in FedRAMP Revision 5, including the addition of three new control families: Supply Chain Risk Management, Personally Identifiable Information Processing and Transparency, and Program Management. Understand the implications of these changes for your organization's cybersecurity and compliance needs and learn how to prepare for the upcoming shift in requirements.

RISCPoint outlines the significant changes in FedRAMP Revision 5, highlighting the shift to a Threat-Based Methodology aligned with MITRE ATT&CK Framework version 8.2. Understand how this update strengthens security, reduces the number of additional controls, and what it means for your organization's compliance programs as you prepare for the new standards.

RISCPoint highlights the latest advisory from CISA and the Department of Energy, urging U.S organizations to secure their uninterruptible power supply (UPS) devices against potential cyberattacks in the wake of the Russia-Ukraine conflict. Learn about the recommended measures to protect internet-connected UPS devices and the importance of staying vigilant during these tumultuous times.

RISCPoint delves into the implications of the recently signed Strengthening American Cybersecurity Act, highlighting its focus on enhancing federal cybersecurity laws, increasing reporting requirements for critical infrastructure, and promoting secure cloud technology use. Understand the potential impact on your organization and the importance of preparing for the expanded cybersecurity and compliance requirements set forth by this landmark legislation.

RISCPoint addresses the potential cybersecurity implications of Russia's invasion of Ukraine, highlighting the urgent need for organizations to adopt a heightened security posture. Learn key measures recommended by the CISA to proactively protect your critical assets, including multi-factor authentication, regular patching, and having a mature incident response plan, in light of the increased cyber risk posed by potential Russian retaliation.

RISCPoint introduces StateRAMP, a consortium aimed at enhancing cybersecurity for state and local governments by vetting third-party vendors' security postures. Modeled after the federal FedRAMP framework, StateRAMP aims to protect citizen data, save taxpayer dollars, and promote cybersecurity best practices, addressing the unique needs of state and local governments not covered by FedRAMP.

RISCPoint outlines the advantages of obtaining a HITRUST certification, a comprehensive framework that helps organizations in the healthcare sector and beyond to enhance their security posture, meet industry demands, and streamline compliance efforts. Discover how this certification can provide an in-depth assessment of your security framework, offer a competitive edge, and save time and resources by fulfilling multiple regulatory requirements with a single certification.

RISCPoint offers a comprehensive guide to help organizations navigate the complexities of achieving compliance across multiple control frameworks like SOC 2, ISO/IEC 27001, HITRUST, and HIPAA. Learn how to define your compliance objectives, select an appropriate controls framework, implement controls effectively, and monitor their effectiveness to ensure a robust and efficient compliance program that meets the evolving demands of the cybersecurity landscape.

RISCPoint CEO Jake Nix reflects on the firm's growth in 2021, attributing success to the passion that drives the team, partners, and clients. He highlights the importance of meaningful work, autonomy, and deepened relationships in creating a thriving ecosystem. As RISCPoint continues to grow, the commitment to core values and the pursuit of passion remain central to delivering top-notch security and compliance services.

RISCPoint outlines essential factors for vendors aiming to achieve StateRAMP authorization, highlighting the inaugural class of approved vendors like BlackBerry, Cisco, and Microsoft. Understand the rigorous requirements, including compliance with NIST SP 800-53 Rev. 5, the need for a trusted advisor, a thorough security controls assessment, ongoing monitoring, and the determination of impact level categories, to successfully navigate the StateRAMP authorization process for state and local government contracts.

RISCPoint breaks down the key changes and preparations needed for CMMC 2.0, the streamlined standard set to impact government contractors and the Defense Industrial Base. Learn about the reduction in levels, expanded self-assessment eligibility, and the importance of aligning with NIST 800-171 to ensure your organization is ready for the immediate implementation of CMMC 2.0 upon approval.

RISCPoint Advisory Group welcomes John Duda, Chairman and CEO of Summit Exercises & Training®, to its advisory board, bringing his vast experience in federal preparedness programs to enhance the company's cybersecurity and compliance services. Duda's expertise will support RISCPoint's mission to provide high-quality advisory support and expertise in the rapidly evolving federal cybersecurity and compliance landscape.

RISCPoint Advisory Group proudly announces the addition of Matt Drewyor, a seasoned expert in IT SOX, cybersecurity, and IT risk assessments, to its expanding team. With a rich background from PwC, Deloitte, and First Solar, Drewyor is set to lead service delivery, further enhancing RISCPoint's commitment to providing agile, high-quality cybersecurity and compliance services to its clients.

RISCPoint emphasizes the importance of a strong security culture in today's cybersecurity landscape, highlighting three essential qualities: making security accessible to all employees, ensuring consistent training and compliance, and fostering a culture of accountability rather than punishment. Discover how these practices can empower your workforce and safeguard your organization against potential breaches.

RISCPoint Advisory Group proudly announces its new status as a Registered Provider Organization (RPO) within the CMMC ecosystem, further enhancing its commitment to serving the Defense Industrial Base. This accreditation enables RISCPoint to guide clients through the complexities of CMMC certification, adding to its comprehensive range of security and compliance services.

RISCPoint emphasizes the increasing significance of the Cybersecurity Maturity Model Certification (CMMC) for government contractors within the Defense Industrial Base. With the integration of CMMC into the Defense Federal Acquisition Regulation Supplement (DFARS), it's crucial for suppliers and contractors to comply with the new provisions to protect sensitive information and maintain eligibility for DoD contracts. Learn about the requirements for obtaining a CMMC and how it impacts your business in the defense sector.

RISCPoint Advisory Group is thrilled to support Team Row4Hope in their endeavor to compete in the Talisker Whisky Atlantic Challenge, aiming to raise awareness and funds for the Make-A-Wish® foundation of Central and Northern Florida. As the team embarks on this challenging 3,000-mile ocean rowing race, RISCPoint's sponsorship reflects their commitment to community involvement and charitable causes, aligning with their mission to integrate cybersecurity solutions with business goals.

RISCPoint is proud to launch the RISCPoint Apprenticeship Program, aimed at fostering the growth of future Compliance and Cybersecurity professionals. The program offers hands-on experience, mentorship, and exposure to various practice specialties, embodying the company's commitment to employee development and community investment in the cybersecurity field.

RISCPoint breaks down the differences between FedRAMP and StateRAMP, two frameworks designed to standardize security assessments for cloud services. While both are modeled after NIST standards, FedRAMP applies to federal government vendors, whereas StateRAMP caters to state and local government entities. Learn about the paths to authorization for each and how existing FedRAMP authorizations can benefit from reciprocity agreements with StateRAMP.

RISCPoint highlights the importance of understanding the five SOC 2 Trust Services Criteria—Security, Availability, Confidentiality, Processing Integrity, and Privacy—for organizations looking to conduct business securely and competitively. Learn how each criterion addresses specific aspects of information security and how to determine which criteria to include in your SOC 2 audit for a robust and relevant report.

RISCPoint highlights the increasing scrutiny on Segregation of Duties (SoD) controls, particularly as organizations continue to automate business processes. As cross-platform functions grow, ensuring proper SoD becomes more complex and critical. Learn how to prepare for the anticipated challenges by reviewing key business processes, developing process flowcharts, and creating comprehensive SoD and Sensitive Access inventories to maintain a robust control environment.

RISCPoint guides organizations through the complex journey to FedRAMP authorization, offering strategic advice on choosing the right path, whether it's through Joint Authorization Board (JAB) or Agency Sponsorship. Learn about the importance of FedRAMP for Cloud Service Providers working with the federal government, the key steps to prepare for authorization, and the ongoing responsibilities of maintaining FedRAMP compliance with RISCPoint's expert advisory services.

RISCPoint delves into the importance of the SOC for Supply Chain standard, introduced by the AICPA to address increasing supply chain risks. This report provides a strategic advantage by offering transparency and assurance about the security of controls and processes in place, ultimately protecting business relationships from cyber threats and ensuring the integrity of the supply chain.

RISCPoint highlights the challenges of relying on turnkey compliance solutions for achieving SOC 2 and other certifications. These platforms may offer quick fixes but often lack customization, scalability, and long-term value. RISCPoint advises organizations to take a strategic approach to cybersecurity and compliance, considering both short and long-term goals, and selecting partners that can provide tailored solutions and support throughout the compliance journey.

RISCPoint emphasizes the importance of a well-defined cybersecurity and compliance function to balance operational costs and potential risks. Ineffective controls can lead to data loss, operational failures, reputational damage, and financial penalties. The article advises on identifying and remedying common characteristics of ineffective IT compliance functions, including lack of executive support, skill gaps, inadequate policies, and recurring audit findings. RISCPoint suggests a thorough examination by experienced professionals to address these issues and improve security posture.

RISCPoint presents a comprehensive SOC 2 compliance checklist to help organizations navigate the complexities of meeting SOC 2 requirements. Key steps include determining applicable Trust Services Criteria, deciding on the type of report needed (Type 1 or Type 2), planning and budgeting for the audit, and avoiding common pitfalls like relying on template policies or inexperienced audit facilitation. RISCPoint emphasizes the importance of conducting internal assessments, hiring industry experts, and optimizing processes for a successful SOC 2 assessment.