Do you have policy and procedure governing electronic communications, including chat channels/mechanisms such as We Chat or WhatsApp and Text messages given DOJ guidance to include third party messaging apps as an area to regulate? Are employees forbidden from using unapproved electronic communications channels or are you providing corporate accounts? Do you offer training? Do you monitor communications and audit compliance? Do employees acknowledge compliance with approved communication channels? What is retention period on communications?

Data Privacy & Protection Regulatory Compliance

5.4k views

Content you might like

When securing your mobile application(s), which of the following is your #1 priority to protect?

Your core data44%

Your cryptographic keys45%

Your proprietary code9%

Other (please comment below)

View Results

Which pitfalls—model bias, false positives/negatives, data quality, regulatory constraints—often impede AI-based security tools, and how can they be mitigated in a financial-services context?

Read More Comments

Seeking insights for research universities regarding CMMC 2.0 adoption and compliance. I'm listing our full question set below, but we would welcome insights on any or all of these:

1. What is the anticipated timeline for CMMC 2.0 adoption by the Federal Government? Any insights on the expected rollout and implementation schedule?

2. From a Higher Ed CIO perspective, what are the key operational differences between each "level" in CMMC 2.0? Are there any specific challenges or considerations especially for research universities?

3. For a research university, which CMMC level would be the most suitable target? Are there any key dates or deadlines that Higher Eds and researchers should be aware of in their compliance journey?

4. What are the most crucial features or elements of CMMC that universities need to achieve compliance? Any recommendations or best practices?

5. Specifically, are there any requirements in CMMC for 7/24/365 "eyes on glass" network and/or endpoint monitoring? If there is an endpoint requirement, does it extend to all servers and laptops issued by the university, or is it limited to hosts involved in research grants? What is expected to demonstrate compliance in this regard?

6. Apart from CMMC compliance, are there other considerations or or strategies to consider when seeking to qualify for/reduce cyber risk insurance costs?

Which of the following category of endpoints represents the weakest security in your organization?

Laptops21%

Mobile devices45%

IoT12%

Network infrastructure13%

Servers2%

Cloud infrastructure3%

Other (please comment below)1%

View Results

If anyone has successfully used Bring Your Own Key (BYOK) in the cloud: Which Hardware Security Module (HSM) or key management method did you use, and with which cloud service provider(s) (CSP)? Any advice to an organization considering this option?