We’ve been hard at work innovating and improving our platform to fast-track your compliance goals and strengthen your privacy and security posture. Carbide Product Updates are a result of customer feedback and extensive research and development.
In Carbide’s October Product Updates, you’ll find:
- Continuous Cloud Monitoring
- Carbide Academy: Security & Privacy Best Practices and Resources
- Three New Frameworks Added: PCI v4.0, NIST 800-53 & CMMC 2.0
It’s Here! Continuous Cloud Monitoring for AWS
These days, spinning up an AWS environment is as simple as clicking a button. But making sure that environment is secure, compliant, and well architected? That’s a totally different ball game.
Our newly launched cloud monitoring capabilities are designed to dramatically improve your cloud security posture while also saving you time and money. With Carbide Cloud Monitoring, you can:
- Collect evidence you need to meet your compliance requirements (of course)
- Find remediation templates that make it easy to address gaps or implement best practice recommendations offered by the tool
- See at a glance your compliance status against 14 compliance standards and frameworks
- Automate AWS Well-Architected reviews for your environment and identify opportunities to improve performance or reduce costs
- Track security progress over time and against more than 400 security and privacy best practices
There’s nothing more foundational than your application and the environment it sits in. That’s why our cloud monitoring module focuses not just on proving your security, but on helping you achieve and maintain it so that you can embed security into the DNA of your business.
Carbide Academy: Security & Privacy Best Practices and Resources
Our team has been in your shoes before. We know the frustrations of building a solid security/privacy program and proving your posture, made even more difficult without an education in the basics. We’ve got you covered.
Learn, apply and grow with Carbide Academy – unrestricted access to educational videos on security and privacy concepts and best practices, with downloadable presentations, templates and guides.
Today, this includes a library of videos organized around Carbide’s 16 Organizational Controls and a template library for common compliance requirements – like Annual Performance Reviews, Employee Onboarding/Offboarding Checklists, and Organizational Charts. Guided by Carbide’s team of subject matter experts, you’ll get to know the building blocks of a strong security and privacy program, including concepts like Corporate Governance, Third-Party Risk Management, and Encryption.
We’ll be adding new content with future product updates so make sure to check back in!
Three New Frameworks Added: PCI v4.0, NIST 800-53 & CMMC 2.0
We’ve added three new frameworks to the Carbide Platform this month:
- PCI DSS v4.0
- NIST 800-53
- CMMC 2.0
Here’s a breakdown of what these frameworks are and how this update will impact your business:
NIST 800-53:
The National Institute of Standards and Technology (NIST) designed NIST SP 800-53 to lay out the security and privacy controls that federal organizations, DoD contractors, or organizations in their supply chain must comply with.Â
NIST 800-53’s 1000+ controls are housed under the 3 main control levels (Low-Impact, Moderate-Impact, and High-Impact) and the 18 control families. The main difference between NIST 800-171 and NIST 800-53 is that NIST 800-53 applies to federal organizations while NIST 800-171 applies to non-federal organizations.
By achieving NIST 800-53 compliance, you open your business up to a plentiful market of long-term, high-value contracts.Â
Access the official NIST documentation on NIST 800-53 here.
PCI DSS v4.0:
The PCI Security Standards Council issued PCI DSS v4.0 as an update to PCI DSS v3.2.1 on March 31 of this year. While PCI DSS version v3.2.1 is still in effect (and will be for the next two years), the PCI DSS requirements have been updated as a response to the modern threat landscape.Â
The goals of the update are to:
- Ensure the standard continues to meet the security needs of the payments industry
- Add flexibility and support of additional methodologies to achieve security
- Promote security as a continuous process
- Enhance validation methods and procedures*
Until March 31 2025, you are not required to meet v4.0 requirements. However, at Carbide we’re committed to preparing you not just for multi-compliance, but for good security, including requirements that will eventually come into scope for your business. Carbide now has simultaneous support for PCI DSS V3.2.1 and V4.0. By aligning your program with PCI DSS v.40 now, you are not only prepared for tomorrow’s auditors but for the evolving landscape of security threats.Â
Learn more about what’s new in PCI DSS v4.0 here.
CMMC 2.0:
The CMMC 2.0 model is a framework designed to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) that is shared with contractors and subcontractors of the Department through acquisition programs. Simply put, if you want to win a contract with the United States Department of Defense, you need to be Cybersecurity Maturity Model Certification (CMMC) 2.0 certified.Â
Our support for CMMC 2.0 will guide you through all three levels of CMMC certification. Using Organizational Controls, identify the overlap in your existing compliance efforts and get CMMC certified in no time.
Read the official documentation from the US Department of Defense here.
Let us show you how we’re changing the security and compliance game.
Security by design, compliance by default. Book a personalized demo of the Carbide Platform to see how we can fast-track your initiative and transform your program.