Compliance & Cybersecurity Related
Zero Trust — The Security Model That Assumes the Worst (and Is Right to)
Zero Trust — The Security Model That Assumes the Worst (and Is Right to) Zero Trust is a security framework built on one principle: never automatically trust anything or anyone, inside or outside your network — verify everything, every time. This ...
SEC/FINRA (Securities and Exchange Commission / Financial Industry Regulatory Authority) — The Regulators Behind Financial Services IT Compliance
SEC/FINRA (Securities and Exchange Commission / Financial Industry Regulatory Authority) If your firm is registered as a broker-dealer, investment advisor, or operates in the securities industry, SEC and FINRA are the two regulators that set the ...
SOX (Sarbanes-Oxley Act) — The Financial Fraud Law That Became an IT Problem
SOX (Sarbanes-Oxley Act) SOX is the federal law that requires publicly traded companies — and some private ones — to maintain strict internal controls over financial reporting, with specific IT requirements that go deeper than most people expect. ...
SOC 2 (System and Organization Controls 2) — The Security Audit That Opens Enterprise Doors
SOC 2 (System and Organization Controls 2) SOC 2 is the audit framework that proves to your clients, partners, and insurers that your organization handles data securely — and it's become table stakes for any company that stores, processes, or ...
GLBA (Gramm-Leach-Bliley Act) — The Financial Services Privacy Law You Agreed to Without Knowing It
GLBA (Gramm-Leach-Bliley Act) If your business provides financial products or services to consumers — loans, insurance, investment advice, tax prep, even mortgage brokering — GLBA is the federal privacy law that governs how you handle their personal ...
PCI-DSS (Payment Card Industry Data Security Standard) — The Rules Behind Every Card Swipe
PCI-DSS (Payment Card Industry Data Security Standard) If your business accepts, processes, stores, or transmits credit or debit card data, PCI-DSS is the security standard you're required to follow — and "we didn't know about it" isn't a defense the ...
HIPAA (Health Insurance Portability and Accountability Act) — The Privacy Law That Runs Healthcare IT
HIPAA (Health Insurance Portability and Accountability Act) If your business touches patient health information in any way, HIPAA is the law that governs how you handle, store, and share it — and the penalties for getting it wrong are steep. Filed ...
CMMC (Cybersecurity Maturity Model Certification) — The DoD's Cybersecurity Driver's License
CMMC is the Department of Defense's way of saying "prove your cybersecurity is real before we let you near our data" — and as of November 10, 2025, it's no longer optional. Filed under the NerdSquad IT Dictionary: the series where we decode the ...
CISA (Cybersecurity and Infrastructure Security Agency) — The Federal Cyber Cavalry, Now With a Smaller Crew
CISA (Cybersecurity and Infrastructure Security Agency) — The Federal Cyber Cavalry, Now With a Smaller Crew It's the federal agency that helps defend U.S. critical infrastructure from cyberattacks — and it's doing that job with about a third less ...
NIST (National Institute of Standards and Technology) — The Government Agency Behind Half the Cybersecurity Rules You've Heard Of
It's a U.S. government agency that writes the cybersecurity playbooks half the country quietly runs on — even the businesses that have never heard of it. Filed under the NerdSquad IT Dictionary: the series where we decode the alphabet soup of IT. ...