ControlMap now supports the NIST AI Risk Management Framework, enabling MSPs to support cybersecurity programs related to AI.

What is NIST AI RMF?

The NIST AI Risk Management Framework (AI RMF) is a security standard developed by the National Institute of Standards and Technology (NIST) to help manage the risk of generative Artificial Intelligence (AI). It was developed through a transparent, collaborative process and released in 2023. 

The framework is designed to help organizations involved in the design, development, use, or regulation of AI technologies, to better manage risks associated with AI as well as incorporate trustworthiness into AI products. 

NIST AI RMF is intended for voluntary use. It aims to align with and build upon AI risk management efforts already in place.

The benefits of NIST AI RMF

NIST AI RMF aims to help organizations manage risks associated with AI through a proactive and ethical approach. Organizations that implement this framework get the following benefits:

The framework offers detailed guidance on establishing robust governance practices for AI deployments. This helps organizations create clear policies and procedures that govern AI use, ensuring compliance with regulatory requirements and alignment with business objectives.

By adopting the NIST AI RMF, organizations can better identify, assess, manage, and monitor risks associated with AI technologies. This structured approach allows for more proactive risk management, reducing the potential for adverse impacts on the organization or any of its stakeholders.

NIST AI RMF helps organizations ensure their AI systems are reliable and trustworthy by providing a framework that emphasizes accountability, transparency, and the ethical use of AI. This can lead to increased user confidence and a stronger reputation for organizations deploying compliant AI solutions.

Ready to get started?

It’s time for your clients to ensure risks related to their work with AI is minimized. ControlMap Partners can now import the NIST AI RMF framework to their clients’ tenants, cross-map against current frameworks, and get started addressing any gaps. Login to ControlMap to get started on NIST AI RMF now.

For more information or to learn about jumpstarting your own vCISO services with NIST AI RMF, request a demo

ControlMap now supports the Digital Operational Resilience Act, enabling MSPs to implement cybersecurity programs for financial institutions operating within the European Union.

What is DORA?

The Digital Operational Resilience Act (DORA) is an EU regulation aimed at strengthening the cybersecurity and operational resilience of the financial sector within the European Union. It is critical for financial institutions as it mandates comprehensive management of IT risks, ensuring consistent and robust security practices across the sector to prevent and mitigate cyber incidents. 

Before DORA, financial institutions mainly managed risks with the allocation of capital, but they didn’t focus on all aspects of operational strength. After DORA, these institutions need to follow specific rules for protecting against, detection, containment, and recovery capabilities for IT-related incidents. DORA sets specific guidelines for IT risk management, incident reporting, information sharing, digital operational resilience testing, and third-party IT risk management. 

The benefits of DORA

DORA is a requirement for financial institutions to be in compliance with EU regulations. Compliance is required to protect financial institutions from regulatory penalties due to non-compliance. Organizations deemed non-compliant may face significant penalties that are imposed on a daily basis to encourage compliance. They may also be subject to a periodic penalty payment of 1% of their average daily global turnover in the preceding year. Outside of financial penalties, non-compliant organizations may be issued termination notices, cease-and-desist orders, and/or public notices.

However, the implementation of DORA also brings benefits that strengthen operations including:

Ready to get started?

Financial Institutions in the EU are required to be compliant with DORA. ControlMap Partners can now import the DORA framework to their clients’ tenants, cross-map against current frameworks, and get started addressing any gaps to avoid regulatory penalties. Sign to ControlMap to get started on DORA now.

For more information or to learn about jumpstarting your own vCISO services with DORA, request a demo

Maintaining security to defend against cybersecurity threats is a never-ending process. MSPs have to continually monitor networks, assets, and more for vulnerabilities and close any gaps they find. 

Now, there’s an easier way to monitor clients for vulnerabilities. ScalePad has integrated ControlMap with ThreatMate to automate vulnerability & compliance checks required to achieve and maintain compliance.

What can MSPs do with ThreatMate?

ThreatMate is an advanced attack surface management tool designed to monitor and secure networks from various cybersecurity threats. This comprehensive platform scans both external and internal network environments, including behind the firewall, and extends its monitoring capabilities to cloud services like Microsoft O365 and Google Workspace. By leveraging artificial intelligence  and machine learning, ThreatMate identifies security exposures and creates targeted mission plans for vulnerability remediation, ensuring a secure cyber environment across all connected devices and endpoints.

MSPs that use ThreatMate achieve the following benefits:

Why integrate ControlMap with ThreatMate?

Integrating ControlMap and ThreatMate allows for automatic collection of scan results by company and mapping to frameworks. It can be configured to run a scan and update the results weekly for continuous checks and updates. 

Collection of evidence –  Once you’ve connected ThreatMate to ControlMap, the connection automatically starts collecting the following data from ThreatMate scans on a weekly cadence:

Mapping to frameworks – The collected evidence is then mapped to over 50 security and compliance frameworks, such as SOC 2, ISO 27001, HIPAA, FTC Safeguards, CIS Controls, CMMC, and other frameworks and security standards. Mapping the evidence automatically provides a detailed view of any gaps that need to be addressed. 

Ongoing automatic updates – The ControlMap-ThreatMate integration is not simply a one-time check. ControlMap can be configured to regularly sync with ThreatMate to provide up-to-date evidence & vulnerabilities. This will update the evidence based on the current settings, ensuring that your team is aware of any configuration changes, new risks or gaps so you can take remedial action to maintain compliance. 

Connecting ControlMap and ThreatMate reduces hours of manual data imports and regular reviews. It automatically retrieves, updates, and stores current evidence required for compliance frameworks so your team can focus on maintaining and improving security.

Ready to get started?

Combine the capabilities of ThreatMate with ControlMap now. Login to your ControlMap instance to get started. For more information or a discussion on how to elevate your compliance operations, request a demo.

ControlMap now supports the NYDFS Cybersecurity Regulation, enabling MSPs to tailor cybersecurity programs for clients operating under the New York State Department of Financial Services jurisdiction.

What is the NYDFS Cybersecurity Regulation?

The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation, known as 23 NYCRR 500, is a cybersecurity framework for financial institutions operating under NYDFS jurisdiction. 

Established in March 2017, NYDFS mandates stringent security standards, requiring financial institutions to maintain secure data systems and reduce vulnerabilities. It covers organizations such as banks, insurance companies, credit unions, and their third-party service providers. To be compliant, institutions operating under NYDFS jurisdiction must ensure their cybersecurity practices align with the regulation’s standards.

The benefits of the NYDFS Cybersecurity Regulation?

While the NYDFS Cybersecurity Regulation is a requirement for financial institutions, it does provide further tangible benefits to these organizations. Implementing the framework leads to:

  1. Enhanced security – The regulation’s comprehensive policy requirements strengthen an institution’s cybersecurity posture, reducing the risk of breaches through rigorous protocols and controls.
  2. Improved Risk Management – Regular risk assessments enable proactive risk identification and mitigation
  3. Third-party Risk Reduction – By extending the requirements to third-party providers, the regulation ensures that supply chain risks are identified, managed, and mitigated effectively.

Implementing the NYDFS Cybersecurity Regulation helps financial institutions achieve stronger security and compliance, empowering them to manage risks while building trust with clients.

Ready to get started?

It’s time for your clients under NYDFS jurisdiction to have peace of mind that they are compliant with all regulations. Login to ControlMap to get started on NYDFS now. For more information or to learn about jumpstarting your own vCISO services with NYDFS, join a demo.

At ScalePad, we’re constantly striving to equip our MSP partner community with the tools they need to excel in managing cybersecurity compliance. Today, we’re excited to announce a significant upgrade to our MSP Dashboard, designed to streamline the way MSPs interact with data and assess their client’s compliance status. 

Why a new MSP Dashboard?

Our decision to revamp the MSP Dashboard stems from a deep understanding of the challenges faced by MSPs in maintaining compliance across multiple clients. Recognizing the opportunity to enhance the ControlMap MSP dashboard to address these roadblocks, we set out to create a solution that would enable MSPs to monitor client risks more efficiently. 

What’s New?

The enhanced MSP Dashboard is more than just a facelift; it represents a fundamental shift in how MSPs interact with compliance data. Here are the highlights:

What Does This Mean for MSPs?

The enhanced MSP Dashboard isn’t just about improved functionality; it’s about helping our partners to thrive in offering compliance as a service. By providing a centralized hub for monitoring compliance and managing risks and completing pre-assessments for prospecting, we’re arming partners with the tools needed to deliver exceptional service to clients and stay ahead of emerging threats.

Get Started Today!

Ready to experience the future of cybersecurity compliance management? The enhanced MSP Dashboard is now live and available for all MSP partners. Log in today to explore the new features and take your oversight capabilities to the next level.

Stay tuned for more updates and enhancements as we continue to innovate and support our partners in their mission to safeguard digital assets and protect against cyber threats.

Cybersecurity compliance is a moving target, and we’re committed to helping our Partners navigate the complex landscape with confidence. That’s why we’re so excited to share the latest updates to ControlMap, which our development team was hard at work on over March 2024, including an activity log feature, the release of major frameworks, and new integrations. 

New for March 2024

More details below.

Activity Logs

Many cybersecurity frameworks, including NIST CSF 2.0 and CMMC 2.0, require activities to be tracked throughout the compliance journey. Now, within ControlMap, admins can view “Activity Logs” —a list of actions taken within ControlMap. Tracked activities include actions that are:

The new Activity Log feature makes it easy to track and manage activity data as part of your compliance efforts.

HIPAA Privacy Rule

This framework provides federal standards to safeguard the privacy of personal health information and gives patients an array of rights concerning that information, including the right to examine and obtain a copy of their health records and to request corrections.

For our Partners who specialize in healthcare this new framework allows them to diversify their HIPAA compliance offering, as well as boost the security of sensitive data. 

The HIPAA Privacy Rule gives our healthcare-focused Partners one more advantage in delivering compliance services for their clients.

Breach Notification Rule

HIPAA’s Breach Notification Rule requires covered entities to notify patients when their unsecured protected health information (PHI) is impermissibly used or disclosed — or “breached,” — in a way that compromises the privacy and security of their PHI.

Adding the Breach Notification Rule to ControlMap helps our Partners who specialize in healthcare, allowing them to safeguard their clients’ PHI. 

Another win for our Partners who service clients in the healthcare space!

Thinking about offering compliance services? 

Join us on this cybersecurity compliance journey as we redefine the standard with MSPs at the forefront. Contact our sales team or book a demo to see how ControlMap guides the lift-off of vCISO services. 

Stay tuned for more updates as we continue to drive innovation and support our Partners on their MSP adventure. Check out the ScalePad Community here to track all of our exciting new features and announcements. 

Quiz time: What is the biggest security risk for organizations? You guessed it: employees. 

Now, there’s an easier way to assess employee risk and map it to your compliance program. ScalePad is excited to unveil the latest integration for ControlMap: Breach Secure Now. This integration brings new insights to MSPs and vCISOs looking to bolster their client’s security posture.

What can MSPs do with Breach Secure Now?

Breach Secure Now provides visibility to training status across clients, MSPs can bolster their client’s cyber resilience. Here are some of the key benefits of leveraging the platform for MSPs: 

Why integrate with Breach Secure Now?

With Breach Secure Now, MSPs can monitor security training within the ControlMap platform and map employee training data directly to compliance controls. This helps MSPs (and their clients) streamline the collection of evidence for audit prep, saving hours of work. 

How does this integration work?

This integration is tailored for partners of ControlMap who either currently utilize Breach Secure Now as their access security tool or are seeking to diversify their toolset with Breach Secure Now’s capabilities.

With this integration, ControlMap users gain the ability to seamlessly sync employee training data from Breach Secure Now directly into ControlMap. This includes:

ControlMap connects to Breach Secure Now through public APIs, facilitating smooth data synchronization between the two platforms. MSPs can leverage this integration by having an existing account with Breach Secure Now, enabling ControlMap to pull people and security training data directly into the compliance platform. 

Ready to get started?

Combine the capabilities of Breach Secure Now with ControlMap to demystify the relationship between security training and security compliance. Login to your ControlMap instance to get started. 

For more information or a discussion on how to elevate your compliance operations, request a demo

Fact: NIST CSF has been the second-most used framework within ControlMap (just behind CIS Controls). This framework has been a pioneer in security compliance and is frequently the topic of conversation with our partners. 

With the introduction of NIST CSF 2.0, MSPs can ensure their clients have a cyber risk mitigation that works for them – regardless of their industry or size. 

What is NIST CSF 2.0?

The NIST Cybersecurity Framework (CSF) is a security standard developed by the National Institute of Standards and Technology (NIST) to help organizations manage and improve their cybersecurity posture. It provides a common language to assess and manage an organization’s cybersecurity risk. Over the past decade, NIST CSF has been a widely used framework by MSPs and their clients. 

Now, NIST CSF has even more to offer. As the first major update to the framework since 2014, NIST CSF 2.0 takes cybersecurity compliance up a notch. The most notable updates include:

Historically, NIST CSF was an essential framework for critical infrastructure sectors, such as healthcare or financial services. Now, NIST CSF 2.0 caters to a wider range of businesses and has been adapted to support any sector. Revisions to the framework have made it applicable to organizations of any size as well, supporting compliance programs of any maturity level. 

With the addition of a new core function, NIST CSF 2.0 highlights the importance of governance in mitigating cyber risk. Moreover, some outcomes previously listed under the Identify function are now under Govern. Ultimately, this update demonstrates the importance of governance, helping to pair compliance to risk with the highest level of standards. 

The Benefits of NIST CSF 2.0

Many of the benefits of NIST CSF apply to NIST CSF 2.0. Here are some of the advantages of implementing NIST CSF 2.0. 

Ready to get started?

It’s time for your clients to have peace of mind. Login to ControlMap to get started on NIST CSF 2.0. 

For more information or to learn about jumpstarting your own vCISO services with NIST CSF 2.0, request a demo

Is your clients’ MFA status keeping you up at night? 

ScalePad is excited to announce a new addition to ControlMap’s array of integrations: Duo Security, now part of Cisco. This integration marks a significant step forward in bolstering access security capabilities within ControlMap, offering our users seamless access to one of the most trusted identity management systems out there. 

What can MSPs do with Duo Security?

The Duo Managed Service Provider (MSP) Program empowers users to streamline the security of clients’ environments. According to Duo Security, here are some of the key benefits of leveraging the platform for MSPs: 

How does it work with ControlMap?

This integration is tailored for partners of ControlMap who either currently utilize Duo Security as their access security tool or are seeking to diversify their toolset with Duo’s capabilities.

With the Duo Security integration, ControlMap users gain the ability to seamlessly sync employee data from Duo directly into ControlMap. This includes essential security data such as MFA status, enabling MSPs to ensure adherence to standards and framework requirements. 

Additionally, users can:

How Does it Work?

ControlMap connects to Duo Security through public APIs, facilitating smooth data synchronization between the two platforms. Users can leverage this integration by having an existing account with Duo, enabling ControlMap to pull people and MFA data directly from Duo into its interface. Regular checks can be performed within ControlMap to assess MFA status, providing valuable insights into access security posture.

Ready to get started?

Time for some peace of mind. Login to ControlMap to get started. 

For more information or a discussion on how to elevate your compliance operations, request a demo

crossmenuchevron-down