Security Policy Updates for ComplianceShield

We have updated all of the information security policy templates and related procedures within the Common Policy Library as of August 1st. A short summary of the updates:

1. Addition of Generative AI – We believe this is the most comprehensive security policy on the acceptable use of Generative AI (Chat GPT, etc.)
2. Software Bill of Materials (SBOM) – This is the new frontier is validating software within the supply chain. Companies that purchase or produce software should be ready to this change. These controls are part of CPL-11-01 System Acquisition Security Policy and related software policies.
3. Updated Regulatory Mappings – All of the policy templates have been updated to include references to ISO 27002, NIST 800-53, NIST CSF 2.0, HIPAA, PCI-DSS 4.0 and CIS 8 Benchmarks.
4. New Penetration Testing Policy – Pen testing has increased in overall importance. We have moved the controls from “System Configuration Management Policy” to its own policy.
5. NYS-DFS – New policy statements to support “Management Attestation” and related NYS-DFS controls – which may become the future of cyber security accountability.
6. CIS – New Baseline Templates for CIS 8 Level 1 and Level 2.

Check out the updated security policy templates within ComplianceShield. Contact us to get a demo and free trial. The Common Policy Library is available as part of any ComplianceShield Subscription.