Search

Draft Code of Practice on AI Content Marking Published

The European Commission has published a second draft Code of Practice on AI content marking, intended to help providers and deployers meet AI Act requirements. This revised draft aims to streamline processes, reduce compliance burdens, and incorporate feedback from various stakeholders.

ENISA Cybersecurity Exercise Methodology Guidance

ENISA has released a new cybersecurity exercise methodology to guide organizations in planning and executing effective cybersecurity exercises. The methodology provides a framework for simulating cyber crises, training response capabilities, and building resilience against cyber threats.

ENISA Report: Cybersecurity Investments and NIS2 Challenges

ENISA's 6th NIS Investments report reveals a shift in cybersecurity spending from personnel to technology and services across 1080 EU organizations. The report highlights persistent talent shortages and challenges in implementing the NIS2 Directive, despite compliance being a key investment driver.

IEEE Medical Device Registry Enhances Healthcare Cybersecurity

The IEEE Standards Association has launched the IEEE Medical Device Registry, a public database of medical devices that have successfully completed cybersecurity certification under the IEEE 2621 framework. This initiative aims to enhance transparency and trust in healthcare by providing verifiable information on device cybersecurity performance.

Joint Advisory on SD-WAN Appliance Exploitation

The NSA, CISA, and international cybersecurity agencies have issued a joint advisory regarding the exploitation of Cisco SD-WAN appliances. Threat actors are exploiting a specific vulnerability (CVE-2026-20127) to gain root access and establish persistence. The advisory includes a threat hunt guide and mitigation recommendations.

NIST Cybersecurity Framework 2.0 Profiles and Resources

The National Institute of Standards and Technology (NIST) has released updated resources for its Cybersecurity Framework (CSF) 2.0, including organizational profile templates and community profiles. These resources aim to help organizations assess and improve their cybersecurity posture.

NIST Cybersecurity Framework 2.0 Implementation Resources

The National Institute of Standards and Technology (NIST) has released quick start guides and implementation resources for the Cybersecurity Framework (CSF) 2.0. These resources aim to help organizations of all sizes, including small businesses, understand and implement the updated framework.

NIST CSF 2.0 Cybersecurity Risk Management Guidance

The National Institute of Standards and Technology (NIST) has released version 2.0 of its Cybersecurity Framework (CSF). This updated guidance provides a comprehensive taxonomy for organizations of all sizes and sectors to manage cybersecurity risks, offering a flexible approach to assessing and communicating cybersecurity efforts.

HITRUST CSF v11.7.0 Release Notes

HITRUST has released version 11.7.0 of its Common Security Framework (CSF), effective December 18, 2025. This update includes new authoritative sources, consolidation of requirement statements, and modifications to the e1 and i1 assessment baselines.

HITRUST Assessment Handbook v1.2 Updates Released

HITRUST has released version 1.2 of its Assessment Handbook, introducing updates to procedures for evidence generation, testing expectations, reporting, and inheritance eligibility. These changes will be enforced for assessments submitted on or after April 15, 2026.