Compliance
This U.S. organization publishes cybersecurity frameworks and standards that guide federal agencies and private sector companies in managing risk.
What is NIST (National Institute of Standards and Technology)?
This access control model assigns permissions to users based on their job functions, streamlining access management and enforcing least privilege.
What is Role-Based Access Control (RBAC)?
This Microsoft solution helps organizations discover, classify, and protect sensitive data across their digital estate, supporting compliance, data security, and data governance efforts.
What is Microsoft Purview?
This document outlines the responsibilities, expectations, and security requirements between an organization and its third-party vendor.
What is a Service Level Agreement (SLA)?
This type of flaw in AI systems can lead to unfair or discriminatory outcomes, often stemming from skewed training data or flawed assumptions.
What is Bias?
This cryptographic standard ensures that encryption modules used by federal agencies meet rigorous security requirements.
What is FIPS 140?
This Industry standard protocol allows users to authenticate once and access multiple systems, often used in Single Sign-On (SSO) implementations.
What is SAML (Security Assertion Markup Language)?
This platform, purchased by DAS, helps organizations prepare for and respond to crises, including cybersecurity incidents, by streamlining communication and emergency planning (BCP/DR)?
What is Preparis?
This type of assessment evaluates a vendor’s cybersecurity posture before onboarding, often using questionnaires or audits.
What is a vendor risk assessment?
This concept involves integrating human oversight into AI decision-making processes to ensure accuracy, accountability, and ethical compliance
What is Human in the Loop?
These hardware-based authentication devices support multi-factor authentication and can help organizations meet compliance requirements for secure access.
What are YubiKeys?
This JFS IAM tool helps organizations manage access reviews and certifications, ensuring users have appropriate access to systems and data.
What is Saviynt?
This Qualys tool provides visibility into internet-facing assets, helping security teams identify and manage exposed systems before attackers do.
What is Qualys Attack Surface Management (ASM)?
This cybersecurity ratings platform, purchased by DAS, provides continuous, data-driven insights into a vendor’s external security posture using publicly available data.
What is Bitsight?
This term refers to the safeguards and policies built into AI systems to prevent misuse, ensure ethical behavior, and maintain security boundaries
What are AI guardrails?
This assessment evaluates how personal information is collected, stored, and protected in a system, helping organizations comply with privacy regulations.
What is a Privacy Impact Assessment (PIA)?
This principle limits user access rights to the minimum necessary to perform their job functions, reducing the risk of insider threats.
What is the principle of least privilege?
This type of security operation focuses on monitoring user and entity (Device) behavior and data access patterns to detect insider threats and prevent data exfiltration.
What is user and entity behavior analytics (UEBA)?
This privacy and risk management GRC platform, purchased by DAS, helps organizations automate third-party risk workflows, manage vendor inventories, and ensure compliance with global regulations.
What is OneTrust?
This practice ensures that AI systems used in cybersecurity are transparent, explainable, and aligned with organizational and societal values.
What is AI governance?
This formal document outlines the security controls in place for an information system, detailing how they meet compliance requirements and mitigate risk.
What is a System Security Plan (SSP)?
This open standard, used by many cloud providers, automates the exchange of user identity information between identity providers and service providers, streamlining provisioning and deprovisioning.
What is SCIM (System for Cross-domain Identity Management)?
This data security platform, used by JFS, uses automation and deep file system analysis to detect abnormal access patterns, ransomware prevention, protect sensitive data, and enforce least privilege access.
What is Varonis?
This advanced vendor risk strategy combines external risk ratings, internal assessments, and real-time threat intelligence to create a dynamic, multi-layered risk profile.
What is a hybrid (vendor risk) scoring model?
This term describes when an AI system generates false or misleading information that appears plausible, posing risks in threat analysis or automated decision-making.
What are AI hallucinations?