Compliance

Turning Compliance Into a Manageable Process

Compliance frameworks exist to reduce risk, protect sensitive data, and establish consistent security practices. Connekted helps organizations understand, align with, and maintain compliance requirements without unnecessary complexity.

CMMC icon

CMMC

HIPAA icon

HIPAA

NIST icon

NIST

GLBA icon

GLBA

PCI icon

PCI

CMMC

Cybersecurity Maturity Model Certification

CMMC

What CMMC Is

CMMC is a cybersecurity framework created by the U.S. Department of Defense (DoD) to ensure companies in the defense supply chain properly protect sensitive government data, including Controlled Unclassified Information (CUI).

Background & History

CMMC was introduced in 2020 after repeated cyber incidents showed that weak security at contractors and suppliers posed national security risks. It builds on NIST 800-171, adding maturity levels and assessment requirements to standardize cybersecurity expectations across all DoD contractors.

Why It Matters

Organizations that do not meet required CMMC levels may be ineligible to bid on or retain DoD contracts. Even subcontractors can fall under CMMC requirements.

Industries That Commonly Need CMMC

  • Manufacturing
  • Aerospace & defense suppliers
  • Engineering firms
  • Government contractors and subcontractors
  • Technology vendors supporting DoD work

HIPAA

Health Insurance Portability and Accountability Act

HIPAA

What HIPAA Is

HIPAA is a U.S. federal law that establishes standards for protecting protected health information (PHI), including electronic health records.

Background & History

HIPAA was enacted in 1996 to improve healthcare portability and efficiency. As healthcare digitized, HIPAA expanded to include the Security Rule, which defines administrative, physical, and technical safeguards for electronic patient data.

Why It Matters

HIPAA violations can result in significant fines, legal exposure, and reputational damage, but more importantly, they protect patient privacy and trust.

Industries That Commonly Need HIPAA

  • Medical practices
  • Home healthcare agencies
  • Behavioral health providers
  • Medical billing companies
  • Healthcare technology vendors

NIST CSF

NIST Cybersecurity Framework

NIST Cybersecurity Framework

What NIST Is

The NIST Cybersecurity Framework is a voluntary framework that helps organizations manage and reduce cybersecurity risk using a structured approach.

Background & History

Developed by the National Institute of Standards and Technology, NIST CSF was released in 2014 following a U.S. executive order to improve national cybersecurity resilience. It is organized around five core functions: Identify, Protect, Detect, Respond, Recover.

Why It Matters

NIST is widely respected, flexible, and often used as a baseline for cybersecurity programs—even when compliance is not legally mandated.

Industries That Commonly Use NIST

  • Professional services
  • Manufacturing
  • Financial services
  • Healthcare
  • Any organization seeking structured cybersecurity maturity

GLBA

Gramm-Leach-Bliley Act

GLBA

What GLBA Is

GLBA is a U.S. federal law that requires financial institutions to protect consumer financial information and clearly explain how that data is safeguarded.

Background & History

Passed in 1999, GLBA modernized financial regulations while introducing the Safeguards Rule, which mandates administrative, technical, and physical protections for customer data.

Why It Matters

GLBA focuses on preventing data breaches that expose sensitive financial information and maintaining consumer trust in financial institutions.

Industries That Commonly Need GLBA

  • Banks and credit unions
  • Mortgage lenders and brokers
  • Wealth management firms
  • Accounting and tax firms
  • Financial service providers

PCI-DSS

Payment Card Industry Data Security Standard

PCI-DSS

What PCI Is

PCI-DSS is a security standard designed to protect credit and debit card data during processing, storage, and transmission.

Background & History

Introduced in 2004 by major credit card brands (Visa, Mastercard, American Express, Discover), PCI was created to reduce credit card fraud and data breaches.

Why It Matters

Failure to comply can lead to fines, increased processing fees, or loss of the ability to accept card payments.

Industries That Commonly Need CMMC

  • Retail
  • Hospitality
  • Healthcare practices
  • Professional services
  • Any business that processes card payments